| gpshtb.com/go/708?source=980 | 173.214.244.181 | | 0 B |
URL gpshtb.com/go/708?source=980 IP173.214.244.181:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go/708?source=980 HTTP/1.1
Host: gpshtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bstnwsgwrld3.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:38 GMT
content-type: text/html; charset=UTF-8
location: https://ykrvt.bestssp.top/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sub_id=980
X-Firefox-Spdy: h2
|
|
| ykrvt.check-tl-ver-94-2.com/adult-video/assets/video.gif | 172.67.189.129 | | 500 kB |
URL ykrvt.check-tl-ver-94-2.com/adult-video/assets/video.gif IP172.67.189.129:0
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /adult-video/assets/video.gif HTTP/1.1
Host: ykrvt.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-7a172"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tfqtvC8g1Nue7yVbas2YkOz1svGnTwaIJBM0z%2FlzX0ppvi0fvPLGWrFoA5KhlZvrvNfGCBozeh8YeT6hpTKggPDL924gIc9T%2FMPA2EWw9BLSfM%2BQj32qtNekJEVBV3JfpZF6zsoDa%2FlGSaK%2FDBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e2eba656a9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ykrvt.check-tl-ver-94-2.com/favicon.ico | 172.67.189.129 | | 0 B |
URL ykrvt.check-tl-ver-94-2.com/favicon.ico IP172.67.189.129:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ykrvt.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 09:38:39 GMT
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4dQXwDJDtDykF5aETZ6sSLAoYjVFI0wBsRC4RWQt6Bh0dEun25N5MXPwoHKaJDMny7Ff8ljJq9d%2F93NsJZhaAGO0NTwtewi%2BVnZ64ITI8LKJ8hzy%2BhN01qfehpwBjItcbBtJZ1jsVOjjRSdjbO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e40cdd56a9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js | 142.250.74.131 | | 9.3 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.131:0
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:11:07 GMT
expires: Sat, 26 Apr 2025 06:11:07 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12452
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.131 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.131:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:54:14 GMT
expires: Sat, 26 Apr 2025 05:54:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 13465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ia.check-tl-ver-94-2.com/adult-video/assets/video.gif | 172.67.189.129 | | 500 kB |
URL ia.check-tl-ver-94-2.com/adult-video/assets/video.gif IP172.67.189.129:0
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /adult-video/assets/video.gif HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-7a172"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CXST4qgZklyVg7TK1YMN7xDheWVkRbp%2FLEl86WF8Vz7hl5%2B3cC9ebN86QYfHJk7KN1h8QB8KNdj5%2BRXvs5dO5e1MlW8VY3ZD5quDRLNL4UN9wKa%2FTV7eMAuxQtcruQLtRE2oP8LGfCZLFLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e63f8756a9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ia.check-tl-ver-94-2.com/adult-video/assets/spinning-circles2.svg | 172.67.189.129 | | 9.6 kB |
URL ia.check-tl-ver-94-2.com/adult-video/assets/spinning-circles2.svg IP172.67.189.129:0
File typeSVG Scalable Vector Graphics image Hash14e6f9981fa27406176056df2451d27b aa1b6fd6071391d0031bff2d74ae77347ec2fdb4 466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /adult-video/assets/spinning-circles2.svg HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1f7"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o4cNSc9x0XStlGQ3%2FZL%2BGYZ734VAUzeNgmuPhOWaYFL%2BZOwmQ3J%2BtDTiD2q6a1K7z8zVxDjEWSHApEuVqaKWBbtPPzgqCLaWM7orl6L%2BZc47XxSmMtPz5TSRw5RQcZLdR9YDxM0xtgpxJGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e63f8456a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ia.check-tl-ver-94-2.com/favicon.ico | 172.67.189.129 | | 0 B |
URL ia.check-tl-ver-94-2.com/favicon.ico IP172.67.189.129:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 09:38:39 GMT
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NR4FMacWZU%2BGH%2B7WeWLcS%2BpQnaq989Gsa%2F4zH4AxlmbDWY1FqXB66jCOiBKwHFuiWpHJISRB5PPjyJnlwGEjgQcDpxK2peNb%2FrvE0dhEcZANtIpm7z81QSRg%2FGwJpZ4LzxeME4bOunTZleI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e728db56a9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.131 | | 9.9 kB |
URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.131:0
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:54:14 GMT
expires: Sat, 26 Apr 2025 05:54:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 13465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ykrvt.check-tl-ver-94-2.com/adult-video/assets/spinning-circles2.svg | 172.67.189.129 | | 827 B |
URL ykrvt.check-tl-ver-94-2.com/adult-video/assets/spinning-circles2.svg IP172.67.189.129:0
File typeSVG Scalable Vector Graphics image Hash14e6f9981fa27406176056df2451d27b aa1b6fd6071391d0031bff2d74ae77347ec2fdb4 466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
GET /adult-video/assets/spinning-circles2.svg HTTP/1.1
Host: ykrvt.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1f7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hv9XRH0NR1FOM2PjAUiCVK6JjKn3MSuQZCLHjlld%2Baraz0FY8lJKzDMuHeiD7Mv9UnW2Z2BTm%2FajJxdgK1B4gguMvOxY6EedQH7l3mPCkufHSndlcAuAnCzrjM4e4EPdSS7a8T4ZEiZJ8fwF1RQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e2eba556a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| news-nadete.com/tds?id=1218770951&p1=tk_206076 | 193.108.117.211 | | 0 B |
URL news-nadete.com/tds?id=1218770951&p1=tk_206076 IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218770951&p1=tk_206076 HTTP/1.1
Host: news-nadete.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-length: 0
location: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL de66e23c60.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL de66e23c60.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL de66e23c60.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL de66e23c60.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/lands/36/favicon.png | 193.108.117.211 | | 1.2 kB |
URL de66e23c60.news-xapeva.cc/lands/36/favicon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashe7ffe9c659d8c729e12e20dfe05509be 2c413e09ebd14dd3020209fe9c9183e0335fc250 880c000a3ca23bb89262d9c2ccf9d48bab37dcec09f3b3bf55c8385f58745f50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/favicon.png HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: image/png
content-length: 1233
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:40 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dud; expires=Mon, 27 May 2024 09:38:40 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:20 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://de66e23c60.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-length: 0
location: https://69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 69a4143a88.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 69a4143a88.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 69a4143a88.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ia.check-tl-ver-94-2.com/shared-js/assets/static-pl.js?v=2 | 172.67.189.129 | | 2.5 kB |
URL ia.check-tl-ver-94-2.com/shared-js/assets/static-pl.js?v=2 IP172.67.189.129:0
File typeJavaScript source, ASCII text, with CRLF line terminators Hash7224243dd0b18bb2508a1d77d4b2a0b2 bd833c24aa241861316053fd8bd46a1bef3d343f 920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659
GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4588
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuZlDs3bdRbKrW5w4%2BKXsGoIlK1EwIjaIuSjbZKXiJUd8rGTTK6eQZPxpqluHA8CkRoUvF1a5K0%2FVOzdp5jGGRjiwGtoQ%2Fy0MTR17RdwmQceB%2BLW07nLR5lDJ3vQPADMDTzcFjaKBpqObRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e63f8a56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 69a4143a88.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 69a4143a88.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hashcf15bb022d27c42eb5fbba975fa4a54c e6d7d9c70329b59c5ee98a665d029d3647d97a34 0808732bdc82f88781ee65322326a6a80c66e0ec22f330758899da6f4a40f65e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 69a4143a88.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://69a4143a88.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-length: 0
location: https://2b76836436.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 2b76836436.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 2b76836436.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 2b76836436.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2b76836436.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ia.check-tl-ver-94-2.com/adult-video/assets/style.css | 172.67.189.129 | | 1.5 kB |
URL ia.check-tl-ver-94-2.com/adult-video/assets/style.css IP172.67.189.129:0
File typeASCII text, with CRLF line terminators Hash4282caba1d544b2d6164f7a67fb9306c 1a043cc45756075f239d7ccd13999b7d16ac665d dbe57e2d6acc8c6850ad81fbfb538593e4faa98d011e2867abcdfa094dbbaf86
GET /adult-video/assets/style.css HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1eb1"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXjuOPRf3m8IxgW02SnwT8pXoQdaGxFtlStXBCTDT2kyc5m6uuLF03Wa%2BkrqZFtEcI9fcCce1wLjKGkfXtnj%2Fa4ln3X6lCVILiSYIfN0kHe6ay%2B0rdu5bRJnvCMBfcUMN6HfbCBP1U2hURs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e63f8156a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2b76836436.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-length: 0
location: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 660554a291.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 660554a291.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 660554a291.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL 660554a291.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 660554a291.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 500 kB |
URL 660554a291.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/
Cookie: _subid=376l60j10h7dup; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:41 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7duu; expires=Mon, 27 May 2024 09:38:41 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:22 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://660554a291.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-length: 0
location: https://9e54d03fff.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 660554a291.news-xapeva.cc/lands/53/images/spinning-circles2.svg | 193.108.117.211 | | 7.8 kB |
URL 660554a291.news-xapeva.cc/lands/53/images/spinning-circles2.svg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeSVG Scalable Vector Graphics image Hash33aa5e0fed6a8367bd70922c193243a1 0dc0a880a7a856963e11f699c99ae8da88173f92 a7bad920c16aa283c123f1f619148a68b57d538f6fec956560d8ddd959dee145
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: image/svg+xml
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-1f7"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9e54d03fff.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL 9e54d03fff.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: 9e54d03fff.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9e54d03fff.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 69a4143a88.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 598 kB |
URL 69a4143a88.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size598 kB (598386 bytes) Hash21b73873343f362092804dee6f9e5cc8 8ea193852c74e9255780592e721924fdbbb6fea0 96419d3432c201b01489170b7266c71cae955b203e555cfef668da581b81ab5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: 69a4143a88.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9e54d03fff.news-xapeva.cc/
Cookie: _subid=376l60j10h7duu; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:41 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dv0; expires=Mon, 27 May 2024 09:38:41 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:22 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9e54d03fff.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-length: 0
location: https://05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 05936e63fc.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 05936e63fc.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 05936e63fc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 05936e63fc.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL 05936e63fc.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: 05936e63fc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 05936e63fc.news-xapeva.cc/lands/57/js/device.js | 193.108.117.211 | | 1.1 kB |
URL 05936e63fc.news-xapeva.cc/lands/57/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/js/device.js HTTP/1.1
Host: 05936e63fc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9e54d03fff.news-xapeva.cc/lands/53/images/spinning-circles2.svg | 193.108.117.211 | | 337 B |
URL 9e54d03fff.news-xapeva.cc/lands/53/images/spinning-circles2.svg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeSVG Scalable Vector Graphics image Hash14e6f9981fa27406176056df2451d27b aa1b6fd6071391d0031bff2d74ae77347ec2fdb4 466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 9e54d03fff.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9e54d03fff.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: image/svg+xml
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-1f7"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 69a4143a88.news-xapeva.cc/lands/53/images/spinning-circles2.svg | 193.108.117.211 | | 21 kB |
URL 69a4143a88.news-xapeva.cc/lands/53/images/spinning-circles2.svg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeSVG Scalable Vector Graphics image Hasha0408a9b05605bbe27fa9c2a4044352e 0be2722bbf863ecc9cf0b5ee8e22a1aada67e14a 1366b8e68088043e8734297f3dd21f5c96fb110587bab681ae569e977878f066
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 69a4143a88.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: image/svg+xml
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-1f7"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 9cf8834b34.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/lands/36/lp.js | 193.108.117.211 | | 876 B |
URL de66e23c60.news-xapeva.cc/lands/36/lp.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash863d8de4d150772f2fe1d622567bb92b 16f5d16ac49a9c22723d3ca7f69104f4617df738 785ac02f459d4ba9b27c203612d4b078472f10a5b3575975097926dbb8966fd9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/lp.js HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-2d2"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-1.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-1.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8374be5c573da988b4d76c1051f8cbc7 c319af79d391edeac2268173798952dd71f0ecf2 41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-8.jpg | 193.108.117.211 | | 9.8 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-8.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash2e7eafc3878ee465f96bca0f9d1e1712 c4f353f12542db5d2df3be74dbae890e0430ac6e df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-10.jpg | 193.108.117.211 | | 9.7 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-10.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash00ad8eccd280144f038e883859beeabe e13583bbe25712e827b8b22b1353c883531f849f 21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-11.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-11.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8611f67b36ff57eaa1060e793b9e6ad4 49f273a5760e7375adb1efc58f0ed2c665da6ae8 de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-12.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-12.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3971b0cd6849aef8e63c281fe7e53c57 690281f0f9a05a32be18029632240693f7b26270 20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-14.jpg | 193.108.117.211 | | 9.5 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-14.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash4957499f251b620472eb5fe6fd126c22 a237ac15f4b16256f1c49a40ca07ca168dea540c de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL 9cf8834b34.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/
Cookie: _subid=376l60j10h7dv5; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:42 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dvb; expires=Mon, 27 May 2024 09:38:42 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:24 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9cf8834b34.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-length: 0
location: https://e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e52e6ef707.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL e52e6ef707.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: e52e6ef707.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e52e6ef707.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL e52e6ef707.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: e52e6ef707.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e52e6ef707.news-xapeva.cc/lands/57/js/device.js | 193.108.117.211 | | 1.1 kB |
URL e52e6ef707.news-xapeva.cc/lands/57/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/js/device.js HTTP/1.1
Host: e52e6ef707.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e52e6ef707.news-xapeva.cc/
Cookie: _subid=376l60j10h7dvb; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:42 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dve; expires=Mon, 27 May 2024 09:38:42 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:24 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e52e6ef707.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-length: 0
location: https://b039516351.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| b039516351.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL b039516351.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: b039516351.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b039516351.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b039516351.news-xapeva.cc/lands/48/preloader-43.5794040.gif | 193.108.117.211 | | 7.0 kB |
URL b039516351.news-xapeva.cc/lands/48/preloader-43.5794040.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 160 x 160 Hash5794040ee88def220320edd0ed2e2ac9 7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/48/preloader-43.5794040.gif HTTP/1.1
Host: b039516351.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b039516351.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: image/gif
content-length: 7010
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b62"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b039516351.news-xapeva.cc/
Cookie: _subid=376l60j10h7dve; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:42 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dvh; expires=Mon, 27 May 2024 09:38:42 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:24 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b039516351.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-length: 0
location: https://6312be3523.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 6312be3523.news-xapeva.cc/lands/20/style.css | 193.108.117.211 | | 868 B |
URL 6312be3523.news-xapeva.cc/lands/20/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (2230), with no line terminators Hashd4b3acb7a84d2265bf174f13f93ca4f1 d6595e14ed8549bc39a8977cbd8d5b5b6f5cf221 2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/20/style.css HTTP/1.1
Host: 6312be3523.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6312be3523.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: text/css
content-length: 868
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-364"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6312be3523.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 6312be3523.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 6312be3523.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6312be3523.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 784 B |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
Hash1ba1a21c8876dbaa3b3b1457aadec340 2373a127295c1cab8d143eb10fe1870d29f02150 47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6312be3523.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:43 GMT
date: Fri, 26 Apr 2024 09:38:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6312be3523.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-length: 0
location: https://d5950d1f2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| d5950d1f2a.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL d5950d1f2a.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: d5950d1f2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d5950d1f2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d5950d1f2a.news-xapeva.cc/lands/48/preloader-43.5794040.gif | 193.108.117.211 | | 7.0 kB |
URL d5950d1f2a.news-xapeva.cc/lands/48/preloader-43.5794040.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 160 x 160 Hash5794040ee88def220320edd0ed2e2ac9 7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/48/preloader-43.5794040.gif HTTP/1.1
Host: d5950d1f2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d5950d1f2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/gif
content-length: 7010
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b62"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d5950d1f2a.news-xapeva.cc/
Cookie: _subid=376l60j10h7dvk; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:43 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7dvo; expires=Mon, 27 May 2024 09:38:43 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:26 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| 9cf8834b34.news-xapeva.cc/lands/36/lp.js | 193.108.117.211 | | 415 B |
URL 9cf8834b34.news-xapeva.cc/lands/36/lp.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (685), with no line terminators Hash8061571ac71b47c9ef862658f7e3e81c c8109eda3ac59808f2e331aa52883ef72526833d 0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/lp.js HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-2d2"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL 9cf8834b34.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hash80809b2745a3980b31b88b079260e2ef 5e7a8752481ec30d57872befed2d0c24b30412b8 2cc56d282ff7357bd4e01052f65af90ce155e8cf91e8bc1b0f78d1dbef30c94e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://185f324f56.news-xapeva.cc/
Cookie: _subid=376l60j10h7dvo; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:43 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e00; expires=Mon, 27 May 2024 09:38:43 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:26 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://185f324f56.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-length: 0
location: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL b9c3741c08.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6312be3523.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL 6312be3523.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash8943ab853a0f67c1851f0a0bed6c1c32 e56d07f77880e4c79e9a11c2af561780adc9e0ae a73100da60a2030bb53b69f1fb6fe13fb56464d2da1aa738e686c85ea4771f20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 6312be3523.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6312be3523.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL b9c3741c08.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/
Cookie: _subid=376l60j10h7e00; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:43 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e04; expires=Mon, 27 May 2024 09:38:43 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:26 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b9c3741c08.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-length: 0
location: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 55713c8c20.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL 55713c8c20.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 185f324f56.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 58 kB |
URL 185f324f56.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash9dc19fcfdce7f478613da432a48dbc7f d2085edf5bb4a450d388c9344d2f858f2f5dbbae a5404fe6b7b6b3ed59aed6ee5b18438cbedb7f962ed5f49aab5dadb88d5ff820
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 185f324f56.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d5950d1f2a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult | 116.203.121.110 | | 19 kB |
URL show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult IP116.203.121.110:0 ASN#24940 Hetzner Online GmbH
File typegzip compressed data, max speed, from Unix Hashd26cab779b3b9bb2a4683377f9b041bb 12200d3de1445e696f9fd6a01eec00ab9f072e6c 19b8b6145273f4c175a84a78296ca61d029cc36beb145edc08f69e1a37012a2d
GET /api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b039516351.news-xapeva.cc/
Origin: https://b039516351.news-xapeva.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://b039516351.news-xapeva.cc
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL 55713c8c20.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL 55713c8c20.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b9c3741c08.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL b9c3741c08.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashde02fb4854325af7f06f19314bb23e28 d1be10eea441eff0df10d786d28b3a329f979e30 c078e2263339af8e40c3753e4f890d79dd0059272f151fc6d0682471316ed069
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: b9c3741c08.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b9c3741c08.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL 55713c8c20.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/
Cookie: _subid=376l60j10h7e04; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:44 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e08; expires=Mon, 27 May 2024 09:38:44 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:28 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://55713c8c20.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-length: 0
location: https://4c1a4b9f8b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 4c1a4b9f8b.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 4c1a4b9f8b.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 4c1a4b9f8b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4c1a4b9f8b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4c1a4b9f8b.news-xapeva.cc/
Cookie: _subid=376l60j10h7e08; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:44 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e0e; expires=Mon, 27 May 2024 09:38:44 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:28 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4c1a4b9f8b.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-length: 0
location: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 5492fa4835.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL 5492fa4835.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 5492fa4835.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 5492fa4835.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 185f324f56.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL 185f324f56.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashad4c2b2f19b5b122596c1b6790039187 fdd030978d403a71f2557e3dc40b38c7ec58e0ef c20ed6a5432095bea9b2a4f3b9aec2caf77baa69e11bea659bbc35d83124e88d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 185f324f56.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://185f324f56.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-8.jpg | 193.108.117.211 | | 9.8 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-8.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash2e7eafc3878ee465f96bca0f9d1e1712 c4f353f12542db5d2df3be74dbae890e0430ac6e df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-10.jpg | 193.108.117.211 | | 9.7 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-10.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash00ad8eccd280144f038e883859beeabe e13583bbe25712e827b8b22b1353c883531f849f 21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-11.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-11.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8611f67b36ff57eaa1060e793b9e6ad4 49f273a5760e7375adb1efc58f0ed2c665da6ae8 de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-12.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-12.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3971b0cd6849aef8e63c281fe7e53c57 690281f0f9a05a32be18029632240693f7b26270 20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-14.jpg | 193.108.117.211 | | 9.5 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-14.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash4957499f251b620472eb5fe6fd126c22 a237ac15f4b16256f1c49a40ca07ca168dea540c de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL 5492fa4835.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/
Cookie: _subid=376l60j10h7e0e; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:44 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e0j; expires=Mon, 27 May 2024 09:38:44 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:28 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5492fa4835.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-length: 0
location: https://e7ec18856f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e7ec18856f.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL e7ec18856f.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: e7ec18856f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7ec18856f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7ec18856f.news-xapeva.cc/lands/46/sketch.min.js | 193.108.117.211 | | 2.4 kB |
URL e7ec18856f.news-xapeva.cc/lands/46/sketch.min.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (4675), with no line terminators Hashed52afed30560dc3e13a88e35a300c18 8714792a53d24b5c641b9536a2d218d75b43b3f9 cad4eff11237dc84f803b46c8529ca9918e4429c38058a053ef5d492c707a711
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/46/sketch.min.js HTTP/1.1
Host: e7ec18856f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7ec18856f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 2379
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-94b"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 55713c8c20.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash79a16632090f09b53f3854321323c2e7 cb2923c17640ba252ce2821c28c0c5e42c006ccf 5e79537d7fd937b7e7dd35a4fd6b550ec0242bb126bf7d5d2533cdf6052fe538
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e7ec18856f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-length: 0
location: https://29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 29ec1d5efb.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 29ec1d5efb.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 29ec1d5efb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 29ec1d5efb.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL 29ec1d5efb.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: 29ec1d5efb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 29ec1d5efb.news-xapeva.cc/lands/57/js/device.js | 193.108.117.211 | | 1.1 kB |
URL 29ec1d5efb.news-xapeva.cc/lands/57/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/js/device.js HTTP/1.1
Host: 29ec1d5efb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 2.5 kB |
URL 5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (8854) Hash4aba833b56094aa5d7415b86567f7821 52e6f2b533822d0f09423f53cbcc6358b98bd8f4 8c268ebfd0239d7f7bfad17347b723caad1d0031b41fb51b8fa4cd2f31c88826
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4c1a4b9f8b.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29ec1d5efb.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-length: 0
location: https://dbde52e0d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| dbde52e0d2.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL dbde52e0d2.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: dbde52e0d2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbde52e0d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 1.6 kB |
URL 55713c8c20.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (2215) Hashfa165f8faee18e4d810efdd5d1ca1fe9 6ce0d2bc67ce6f2e6910aa7aa4726f99abbd6098 f41367079cd77cac590bfec7a3bf03e2bdce2ae12ec8ad1c6d89e969e7680a90
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 55713c8c20.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b9c3741c08.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbde52e0d2.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-length: 0
location: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 5732546dc0.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 5732546dc0.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 5732546dc0.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL 5732546dc0.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 5732546dc0.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 5732546dc0.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 5732546dc0.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdnstatic.check-tl-ver-94-2.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&click_id=&sub_id=980&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-94-2.com&timeout=30&tb=true&nrid=6dec9bc744f24d759bba5fce8344f142 | 172.67.189.129 | | 44 kB |
URL cdnstatic.check-tl-ver-94-2.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&click_id=&sub_id=980&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-94-2.com&timeout=30&tb=true&nrid=6dec9bc744f24d759bba5fce8344f142 IP172.67.189.129:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (33077), with no line terminators Hashec5bbe0637ec8014188bec2986ad02cd b6508d5993d415363885cf39ed1f6fb62d3c3bcb 68d4ae8d2a1108705c7c547c25b9ebc56c60e990f03e5c01ba495e9eb6f4bac2
GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&click_id=&sub_id=980&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-94-2.com&timeout=30&tb=true&nrid=6dec9bc744f24d759bba5fce8344f142 HTTP/1.1
Host: cdnstatic.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
set-cookie: __psu=7abe3768-e849-48d0-9190-12973f198777; expires=Sun, 26 Apr 2026 09:38:39 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnRjUeO%2FCt7dHWEP3EPDEzGhxWQ3mnTD9rj6x9l2GF5DO5zIrPl3ji7Q8Qsn%2FO87Oli4h%2BRDYeTsE0Et90GnRSpYDB901Ol%2BdKwXwYNWa06%2FxiLKsebnalufIYii7IENJji6QukhxtwTKC0HQ4t%2F%2FrpS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e3ac6c56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ykrvt.check-tl-ver-94-2.com/adult-video/assets/trls.js | 172.67.189.129 | | 12 kB |
URL ykrvt.check-tl-ver-94-2.com/adult-video/assets/trls.js IP172.67.189.129:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators Hash4bf00604db1b3695385cfd297af0ef46 6d6652fcbefb4a5ea4fba578a2532c7e1b16e2c6 7e023b60f8f33a43f89f344e37ea814c93e69e82bb4ddb90b5b0467d9d82ac05
GET /adult-video/assets/trls.js HTTP/1.1
Host: ykrvt.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1da4"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0WMFoIb%2BFSDiGPe6Gx4mbye0%2F7uKyIJ3ULtegQLisuV3eJ0RngvLmkUGZMphp%2BSxVluoUIuwy62nIl0HkvxIP9hSfeI9%2BkSx1nVkPFmTyjIHKSME1jvS%2FVUEGWYS8FK3eVPk6rxmuz5TdYe7oI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e2eba356a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 17 kB |
URL 660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash80349150e39979fc79f76e70184ffdac 8166b6851f24a72fa7a181b02d59ac4b0fb1e72b c87e7f46b8be5cab6141d0da6ade1d3d23b3d59e4ea61e1819fc938c6c6ffba0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2b76836436.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 12 kB |
URL 9cf8834b34.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashbe5a67ea4963f29c82d96c6f29f1a0d8 30f30177025f4418b16d1541d0b0f8d392ee7e4b e962fd6a9ffabda68fe6da472b4a085270bc93f1bd4bfed48c2248899f7ce259
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 9cf8834b34.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://05936e63fc.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/
Cookie: _subid=376l60j10h7e13; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:45 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e18; expires=Mon, 27 May 2024 09:38:45 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:30 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5732546dc0.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-length: 0
location: https://65e344bf2e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 65e344bf2e.news-xapeva.cc/lands/20/style.css | 193.108.117.211 | | 868 B |
URL 65e344bf2e.news-xapeva.cc/lands/20/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (2230), with no line terminators Hashd4b3acb7a84d2265bf174f13f93ca4f1 d6595e14ed8549bc39a8977cbd8d5b5b6f5cf221 2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/20/style.css HTTP/1.1
Host: 65e344bf2e.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://65e344bf2e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/css
content-length: 868
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-364"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 05936e63fc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (21362) Hashe4c5f66fe2855283349e55a862c79c81 f4f5c2507f0a371e2a9023f89e04669bf8d66a73 90949e0b9dcf1a317c1d810a2bf758e04c7d9547d56f89e64a6308ff054652ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 05936e63fc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9e54d03fff.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4c1a4b9f8b.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 4c1a4b9f8b.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash593292e664046bac5fb1fc5705350b86 93593ca3aa401429632b3e735b70ac594fd08800 fbd9d320bc8517a2fa71c82271f4923b959d7811e4b4c7820e283bf26fc54c50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 4c1a4b9f8b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4c1a4b9f8b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://65e344bf2e.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-length: 0
location: https://626d2ef936.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult | 116.203.121.110 | | 8.1 kB |
URL show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult IP116.203.121.110:0 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (19074), with no line terminators Hash19e6a524a7a7fdf3346daee7daa1983f 1f41503f98093a67833c30ef41090d68af74dd9a 7f7f187cd8a36bc9642f84ac02809b015b4f88b7c87bcc57c569da6143d150cd
GET /api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e7ec18856f.news-xapeva.cc/
Origin: https://e7ec18856f.news-xapeva.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://e7ec18856f.news-xapeva.cc
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 626d2ef936.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 626d2ef936.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash21513c8795eb99c2355c35570b4d140b a75d86fc1535bcfb58b8659900582f954ef351d9 e31c1febba0ca1c21ebfa01ffcb265ca7739c268777c92f8bc92488e044f9bf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 626d2ef936.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://626d2ef936.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://626d2ef936.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-length: 0
location: https://ed0a5583a3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 65e344bf2e.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL 65e344bf2e.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hashafaab94040f207dcb4f419a5fdc037e9 8a196735d5e65bf142853bd9a43ddeadcf33df59 5028c3e1e9e149047b91ad742fc8a3ae4fb369d72485ba642e5c7c5875b180ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 65e344bf2e.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://65e344bf2e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ed0a5583a3.news-xapeva.cc/
Cookie: _subid=376l60j10h7e1n; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:46 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e24; expires=Mon, 27 May 2024 09:38:46 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:32 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| 4c1a4b9f8b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 17 kB |
URL 4c1a4b9f8b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (26456) Hashe532eec03e10b811d6f2d042639914a7 57a2348d2b4b5e2e3c46c3a28345443122991835 3fdf0dc8be1e960c838612e3a6f06f3f762553fcb002d03a3a5688248ad9b4fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 4c1a4b9f8b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://55713c8c20.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 17 kB |
URL 5732546dc0.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashb5fc1e152cab1537977e2768b9b00cd9 808dea8050b3d6644bf297eb6232adf16febb9b3 f4f06a59c360f07229ea79f893186bc5925184e44b4954da901029324e8edaf2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 907248c9ab.news-xapeva.cc/lands/20/style.css | 193.108.117.211 | | 868 B |
URL 907248c9ab.news-xapeva.cc/lands/20/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (2230), with no line terminators Hashd4b3acb7a84d2265bf174f13f93ca4f1 d6595e14ed8549bc39a8977cbd8d5b5b6f5cf221 2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/20/style.css HTTP/1.1
Host: 907248c9ab.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://907248c9ab.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: text/css
content-length: 868
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-364"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 8.3 kB |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335) Hash017f1e569362721c372bd6d2d33d9440 5286b6433bf0adce8be3e7de7758fe280ca99825 8100e934435a8f2e9fb3f434eb3e5d3d7661b0ccec3514af30b59de0fd2457bd
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://65e344bf2e.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:45 GMT
date: Fri, 26 Apr 2024 09:38:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://907248c9ab.news-xapeva.cc/
Cookie: _subid=376l60j10h7e24; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:46 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e2e; expires=Mon, 27 May 2024 09:38:46 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:32 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://907248c9ab.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-length: 0
location: https://8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 8558efc928.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 8558efc928.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 8558efc928.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 8558efc928.news-xapeva.cc/lands/46/sketch.min.js | 193.108.117.211 | | 2.4 kB |
URL 8558efc928.news-xapeva.cc/lands/46/sketch.min.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (4675), with no line terminators Hashed52afed30560dc3e13a88e35a300c18 8714792a53d24b5c641b9536a2d218d75b43b3f9 cad4eff11237dc84f803b46c8529ca9918e4429c38058a053ef5d492c707a711
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/46/sketch.min.js HTTP/1.1
Host: 8558efc928.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 2379
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-94b"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8558efc928.news-xapeva.cc/
Cookie: _subid=376l60j10h7e2e; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:46 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e2k; expires=Mon, 27 May 2024 09:38:46 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:32 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 784 B |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
Hash1ba1a21c8876dbaa3b3b1457aadec340 2373a127295c1cab8d143eb10fe1870d29f02150 47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://907248c9ab.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:46 GMT
date: Fri, 26 Apr 2024 09:38:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL e52e6ef707.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (21362) Hashb617da9ec620375a802ad8fd34f027a3 23f45a392f53abd49ab4cceca546f5b439eea8e1 3a049132ab8d35c8d1822ff3a42b81bb377636d621a53da099b1585777e771cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e52e6ef707.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9cf8834b34.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:42 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c3118aba30.news-xapeva.cc/
Cookie: _subid=376l60j10h7e2k; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:47 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e2p; expires=Mon, 27 May 2024 09:38:47 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c3118aba30.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-length: 0
location: https://504565329c.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| cdnstatic.check-tl-ver-94-2.com/ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w | 172.67.189.129 | | 7.7 kB |
URL cdnstatic.check-tl-ver-94-2.com/ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w IP172.67.189.129:0
File typeASCII text, with CRLF line terminators Hashdc65a2fbfc4c76147b8b778b759c8d91 b8374137f0fe797e6a7e58c0c6ef14aa7a6b9855 7e85c285fd983223d07a014d1a96804ba1c8f65fb43238a4fad204350e896958
GET /ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w HTTP/1.1
Host: cdnstatic.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/
Cookie: __psu=7abe3768-e849-48d0-9190-12973f198777
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3nuNKnCZtyGJ3wHmoLTYALIaqHCGzh8eqMSlsRWB9yCYcaOazLAymqUzDYoXjKAvdEItn1eAwvb8zqmYVDGrnNNsLNXClUDmKDq%2B8cpgM1t8fSWsrdHwaBY%2F4zpD4mo1IrBsZcE56jv6E17iqLYFPAn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e738e556a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8558efc928.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 11 kB |
URL 8558efc928.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hash685b8952a5b497c85cc101fe63d54753 ef0e272c0be0fac2fa7944b4f5a92bb6982e1013 4454e8a69cfdc81ecea11f8d774bfe2f66513b31872445b3239b93ac7c6c177b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 8558efc928.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://504565329c.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-length: 0
location: https://76ca9974f2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| d5950d1f2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 15 kB |
URL d5950d1f2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (39176) Hashb5084af64da7fc98c228e6a428785806 11ee831d97f622e4afb21bcc8ff1b1556d6324f7 140817a9f12d7f6ef839e35f1557eb6aeece1dc1718cbabea16f3befb3127b40
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d5950d1f2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6312be3523.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:43 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| c3118aba30.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL c3118aba30.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hashfb3b785f43c31b53e2a8ff302e3a56a3 3b7ad35b000997630b683080052c146d81f567db bc014d1886ac38e649db451b389aa314da0d16c95fe21db0090f82060325b414
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: c3118aba30.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c3118aba30.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 76ca9974f2.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 21 kB |
URL 76ca9974f2.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash1285756ba90733873935d47fd6e6a4e8 b0c29addb567c620cbd38cba0539d91218b6a3ed 989cc317c46256ceeb6dffda0b656ef07a9df0b6ad2447b8b23c15b842028ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 76ca9974f2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://76ca9974f2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://76ca9974f2.news-xapeva.cc/
Cookie: _subid=376l60j10h7e2t; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:47 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e2u; expires=Mon, 27 May 2024 09:38:47 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 784 B |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
Hash1ba1a21c8876dbaa3b3b1457aadec340 2373a127295c1cab8d143eb10fe1870d29f02150 47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://76ca9974f2.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:47 GMT
date: Fri, 26 Apr 2024 09:38:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 761f905319.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 761f905319.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 761f905319.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://761f905319.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://761f905319.news-xapeva.cc/
Cookie: _subid=376l60j10h7e2u; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:47 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e30; expires=Mon, 27 May 2024 09:38:47 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| 761f905319.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 3.9 kB |
URL 761f905319.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (7710) Hash186d154d0b8038359a022cc206d32372 2e79c2c12415f277946cf6a8dd55b2c22bb69185 139eefbb464cdb851d6d2b189d8ad1b03547c6251b7bd0ea4c5c492ccf2b6a77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 761f905319.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://76ca9974f2.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 09068d0b2a.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL 09068d0b2a.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 660554a291.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL 660554a291.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash4be33155c9f532018909d6028784c5ee dd440cc5196998846b56661070015cb6683e46df 14b248cbcbfa389c0145338bc3910d2535fac7f5ff306706b41429710c21e690
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 660554a291.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://660554a291.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 9e54d03fff.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 7.4 kB |
URL 9e54d03fff.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14721) Hasheaba4335df69c40d543eda90af96bb38 30b58a3876c51b72a4476708a4e864b6d074e618 cde0b06b5d01fa9f67dfb0b4d00878c80a4580961bfa437aab7b56bb0060f82f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 9e54d03fff.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://660554a291.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult | 116.203.121.110 | | 654 B |
URL show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult IP116.203.121.110:0 ASN#24940 Hetzner Online GmbH
Hashd98514e1133314fa8036e67669ac43ea aa6ab8d94d5e86e65b070d605fff6fde7876eff5 fcbfd0a194af83075512699a67311de9f1dfca58b7a63c31800ba72538b67964
GET /api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://504565329c.news-xapeva.cc/
Origin: https://504565329c.news-xapeva.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://504565329c.news-xapeva.cc
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d0aba534dc.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL d0aba534dc.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: d0aba534dc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0aba534dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0aba534dc.news-xapeva.cc/
Cookie: _subid=376l60j10h7e35; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:48 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e3a; expires=Mon, 27 May 2024 09:38:48 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:36 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0aba534dc.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-length: 0
location: https://ef422e6eb4.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| ef422e6eb4.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL ef422e6eb4.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: ef422e6eb4.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ef422e6eb4.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ef422e6eb4.news-xapeva.cc/
Cookie: _subid=376l60j10h7e3a; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:48 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e3i; expires=Mon, 27 May 2024 09:38:48 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:36 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ef422e6eb4.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-length: 0
location: https://17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 17c4c6cf35.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 17c4c6cf35.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 17c4c6cf35.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 17c4c6cf35.news-xapeva.cc/lands/46/sketch.min.js | 193.108.117.211 | | 2.4 kB |
URL 17c4c6cf35.news-xapeva.cc/lands/46/sketch.min.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (4675), with no line terminators Hashed52afed30560dc3e13a88e35a300c18 8714792a53d24b5c641b9536a2d218d75b43b3f9 cad4eff11237dc84f803b46c8529ca9918e4429c38058a053ef5d492c707a711
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/46/sketch.min.js HTTP/1.1
Host: 17c4c6cf35.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 2379
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-94b"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 761f905319.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL 761f905319.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash001760fd3d16755f79556189e0dabc46 1521645c17d6d06c1c037e56865777723b277dc5 b3962eb70836b3682504e9d7994843e789ea2ac54f9c6bf88aca1260f40d018c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 761f905319.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://761f905319.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 907248c9ab.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 907248c9ab.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hashcc5ff6719035d23b9af53b0d214b38d1 31f0c35ff0ea52b9cc992189eb66045502da53ed 674c5979132953baa53d0af51289f1712b92d141a05f105a68c9526586e941d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 907248c9ab.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://907248c9ab.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 63fb1173a7.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-1.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-1.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8374be5c573da988b4d76c1051f8cbc7 c319af79d391edeac2268173798952dd71f0ecf2 41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-8.jpg | 193.108.117.211 | | 9.8 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-8.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash2e7eafc3878ee465f96bca0f9d1e1712 c4f353f12542db5d2df3be74dbae890e0430ac6e df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-10.jpg | 193.108.117.211 | | 9.7 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-10.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash00ad8eccd280144f038e883859beeabe e13583bbe25712e827b8b22b1353c883531f849f 21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-11.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-11.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8611f67b36ff57eaa1060e793b9e6ad4 49f273a5760e7375adb1efc58f0ed2c665da6ae8 de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-12.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-12.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3971b0cd6849aef8e63c281fe7e53c57 690281f0f9a05a32be18029632240693f7b26270 20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-14.jpg | 193.108.117.211 | | 9.5 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-14.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash4957499f251b620472eb5fe6fd126c22 a237ac15f4b16256f1c49a40ca07ca168dea540c de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d0aba534dc.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL d0aba534dc.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash8214ac8888ba08fa25851eb1a299993c 9c424879bc85e4873b23adb31a6d6d47d83a655f 609936be9738e1bbb55b4f22a399ea0c814edd5297f1e8420e63b61b7cf435d7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d0aba534dc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d0aba534dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult | 116.203.121.110 | | 662 B |
URL show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult IP116.203.121.110:0 ASN#24940 Hetzner Online GmbH
Hashe14d34ca55c908e89de08e8e96f0ced7 6a1be7c54eefe1d3744d69b6dc3df4a2bb4fa8a7 87dc11cc71c3db8cfd22752992dfcdcb1b69d37b3821aecbabf29a8d28dc2737
GET /api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17c4c6cf35.news-xapeva.cc/
Origin: https://17c4c6cf35.news-xapeva.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://17c4c6cf35.news-xapeva.cc
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/lands/36/lp.js | 193.108.117.211 | | 7.9 kB |
URL 63fb1173a7.news-xapeva.cc/lands/36/lp.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (19020), with no line terminators Hashc2e1c62d059fcbef32fb4392a8243d46 24408e66d15f60aefd44d4d625ee2e25f33c86c0 124a7616938f07601c367566c96f19e6810ad620506548172abe19aea8a13910
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/lp.js HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-2d2"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 608cdcaf2f.news-xapeva.cc/lands/46/sketch.min.js | 193.108.117.211 | | 2.4 kB |
URL 608cdcaf2f.news-xapeva.cc/lands/46/sketch.min.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (4675), with no line terminators Hashed52afed30560dc3e13a88e35a300c18 8714792a53d24b5c641b9536a2d218d75b43b3f9 cad4eff11237dc84f803b46c8529ca9918e4429c38058a053ef5d492c707a711
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/46/sketch.min.js HTTP/1.1
Host: 608cdcaf2f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://608cdcaf2f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 2379
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-94b"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://608cdcaf2f.news-xapeva.cc/
Cookie: _subid=376l60j10h7e3m; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:49 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e3r; expires=Mon, 27 May 2024 09:38:49 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:38 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://608cdcaf2f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-length: 0
location: https://5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| bstnwsgwrld3.com/adult_video_3/980/3a523b7d2337d3ebf4e22913adc6606d/?click_id=wbuh0vjs4iad01s0jsjtcgfa&sub1=&fullscreen=1 | 192.133.142.177 | | 178 kB |
URL bstnwsgwrld3.com/adult_video_3/980/3a523b7d2337d3ebf4e22913adc6606d/?click_id=wbuh0vjs4iad01s0jsjtcgfa&sub1=&fullscreen=1 IP192.133.142.177:0
File typeHTML document, ASCII text, with very long lines (16811), with CRLF, LF line terminators Size178 kB (177872 bytes) Hash9088b17494d29fd5e384383db13cc054 a337055171876f53ccb24a353669084067e97354 e271fc7cfe0b1a2604db98d45d6bba74900dd948697ef0c8deccd76902926c75
GET /adult_video_3/980/3a523b7d2337d3ebf4e22913adc6606d/?click_id=wbuh0vjs4iad01s0jsjtcgfa&sub1=&fullscreen=1 HTTP/1.1
Host: bstnwsgwrld3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:36 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
permissions-policy: ch-ua=(self "https://rexpush.club"), ch-ua-mobile=(self "https://rexpush.club"), ch-ua-platform=(self "https://rexpush.club"), ch-ua-full-version=(self "https://rexpush.club"), ch-ua-full-version-list=(self "https://rexpush.club"), ch-ua-platform-version=(self "https://rexpush.club"), ch-ua-arch=(self "https://rexpush.club"), ch-ua-wow64=(self "https://rexpush.club"), ch-ua-bitness=(self "https://rexpush.club"), ch-ua-model=(self "https://rexpush.club")
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5c188dc60f.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL 5c188dc60f.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: 5c188dc60f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 8.9 kB |
URL 29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7601) Hash8726be6ecc202c6658083ebfdfad430d 23d1eed886da143bcba435b993f8cb2a526d318e 1c231c3071fb3b7ee59e75c995f312dcd1889db89b189b4a54e63f2ba6a9ace8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 29ec1d5efb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e7ec18856f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c188dc60f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-length: 0
location: https://b729c3716a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| b729c3716a.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL b729c3716a.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: b729c3716a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b729c3716a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 504565329c.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 54 kB |
URL 504565329c.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (64514) Hash1780dd79c34df22c0565b14db955fd12 b6ef1d8bdeed8832a2d269d1bdec5aad31680a30 89910a70192fdfa6144db5e8b22821ddf127b6ab726ddec828359979f5e6bc69
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 504565329c.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c3118aba30.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 65e344bf2e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 815 B |
URL 65e344bf2e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (552) Hash5e0157aa2f745a96d743dbf8a757aa93 636788b55730df556d4bce1c8f649cc6d61f1795 a40791fcc669808b3525f9e3e8b040d9f6564b3632b8c56f4485d3bac3f3d546
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 65e344bf2e.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5732546dc0.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 07c5b74880.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 07c5b74880.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 07c5b74880.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://07c5b74880.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 07c5b74880.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL 07c5b74880.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: 07c5b74880.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://07c5b74880.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 07c5b74880.news-xapeva.cc/lands/57/js/device.js | 193.108.117.211 | | 1.1 kB |
URL 07c5b74880.news-xapeva.cc/lands/57/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/js/device.js HTTP/1.1
Host: 07c5b74880.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://07c5b74880.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| dbde52e0d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 54 kB |
URL dbde52e0d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (64514) Hash33de962e03612667acbfda202a3d6d5a d9ae4820862908c7c7bd9408c747544b79712331 143e0260314e3f6da67824ef934e64ce2bef122b49bf63fd5b040bb6e5089bc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: dbde52e0d2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29ec1d5efb.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| dbde52e0d2.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL dbde52e0d2.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hashc117a14db315b89a541d25e65bc9fae2 760a8edb948f937380ef2f03d77010e2ec89a8b8 6e005d7edaad6e41f20dc4180cce3d998dfff66e9552f620aa6edcd5a93cc832
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: dbde52e0d2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbde52e0d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e7ec18856f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 44 kB |
URL e7ec18856f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (37171) Hashf7838097c6a39004f0f3610280e9c5e7 47c2c47d853c8ef929f2e992bb90cd12253982a6 095a81a9a282b063b70ec7cf0ce6935034c377f6007c3cccdbc1d2188ba8120c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e7ec18856f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7ec18856f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4afb8081d2.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL 4afb8081d2.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: 4afb8081d2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4afb8081d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 4afb8081d2.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 500 kB |
URL 4afb8081d2.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: 4afb8081d2.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4afb8081d2.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 2.5 kB |
URL 5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (8854) Hash9df00daf6701bac6bde1156c2bbdfe6e d9fe9a62e60735ed20dffbe977f606d9357794ec 96a3936a56610ca3d090f8961c91c19648eee9d591f145c4ae172f14b65b861f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbde52e0d2.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4afb8081d2.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-length: 0
location: https://5685a2db87.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5685a2db87.news-xapeva.cc/lands/20/style.css | 193.108.117.211 | | 868 B |
URL 5685a2db87.news-xapeva.cc/lands/20/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (2230), with no line terminators Hashd4b3acb7a84d2265bf174f13f93ca4f1 d6595e14ed8549bc39a8977cbd8d5b5b6f5cf221 2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/20/style.css HTTP/1.1
Host: 5685a2db87.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5685a2db87.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: text/css
content-length: 868
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-364"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5685a2db87.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 5685a2db87.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 5685a2db87.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5685a2db87.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 29ec1d5efb.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 11 kB |
URL 29ec1d5efb.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash915fc5e5279990a7646dd9abe8b60e15 77ea3d423acb47d9938e22894c42743994a9c5fd 7510912eb619d8557c22c7db662db5b69833a6753c709e7842bcb05deeb6fe16
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 29ec1d5efb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://29ec1d5efb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5685a2db87.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-length: 0
location: https://7a7a4f1542.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| ia.check-tl-ver-94-2.com/adult-video/assets/trls.js | 172.67.189.129 | | 10 kB |
URL ia.check-tl-ver-94-2.com/adult-video/assets/trls.js IP172.67.189.129:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators Hash4bf00604db1b3695385cfd297af0ef46 6d6652fcbefb4a5ea4fba578a2532c7e1b16e2c6 7e023b60f8f33a43f89f344e37ea814c93e69e82bb4ddb90b5b0467d9d82ac05
GET /adult-video/assets/trls.js HTTP/1.1
Host: ia.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ia.check-tl-ver-94-2.com/adult-video/?pl=YC0GOkWFo0Wz8n7UhRmi1w&sm=adult-video&sub_id=980&nrid=6dec9bc744f24d759bba5fce8344f142&hash=H98EfrdZvw9FaeAC4TdMqg&exp=1714124618
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1da4"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2F9DhKD4vPvFIg3uuvmg1y1Y3ppVUdrsZV5klBA%2F0Uz%2BvlM4IpcxkvnXlaeMefrG9wtEqMBiiATVPWGIKgpi8m40glDvMvdPFFHEDDp5G06KSm3rKVYboZExmZ4FLxGFHUtzIepzqJtDEBs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e63f8056a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7a7a4f1542.news-xapeva.cc/
Cookie: _subid=376l60j10h7e4k; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:50 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e4o; expires=Mon, 27 May 2024 09:38:50 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:40 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 784 B |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
Hash1ba1a21c8876dbaa3b3b1457aadec340 2373a127295c1cab8d143eb10fe1870d29f02150 47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5685a2db87.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:50 GMT
date: Fri, 26 Apr 2024 09:38:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 7f30bff326.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 7f30bff326.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 7f30bff326.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7f30bff326.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d0aba534dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 13 kB |
URL d0aba534dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash17560507682e72333aabdfd9fea7307d b5732b5cc24c9d6372094ffaf0f0314afefc194c 02a87b6ca1499ce8550478867344a6f8ab660f3fa6470ee2312eaa8a78f3aff5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d0aba534dc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://09068d0b2a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 7f30bff326.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL 7f30bff326.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (36946) Hash91917194132e737d638acf906fcb1d68 9557792f17fd2303f93573859a08bc4736249cc1 8f9be60e2d823d304c95fa55bdc160eaa8cf3ddf84855dbb5b72d6ab8eadc16b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 7f30bff326.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://7a7a4f1542.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://7f30bff326.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-length: 0
location: https://d30bb9ddd3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| d30bb9ddd3.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL d30bb9ddd3.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: d30bb9ddd3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d30bb9ddd3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d30bb9ddd3.news-xapeva.cc/
Cookie: _subid=376l60j10h7e4s; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:51 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e4v; expires=Mon, 27 May 2024 09:38:51 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:42 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d30bb9ddd3.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-length: 0
location: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL cf314ebbcb.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ef422e6eb4.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 61 kB |
URL ef422e6eb4.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash42ae50d61e4f665bfbe1c25b83df724e b76b3bbd443503757a9594adec32d9c11a96aad3 67f6565875e3817e5c5d79147302695d7937d57313a0f57c3bbe70a80d7a2d35
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: ef422e6eb4.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d0aba534dc.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5c188dc60f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 15 kB |
URL 5c188dc60f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hasha759e3687050e6b07a5b0f70a2b3dde3 ed9c37eaf4fd70dfc0f3ee4bea641bebaefca4e7 8ba8cdbfabdba9fd6322a078cb3cb9583f92b86a67edcab8d2a97d53055ed494
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5c188dc60f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076 | 193.108.117.211 | | 10 kB |
URL de66e23c60.news-xapeva.cc/?id=1218770951&p1=tk_206076 IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash06920f22172f1b663484cab08991b6e5 1c2ab7ee3273cb15be1be791c0cb1338da5640ec 49af2c7987ab5d176faa9034fce823b60c8acd73b194db012c900b70e4ba1c44
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218770951&p1=tk_206076 HTTP/1.1
Host: de66e23c60.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:40 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL cf314ebbcb.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL cf314ebbcb.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL cf314ebbcb.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL cf314ebbcb.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 7a7a4f1542.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 7a7a4f1542.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash4f9f24d53c461ebc2d08f173c64344de 33476b4922ae6b9e20be269ab1dee4b59328ad4e d01de0d2099c806a7b79a51b2beb3f154232b35220fda03c3480270462124cc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 7a7a4f1542.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7a7a4f1542.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cf314ebbcb.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-length: 0
location: https://5975a21fe8.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5975a21fe8.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 5975a21fe8.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 5975a21fe8.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5975a21fe8.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| c3118aba30.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 75 kB |
URL c3118aba30.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (64514) Hashe477c13e7e8ec9f02687c0fad59f0106 a4fc6006b5dd56bbe500eeb64c6017af9cdc9a22 67f6b044dcc1ff9951e3b331563a477d9277612c90c17f716669869b1debf447
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: c3118aba30.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8558efc928.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5975a21fe8.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-length: 0
location: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 18c630ec10.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL 18c630ec10.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 6.1 kB |
URL 18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashee23fd2e52a0ae6177f2516734a36717 4c440660edacf375210e8e90585d161173bcf5b4 b60fa223940875316e86a95da8da764282a858b5836ce58db41e9a54d1e1db7e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5975a21fe8.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL 18c630ec10.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL 18c630ec10.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 608cdcaf2f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL 608cdcaf2f.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hasha49e8f83d0e69a5e3869a7394809b72f 0a5986efa20782c0734c85c7aa312aa866d468a6 82658515f8f2b1df2494209721327e11c99a9d2d2f836a29adb70ad7b8ebba97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 608cdcaf2f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://608cdcaf2f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL 18c630ec10.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 12 kB |
URL 5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashcbeb8b12e422ff13d8decc9252e645ee 9f6b5ba860e3de87b86d91f8ff5dcbfd7a4a440d dce6d34f5e89782073e2e52882e6f83ea75dff1a98dba1f173ec2a1c5a5b8574
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5c188dc60f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://608cdcaf2f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/
Cookie: _subid=376l60j10h7e5b; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:52 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e5e; expires=Mon, 27 May 2024 09:38:52 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:44 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://18c630ec10.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-length: 0
location: https://d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| d9a96a3e32.news-xapeva.cc/lands/20/style.css | 193.108.117.211 | | 868 B |
URL d9a96a3e32.news-xapeva.cc/lands/20/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (2230), with no line terminators Hashd4b3acb7a84d2265bf174f13f93ca4f1 d6595e14ed8549bc39a8977cbd8d5b5b6f5cf221 2932666d3de7135f82ec781a408781352ec79c68998de11047db8e228d063311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/20/style.css HTTP/1.1
Host: d9a96a3e32.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/css
content-length: 868
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-364"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d9a96a3e32.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL d9a96a3e32.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: d9a96a3e32.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| b729c3716a.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 11 kB |
URL b729c3716a.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashd382bfc5d3039adefad1e31b5cbab207 441b157c8b2c8b741d4806243c8889919626e6a6 fa64aa7c70ab6f14fab270a3e61f18347e29aa09b298c4fe731a9362ee78f3cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: b729c3716a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b729c3716a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d9a96a3e32.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-length: 0
location: https://9ce0932f7e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 9ce0932f7e.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 9ce0932f7e.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 9ce0932f7e.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9ce0932f7e.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5975a21fe8.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 13 kB |
URL 5975a21fe8.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash736aa26c5d8f800125a43ed88a9997ba 50fba0acc4dcccf0a4629919d4a3dd14d4bfffb6 a07e989b5f4802e210e765d4685e74df945a3f969da52be14fa157b1f98b9789
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5975a21fe8.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5975a21fe8.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9ce0932f7e.news-xapeva.cc/
Cookie: _subid=376l60j10h7e5f; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:52 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e5i; expires=Mon, 27 May 2024 09:38:52 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:44 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9ce0932f7e.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-length: 0
location: https://e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e9c4952774.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL e9c4952774.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: e9c4952774.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9c4952774.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL e9c4952774.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: e9c4952774.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9c4952774.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 500 kB |
URL e9c4952774.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: e9c4952774.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 11 kB |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
File typeJavaScript source, ASCII text, with very long lines (26456) Hash88bea946b5a6d1eeba8a9706c7bc3a9e aadae0e1c8f24025879ab1dfda0134a619b6a75f 3953c42f311058713bd2cbf9bf5cf3456af059b1906fa707db402976ab54457d
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d9a96a3e32.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:52 GMT
date: Fri, 26 Apr 2024 09:38:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e9c4952774.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-length: 0
location: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL a298ee02fd.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/lands/53/css/style.css | 193.108.117.211 | | 1.3 kB |
URL a298ee02fd.news-xapeva.cc/lands/53/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4928), with no line terminators Hash6f2d06d6dbd00d18b9e7eb11ef80081d b86bdf3144b91210a3e04aab9802dba7b677ffe4 4bbe46d55f77d131ea3c70d021bf1e88fcfa1a98b7b89cf8f3f081ffb38fa7f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/css/style.css HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: text/css
content-length: 1301
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-515"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 500 kB |
URL a298ee02fd.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/lands/53/js/device.js | 193.108.117.211 | | 1.1 kB |
URL a298ee02fd.news-xapeva.cc/lands/53/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/js/device.js HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 7f30bff326.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 7f30bff326.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash902a72d63e3a04e3944987f5908d9b9a 2f0e19b831c9c979271ec3d3f83c724cda15a3cf a12cee6d8d1e2e1c59c5de7c690a8473fa2bad987820e077077f36ebd59950fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 7f30bff326.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7f30bff326.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a298ee02fd.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-length: 0
location: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL e7abc5484a.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 11 kB |
URL 63fb1173a7.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash6b5d0c26e0da2159363b88cb25b1e9f9 47853a84879153f9c9bc87b5a6bde2306cea1bc7 411167ed40d6394f741dacc4435945fe640e584a2130399fe5ce4fec3f48b202
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL e7abc5484a.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL e7abc5484a.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-1.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-1.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8374be5c573da988b4d76c1051f8cbc7 c319af79d391edeac2268173798952dd71f0ecf2 41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-8.jpg | 193.108.117.211 | | 9.8 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-8.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash2e7eafc3878ee465f96bca0f9d1e1712 c4f353f12542db5d2df3be74dbae890e0430ac6e df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-10.jpg | 193.108.117.211 | | 9.7 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-10.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash00ad8eccd280144f038e883859beeabe e13583bbe25712e827b8b22b1353c883531f849f 21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 17c4c6cf35.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL 17c4c6cf35.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash61fd93b1d3bf3e259b5ec5ed28ebfaed d0e8cf6907a7d9b916b735867b6cf44f6d0af4f9 213bd5bbcd39b5dc665f1e4e1bb582f0d133d622f04655645bd483c0aae2e1bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 17c4c6cf35.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdnstatic.check-tl-ver-94-2.com/ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w | 172.67.189.129 | | 20 kB |
URL cdnstatic.check-tl-ver-94-2.com/ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w IP172.67.189.129:0
File typeASCII text, with CRLF line terminators Hashdc65a2fbfc4c76147b8b778b759c8d91 b8374137f0fe797e6a7e58c0c6ef14aa7a6b9855 7e85c285fd983223d07a014d1a96804ba1c8f65fb43238a4fad204350e896958
GET /ps/config.js?id=YC0GOkWFo0Wz8n7UhRmi1w HTTP/1.1
Host: cdnstatic.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ykrvt.check-tl-ver-94-2.com/
Cookie: __psu=7abe3768-e849-48d0-9190-12973f198777
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 09:38:39 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7MlGx8oNkCxrJihCUw0uav2x%2FpOBo4gR4c5PHTfFsE7lwzSqnRuomh5wLDdI9LmGjFVSHsnf1na4ONUtvWq3iEvOLJSQObjeTcKUQ8VXzimtxuTPmKm%2FtrctY1wYBV%2B9xRyR%2F5moiVCZumHzwcP9Nng6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a599e41ce256a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 18c630ec10.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL 18c630ec10.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash46e2eea9e05ca6677a81273a52cbb9b5 b823319be07d86ae49903427ba74f75d7df28128 d58d25b257d9299ec81c943316e02dfe2cdd936a215d7d1cbc9caba7f3a1e77d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 18c630ec10.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://18c630ec10.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/
Cookie: _subid=376l60j10h7e5r; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:53 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e62; expires=Mon, 27 May 2024 09:38:53 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:46 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e7abc5484a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-length: 0
location: https://e09e6130ac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e09e6130ac.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL e09e6130ac.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: e09e6130ac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e09e6130ac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e09e6130ac.news-xapeva.cc/lands/46/sketch.min.js | 193.108.117.211 | | 2.4 kB |
URL e09e6130ac.news-xapeva.cc/lands/46/sketch.min.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (4675), with no line terminators Hashed52afed30560dc3e13a88e35a300c18 8714792a53d24b5c641b9536a2d218d75b43b3f9 cad4eff11237dc84f803b46c8529ca9918e4429c38058a053ef5d492c707a711
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/46/sketch.min.js HTTP/1.1
Host: e09e6130ac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e09e6130ac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 2379
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-94b"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e09e6130ac.news-xapeva.cc/
Cookie: _subid=376l60j10h7e62; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:53 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e65; expires=Mon, 27 May 2024 09:38:53 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:46 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e09e6130ac.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-length: 0
location: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 9.0 kB |
URL e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (20550) Hash15565572f2cd6f1efa38080103c904f7 3d7e8e3bd82acfe3f8f659248b6de5dfe7ef68e3 d2fb5441e5c851fc40d551949eef107c64e24e405c6f224834fa1acec5ebf0fd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e09e6130ac.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e9ebc92c81.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL e9ebc92c81.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: e9ebc92c81.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e9ebc92c81.news-xapeva.cc/
Cookie: _subid=376l60j10h7e65; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:53 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e6b; expires=Mon, 27 May 2024 09:38:53 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:46 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e9ebc92c81.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-length: 0
location: https://e05e2a2dd1.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| cf314ebbcb.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL cf314ebbcb.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hash4c7d729deb8c46b17734bc06ab87ee66 3e9ec54e72b5dc5bd81b829adee2100d4d8e9c59 189a153b6553a648c9c278ff485b08506a203d3d2c608913e28c6700809ff37f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: cf314ebbcb.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf314ebbcb.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e05e2a2dd1.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL e05e2a2dd1.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: e05e2a2dd1.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e05e2a2dd1.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 16 kB |
URL 63fb1173a7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (26456) Hashd9fb29d862e3650c0bddb53d46bf1251 b0481b6edf2207f4db3cfd047ba7f2189de70c1f 8ce89a4114bb73462909e96f636b614fa54694b6f2df41a7d64ed7db8f8335bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 63fb1173a7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17c4c6cf35.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| b729c3716a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 6.3 kB |
URL b729c3716a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7601) Hash2498940b5f959aa6e21ae351bdc623c2 85adb85ede4919645a62249ab8919f5bc03cb30b 67946a436551672ba8cb5e9540e212d9a1dfc226e8e3450f87fd4908561c21d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: b729c3716a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5c188dc60f.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e05e2a2dd1.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-length: 0
location: https://6470456288.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5975a21fe8.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 61 kB |
URL 5975a21fe8.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (64514) Hash3b24c9ae627aecdb0625ccf6cea8d7e0 eee5a66728124b7d94d2ace5be57f291a70d8a16 7c25a08fc95186f3c3e859fcdfc2975e1cb17ff13b2cc3a9d08506dde8d2cb20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5975a21fe8.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cf314ebbcb.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:51 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 2.0 kB |
URL d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (4680) Hash41fe4808ba0545d774a5cd9d14b1e887 ebf2799ca1212c2445cb701cdd2982f8bdf18efe 8257e502931baac8a8279569877e3b016af6dca884fc9a73675cb38af1b992bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d9a96a3e32.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://18c630ec10.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 22 kB |
URL a298ee02fd.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash9e22ed434f4d42b69ceb36ecb2230922 ded31b2448bd867c802fded0662130a11968da4a 330f1979dbca8ddd2868248daf5eff3eb6607b9502d42eb32a32d15c10f0f397
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 1.4 kB |
URL 8558efc928.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (1334) Hashd7c960567fa7608c589d0ed22e542f9c 3890cf5dcc6b69602058e3b2d76d6f453f6ebed3 c405942739b5dda540c58b32a90669e2479bd4c232610f092e57dbc11602deb9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 8558efc928.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://907248c9ab.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:46 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 07c5b74880.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 13 kB |
URL 07c5b74880.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (26456) Hash23faea271df79e42388e85b0b80a5454 4dcbe69aae586eb0569d96bc60d26be892c536e1 6a7041a4fb5586bf0e399f9a6e6d7935f6ad4f1e0f3f3658886a863b4d3ce8cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 07c5b74880.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b729c3716a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:50 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 9.0 kB |
URL 09068d0b2a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (20550) Hashcc55ae0431021e83325c44c0789a15c9 03be00b4de89f7f9b2170d7b21a0eb5be5cd0a88 bee28c9b8e89ce1221a6b60e92370bdd3b51dcf778efd7b2d5b79e8110f290b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 09068d0b2a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://761f905319.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 6470456288.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL 6470456288.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hashcfd27e82881cfc24226bc4eed08a0796 119baf2b611bd11e7917d1d29f81339cfd800638 c5c361cbdb1c48b077a381adcc7c6bbf3d4f57132680a8066b8ed314f5f3d313
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 6470456288.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6470456288.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1292a7ce58.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-length: 0
location: https://1084421838.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 1084421838.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 1084421838.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 1084421838.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1084421838.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 8.7 kB |
URL a298ee02fd.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (19649) Hash6c4771554381e86e3bf44f40665b456b e4306fdefb3bd8f7e20d713827f19acf8e2ad56b 934e5e4d5e86ba381fe59e6588bd78910ef9e1b4f73b51c01f273b242271cf20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: a298ee02fd.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e9c4952774.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1084421838.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 500 kB |
URL 1084421838.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size500 kB (500082 bytes) Hash2e59da03066a7854825901e0c1460b52 8d5aa04f252de7a85b8387051c1321338ac32d32 63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: 1084421838.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1084421838.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1084421838.news-xapeva.cc/
Cookie: _subid=376l60j10h7e6o; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:54 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e6v; expires=Mon, 27 May 2024 09:38:54 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:48 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1084421838.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-length: 0
location: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 2a04c754b3.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL 2a04c754b3.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 5.9 kB |
URL 17c4c6cf35.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash1ecd30a505dd334f91b3bd4d0b6317fb a8b4e12208a53d20e2186e730480d760bb6b4781 9a0db2c924392ba3bf26ae44b0d6d9c452fc752325035b9466fbe370344d1b62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 17c4c6cf35.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ef422e6eb4.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:48 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL 2a04c754b3.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d9a96a3e32.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 17 kB |
URL d9a96a3e32.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash3c0a1d5f6bb0852883dca61af13a2fd9 b0cb4bb225add57897f7410d564e72c017ce7a62 4144d14d80f35700303dd95107ee6587ad90751d01aa4a2361de39969351720b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d9a96a3e32.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d9a96a3e32.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL 2a04c754b3.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL 2a04c754b3.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 2a04c754b3.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL 2a04c754b3.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: 2a04c754b3.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2a04c754b3.news-xapeva.cc/
Cookie: _subid=376l60j10h7e6v; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:55 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e73; expires=Mon, 27 May 2024 09:38:55 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:50 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2a04c754b3.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-length: 0
location: https://a376a7b294.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5732546dc0.news-xapeva.cc/lands/36/lp.js | 193.108.117.211 | | 12 kB |
URL 5732546dc0.news-xapeva.cc/lands/36/lp.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hashca7348e9a08c18e6ffad19c73c87e24d f63802bf23db91ca8e0a57c5e0f9f16ed78774f4 2af910799089e01af3d1edcaeb5b7e0fba54e5d416af1e086de86defeb465b81
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/lp.js HTTP/1.1
Host: 5732546dc0.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5732546dc0.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-2d2"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| a376a7b294.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL a376a7b294.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: a376a7b294.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a376a7b294.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a376a7b294.news-xapeva.cc/
Cookie: _subid=376l60j10h7e73; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:55 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e79; expires=Mon, 27 May 2024 09:38:55 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:50 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a376a7b294.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-length: 0
location: https://c5e7e6b1ca.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| c5e7e6b1ca.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL c5e7e6b1ca.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: c5e7e6b1ca.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c5e7e6b1ca.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| c5e7e6b1ca.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL c5e7e6b1ca.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash4796d0044cb20d3e21d2749fe13cce30 a392ec29c382bf02ec3b96fc4b18a2464e69ee3b 877eb8c1e94070abd5b3150c9ef5e66965d0d9b9a9c6321a41563659bf3c6a20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: c5e7e6b1ca.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c5e7e6b1ca.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic | 142.250.74.106 | | 784 B |
URL fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic IP142.250.74.106:0
Hash1ba1a21c8876dbaa3b3b1457aadec340 2373a127295c1cab8d143eb10fe1870d29f02150 47e3881d0fe2662e06375c04b01a8eabdd8eeca52f66aab1dc7ba3b6f5c564f8
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a376a7b294.news-xapeva.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 09:38:55 GMT
date: Fri, 26 Apr 2024 09:38:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fbabffca48.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL fbabffca48.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: fbabffca48.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fbabffca48.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fbabffca48.news-xapeva.cc/
Cookie: _subid=376l60j10h7e7d; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:55 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e7j; expires=Mon, 27 May 2024 09:38:55 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:50 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| 504565329c.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 504565329c.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash1ae337e151f9690d62baae7f91c7386a 5dd35c38d327d1e5f31dc4033652ccabcc924637 2e1f88b97e3d9910e61d56b27ec06f4b663094c4ac3c78a753114144fa57e4a2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 504565329c.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://504565329c.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 608cdcaf2f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 8.8 kB |
URL 608cdcaf2f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (19669) Hasha309bcc140a1b72eec72a30ae4af863f 81f592be89b9a1962b29943990c1d791f3426de8 92cbc00c2363cfc50a7f04e7fad1ef6613177e5eab09a6ab529dedb60010db1e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 608cdcaf2f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://63fb1173a7.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://10f96af6ab.news-xapeva.cc/
Cookie: _subid=376l60j10h7e7j; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:56 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e7m; expires=Mon, 27 May 2024 09:38:56 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:52 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://10f96af6ab.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-length: 0
location: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/lands/36/lp.js | 193.108.117.211 | | 8.5 kB |
URL e7abc5484a.news-xapeva.cc/lands/36/lp.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash2c0409e667236bc13b89ea4071f6176b 2deeeb109ee60cbd457f471f30881652c7b036ef 856dcaf281fa8577a40ed249462c4d24385f7c1d670f8c4794df70f267d4512d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/lp.js HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: W/"6602cb4c-2d2"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 3879801fac.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL 3879801fac.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: 3879801fac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 3879801fac.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL 3879801fac.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: 3879801fac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 3879801fac.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL 3879801fac.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: 3879801fac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult | 94.130.236.73 | | 9.2 kB |
URL show.revopush.com/api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult IP94.130.236.73:0 ASN#24940 Hetzner Online GmbH
Hash184accde96d28f9dc90d6347f38d3e6d c3f15422ab1b1f146197a7ffec48b276942b9fb7 cd6e1b02d20389d7ddf7f37d5ca9a4b40855ae6917f5563369fb6c0b4123b58b
GET /api/v1/inpage/show/?uid=171984&subacc=1218914904&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6470456288.news-xapeva.cc/
Origin: https://6470456288.news-xapeva.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://6470456288.news-xapeva.cc
vary: Origin
content-encoding: br
X-Firefox-Spdy: h2
|
|
| 69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 11 kB |
URL 69a4143a88.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hashc27d3b0706d82b5751901408888cef34 85db93e40c7539878de4a29d4525d9116430b208 4d00406a6a76cadbda901f34615e1fecef41dfc33eff8e88584e2bd5ec9fe232
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 69a4143a88.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://de66e23c60.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 3879801fac.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL 3879801fac.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: 3879801fac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 3879801fac.news-xapeva.cc/lands/39/img/icon8.png | 193.108.117.211 | | 4.1 kB |
URL 3879801fac.news-xapeva.cc/lands/39/img/icon8.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashf92d6474ebc6a3a0b576749cfb4afe98 0f4ce3dcf04873b8098c01d20c44967fb9fce0cc 3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon8.png HTTP/1.1
Host: 3879801fac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-fe0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3879801fac.news-xapeva.cc/
Cookie: _subid=376l60j10h7e7m; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:56 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e7q; expires=Mon, 27 May 2024 09:38:56 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:52 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3879801fac.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-length: 0
location: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 5989145f27.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL 5989145f27.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 5989145f27.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 5989145f27.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-1.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-1.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8374be5c573da988b4d76c1051f8cbc7 c319af79d391edeac2268173798952dd71f0ecf2 41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL e7abc5484a.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash6729f753ddc7c1f579026b49b04b3e05 5a44917f5d1275973eb489a250d5f7b5c5d59b76 ef8db98dc8463c3e7d7970315f8e2a01a20b7ed5cac163c990707c104e568f73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fbabffca48.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL fbabffca48.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash2640e29ad08eba8954550a318d70bddc eb5d195105c3f0c2b42e99eef6758f440bc1c8d4 f49f0eb38c59c9f160f76921b6df09230e87183c5f541f6bc32b208c5fa07540
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: fbabffca48.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fbabffca48.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-11.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-11.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8611f67b36ff57eaa1060e793b9e6ad4 49f273a5760e7375adb1efc58f0ed2c665da6ae8 de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-12.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-12.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3971b0cd6849aef8e63c281fe7e53c57 690281f0f9a05a32be18029632240693f7b26270 20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-14.jpg | 193.108.117.211 | | 9.5 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-14.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash4957499f251b620472eb5fe6fd126c22 a237ac15f4b16256f1c49a40ca07ca168dea540c de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL 5989145f27.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| e09e6130ac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 1.8 kB |
URL e09e6130ac.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (2019) Hashc9ba3a9d1d0f365271dde08e518be2c8 67e02ab19e333eed28710832f8b00768f8e5e52d 90460f942c3b11a71b37b58db183b1c8a3882e17e601205d9e93435d402b20b3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e09e6130ac.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e7abc5484a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5989145f27.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-length: 0
location: https://b99c2c75b7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| b99c2c75b7.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL b99c2c75b7.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: b99c2c75b7.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b99c2c75b7.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b99c2c75b7.news-xapeva.cc/
Cookie: _subid=376l60j10h7e7v; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:57 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e87; expires=Mon, 27 May 2024 09:38:57 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:54 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b99c2c75b7.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-length: 0
location: https://724193d8dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 724193d8dc.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 724193d8dc.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 724193d8dc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://724193d8dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://724193d8dc.news-xapeva.cc/
Cookie: _subid=376l60j10h7e87; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:57 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e8b; expires=Mon, 27 May 2024 09:38:57 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:54 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://724193d8dc.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-length: 0
location: https://2290d70366.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 2290d70366.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 2290d70366.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 2290d70366.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2290d70366.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2290d70366.news-xapeva.cc/
Cookie: _subid=376l60j10h7e8b; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:57 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e8l; expires=Mon, 27 May 2024 09:38:57 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:54 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2290d70366.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-length: 0
location: https://cf542c38af.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| cf542c38af.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL cf542c38af.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: cf542c38af.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf542c38af.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| a376a7b294.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL a376a7b294.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash030b13f7a2b353d17edd4a2fd9f1c4fc bc10d6e703613806f65bc077a051a66a2c015180 55502b93efad9c57a35316def8c5dc89bfef751bf525aada2bfd04e8e039113f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: a376a7b294.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a376a7b294.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:55 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cf542c38af.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-length: 0
location: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 2290d70366.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL 2290d70366.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hash49c5d9916453fd49da2a3d34d82cf66a 56e8b9c4ea9e5e86801e3b7fc5b773068cadf99d c556f832129e5222321114c9f471ef49bf1d8db58ea3670cea752ea4dae60c5d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 2290d70366.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2290d70366.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d13fe4413b.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL d13fe4413b.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: d13fe4413b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d13fe4413b.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL d13fe4413b.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: d13fe4413b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d13fe4413b.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL d13fe4413b.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: d13fe4413b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cf542c38af.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 17 kB |
URL cf542c38af.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash3b5f364e340ce5ebfdaad066cb4e8763 9ca68ff01ccfda5969dce8550ca61db0f1f36200 3aed31779f733a0d612fa0fc09a7ade1d6e506590a6539f83213ee71b4820ce1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: cf542c38af.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cf542c38af.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d13fe4413b.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL d13fe4413b.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: d13fe4413b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d13fe4413b.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL d13fe4413b.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: d13fe4413b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d13fe4413b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 724193d8dc.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL 724193d8dc.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash7e8fc49c801ce9ad0eccc841faba377a eb8f736d5ea635bc529e5f1ef0939c25d3bda5bf b479f5b6b2620e4e73e3a4b00cfedfcc20efc92da5f52fc775893894055e2b7e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 724193d8dc.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://724193d8dc.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cf542c38af.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 26 kB |
URL cf542c38af.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (63957) Hashb552aaa2aa732574d19349fc087aba00 ac4ed90a4183db6865ca2402f78094d50152faed b61edf85766059eb4d693b07f14bc139682053ea851206252fca7aaed6706272
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: cf542c38af.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2290d70366.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:57 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d13fe4413b.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-length: 0
location: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 6a984cd450.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/style.css | 193.108.117.211 | | 3.1 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (11701), with no line terminators Hashdb606af46bdcca984d60a46183a4525e 28964fac8b2b7889554f32543e69ac68e6f21e2f 8693be57861bf006c70b542234666eaa50f4258856c4e75e0066f1ca589026ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/style.css HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: text/css
content-length: 3136
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-c40"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/logo.png | 193.108.117.211 | | 7.4 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/logo.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced Hash6cd3a78b39a704ee1c84f31c8c4e5808 bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93 4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/logo.png HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 7398
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/search-icon.png | 193.108.117.211 | | 461 B |
URL 6a984cd450.news-xapeva.cc/lands/36/img/search-icon.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced Hash71a97f63eeafce6cc8dd4e7b92e77303 e92e36474a69fcf7b932efc581e024a1c25773e5 fc2f527dba6449b1d9a7f17e4e9926039806904f58a7b4278dccf398900371d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/search-icon.png HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1cd"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif | 193.108.117.211 | | 31 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/Spin-1s-80px.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 80 x 80 Hash68556766cd260e97fec2b60a9bfaf8c7 26c969371c9a3de360fab6d7a7a3bec2c5d5c99f ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/gif
content-length: 30677
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/player-controls-l.png | 193.108.117.211 | | 945 B |
URL 6a984cd450.news-xapeva.cc/lands/36/img/player-controls-l.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 146 x 60, 8-bit gray+alpha, non-interlaced Hash6865c8700b582e4c7848472bb23dd65a c5ea2c514de8f55145550f9589e1e07cda457994 e1f5b32f965cf94fdb788fa9cff4f2f80b34c234f7e9fa9139de890e89438324
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-l.png HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 945
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-3b1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/player-controls-r.png | 193.108.117.211 | | 408 B |
URL 6a984cd450.news-xapeva.cc/lands/36/img/player-controls-r.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced Hashf0e42db89f7d0994b3723b35eb05a49f b4e08e7b2c525345d86dc2299663915c84a41b2b 13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 408
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-198"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/player-bg.jpg | 193.108.117.211 | | 11 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/player-bg.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashd0c6f02d6933f0b93db0942e3e7f3609 bc96b3878d13d0f46aa464e94515f27ad53531b0 7296089ccd9e42b305c5b0398d47a78f900b40225c592c6f1ef23ade5bbe667a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/player-bg.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 11291
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2c1b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-1.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-1.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8374be5c573da988b4d76c1051f8cbc7 c319af79d391edeac2268173798952dd71f0ecf2 41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-2.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-2.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashb1444ede1cb63c55f07c4b7cc861ec58 504823696a6990f0c6892721e34a7496cfe4e704 628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-3.jpg | 193.108.117.211 | | 9.4 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-3.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash76025b7cd7b3e168342e9f6916d8c7f4 bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2 46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-4.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-4.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash107bdcec0a201d69db378827b68127cd efc977edd0a369769d5f32d88e9858302bed1e5e cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-5.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-5.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash628b98b82d0aca1c1b2155aa5ec51a6a db663b2b85cf8828f3e9c5aa879325bb50e684a0 d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-6.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-6.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hasha83d5196e71bd6f9c55ef3e7322e527c 9dbddad413391599552c4d9cc5c9e8a287ef910f 52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-7.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-7.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash94edfad63e95c79618692b8d8dc20587 f582b7b70443ea1fff184ade49ab560fc8fd3318 0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-8.jpg | 193.108.117.211 | | 9.8 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-8.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash2e7eafc3878ee465f96bca0f9d1e1712 c4f353f12542db5d2df3be74dbae890e0430ac6e df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-9.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-9.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashc3af10d166a4447c21f25e4a32383a5d 37a0342d08d6933b3bbfd4063b7ba998c991dd73 963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-10.jpg | 193.108.117.211 | | 9.7 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-10.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash00ad8eccd280144f038e883859beeabe e13583bbe25712e827b8b22b1353c883531f849f 21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-11.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-11.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash8611f67b36ff57eaa1060e793b9e6ad4 49f273a5760e7375adb1efc58f0ed2c665da6ae8 de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-12.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-12.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3971b0cd6849aef8e63c281fe7e53c57 690281f0f9a05a32be18029632240693f7b26270 20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-13.jpg | 193.108.117.211 | | 9.4 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-13.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashcd911694d58b5fb86c94cf7a1d5b530b f32925a79b755d76fdf1ae56fa898ef23d816699 5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-14.jpg | 193.108.117.211 | | 9.5 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-14.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash4957499f251b620472eb5fe6fd126c22 a237ac15f4b16256f1c49a40ca07ca168dea540c de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-15.jpg | 193.108.117.211 | | 9.7 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-15.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hashbf608c2d10293273951a88b8d38de015 15b2a17c7300725aacc27f320480dfe5bf173a00 118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-16.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-16.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash700dfe65fca751e5c160aa1ed38c0389 61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886 8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-17.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-17.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash3617c828a4589dfd2af8f90e31f92666 0e7a1dbe743c9eaad109659f7b21ab86719b9cd0 f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6a984cd450.news-xapeva.cc/lands/36/img/pics-18.jpg | 193.108.117.211 | | 9.6 kB |
URL 6a984cd450.news-xapeva.cc/lands/36/img/pics-18.jpg IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
Hash52ada45615791fefe3513b98a28d6c61 334b68a65108b2274dc0d41bbed58d10cbfb41a0 204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: 6a984cd450.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6a984cd450.news-xapeva.cc/
Cookie: _subid=376l60j10h7e8u; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:58 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e94; expires=Mon, 27 May 2024 09:38:58 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:56 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6a984cd450.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-length: 0
location: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 5989145f27.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (27189) Hashba50e268d4e5d16a9ebed79819c87329 65919723ef53dde9e6228acc74eae095b72c71a9 b175e55f9c8c41fad3ae3c67c35ca0bbda5ad518e3365e8a99b0fbc6e054d322
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5989145f27.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3879801fac.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon1.png | 193.108.117.211 | | 7.3 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon1.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash3d0ab5834c8bf7134e4d21fa3288317f c31d1a6b9df206f67ea194f4c424cdc372a423c2 0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon1.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1c54"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon2.png | 193.108.117.211 | | 4.6 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon2.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hashc947d439eb93367f1af5b2a3d222f057 5b4c10820d39e624bc6df72a113679da80a8e44e aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon2.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-11e0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon3.png | 193.108.117.211 | | 7.8 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon3.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash8f3cc830da0b1fdf66bda7d1d734747b 94588f041eec3a78a8780c8124c56a1434a89277 ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon3.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1ea7"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon4.png | 193.108.117.211 | | 7.0 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon4.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Hash7ad7f32c1c0df7b4975cc41bda4ac435 81d57e996ee6cd9e122592e68ffa3d55c1ba10ff c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon4.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b78"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon5.png | 193.108.117.211 | | 3.3 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon5.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hash1e1a7582b5da63e10485d63f97abc9a0 ca3ee3067f96c732f455bc7c99ec5100194f13f6 196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon5.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cc0"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| d57c44635a.news-xapeva.cc/lands/39/img/icon7.png | 193.108.117.211 | | 3.3 kB |
URL d57c44635a.news-xapeva.cc/lands/39/img/icon7.png IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced Hashb512735542cb07b3b2dcf153a7dfe456 93bde8875412ce266600e2af1c37123483a50376 e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/39/img/icon7.png HTTP/1.1
Host: d57c44635a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d57c44635a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 6470456288.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 8.3 kB |
URL 6470456288.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash8b07cb379552930c88bd1dad6b13a93b 71ec12ccf32b99ca4e7fd69008f06279ea1b9f0e 1fafb5ef40a074ec0cdb4b9512537ec5581f2e2c390e03674d88c6e23f6f8448
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 6470456288.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://e05e2a2dd1.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1084421838.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 7.4 kB |
URL 1084421838.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14721) Hashf085f10d90a553fe8a33445723cd42cc 6d6d58cbeefd61d3325777f7fb861a5a2dfb24a3 0b36ff3754867b699d54ba7c99bb0bf0b04a5a1110c8d1e6bf3883c3a152c0cc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 1084421838.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1292a7ce58.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d57c44635a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-length: 0
location: https://78d007f59d.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 16 kB |
URL e9c4952774.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typegzip compressed data, max speed, from Unix Hash06be87b5c7672a1acf4d39f1457824a2 a54771f7a1731f3e9526e383cf48d6905ef7e192 8a29ad84ff5233789818e9fae3619f5150661fa54e07a9912e8fb11e0ac59031
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e9c4952774.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9ce0932f7e.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:52 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://78d007f59d.news-xapeva.cc/
Cookie: _subid=376l60j10h7e9a; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:58 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7e9e; expires=Mon, 27 May 2024 09:38:58 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:56 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://78d007f59d.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-length: 0
location: https://4936d64bda.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 5c188dc60f.news-xapeva.cc/lands/53/images/video.gif | 193.108.117.211 | | 220 kB |
URL 5c188dc60f.news-xapeva.cc/lands/53/images/video.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 320 x 180 Size220 kB (220446 bytes) Hash24e13e2c7caabae70a4c34417fecdc51 6bd5e319a90afa80304fd801f78d16bbed069197 10de0bfc553254f54fa101ee11037fd2410cd5a8758ee23aa9d6f17e9f63267e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/53/images/video.gif HTTP/1.1
Host: 5c188dc60f.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5c188dc60f.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:49 GMT
content-type: image/gif
content-length: 500082
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5492fa4835.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 18 kB |
URL 5492fa4835.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26456) Hashaa3656663684b929818e271335cbddf7 56fa3532324987a356c7c89f2882e11c2a2fb694 4a380e70dcf2dbd8501f824a55c51b6f99d0258bede9ddff31994c01a5f72bd9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 5492fa4835.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5492fa4835.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:44 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e05e2a2dd1.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 20 kB |
URL e05e2a2dd1.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hashbfa91c741a2b92316958052b5ccb5802 0734452fabf12af492f7290d13cc6d4d06492e4d bc416f5d3ca3ebb0b37ee3abdfd347893b6e1c6c97c2c86a413caa5989723355
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e05e2a2dd1.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://e05e2a2dd1.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:54 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d36c23681b.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL d36c23681b.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: d36c23681b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d36c23681b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 78d007f59d.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 10 kB |
URL 78d007f59d.news-xapeva.cc/process.js?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (26456) Hash2360963c6aee71bb434254aeb758b917 816f9e0ac34175c1325e0583b84a2c7f7437bb5b e5ac7b84ae2be1ef98f99aca81132ecfafe2e86f9830f0da9b2338b123de655f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /process.js?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 78d007f59d.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://78d007f59d.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:58 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d36c23681b.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-length: 0
location: https://58ac637b94.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 58ac637b94.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 58ac637b94.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 58ac637b94.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58ac637b94.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 58ac637b94.news-xapeva.cc/lands/48/preloader-43.5794040.gif | 193.108.117.211 | | 7.0 kB |
URL 58ac637b94.news-xapeva.cc/lands/48/preloader-43.5794040.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 160 x 160 Hash5794040ee88def220320edd0ed2e2ac9 7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/48/preloader-43.5794040.gif HTTP/1.1
Host: 58ac637b94.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58ac637b94.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-type: image/gif
content-length: 7010
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b62"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58ac637b94.news-xapeva.cc/
Cookie: _subid=376l60j10h7e9s; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:38:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:38:59 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7ea4; expires=Mon, 27 May 2024 09:38:59 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:17:58 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58ac637b94.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-length: 0
location: https://b400c63907.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| b400c63907.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL b400c63907.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: b400c63907.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b400c63907.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 10f96af6ab.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 14 kB |
URL 10f96af6ab.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (26456) Hash4d90a7d3a19ac175c0b227abf18ae009 e241eb9bdac57cafca5f013a967980aa0782c674 292fd1b0e4604ccec64d0fdc237f19882f33873f346f19bd2ed9880abc178b24
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: 10f96af6ab.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fbabffca48.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:56 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 193.108.117.211 | | 2.5 kB |
URL e7abc5484a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeHTML document, ASCII text, with very long lines (8854) Hashe16a8513968b2b48ca2cdbfe5c533711 447dbc4784211a459395d05eccc858e690269402 6fb93246c5c6c79da0124966dce7a093e98a3cf2b399f3ce4ecebe5e59ecffca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: e7abc5484a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a298ee02fd.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:53 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 66a828826a.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 66a828826a.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 66a828826a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66a828826a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 66a828826a.news-xapeva.cc/lands/57/css/style.css | 193.108.117.211 | | 1.2 kB |
URL 66a828826a.news-xapeva.cc/lands/57/css/style.css IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeASCII text, with very long lines (4468), with no line terminators Hashb07eb7ba1a3bb505eba51b55f4ffa9ff fea4806dafcdda47dff4bb6aa09362ded48879d5 086ceb41d9cccb6678d0a759d730383098e9d80d8067e9b8ce06d0972d2dae68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/css/style.css HTTP/1.1
Host: 66a828826a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66a828826a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-type: text/css
content-length: 1213
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-4bd"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 66a828826a.news-xapeva.cc/lands/57/js/device.js | 193.108.117.211 | | 1.1 kB |
URL 66a828826a.news-xapeva.cc/lands/57/js/device.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, ASCII text, with very long lines (3289), with no line terminators Hash2d9887b21aa6b47c56e7f43e66560a4f 42cdfc5b3b23d32152750bf2cea4233044491768 863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/57/js/device.js HTTP/1.1
Host: 66a828826a.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66a828826a.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 1111
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-457"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://66a828826a.news-xapeva.cc/
Cookie: _subid=376l60j10h7ea8; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:39:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:39:00 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7eaf; expires=Mon, 27 May 2024 09:39:00 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:18:00 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= | 193.108.118.16 | | 0 B |
URL news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4= IP193.108.118.16:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: news-pepafu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://66a828826a.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-length: 0
location: https://8cd3ff7548.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| 8cd3ff7548.news-xapeva.cc/revopush.js | 193.108.117.211 | | 7.5 kB |
URL 8cd3ff7548.news-xapeva.cc/revopush.js IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18335), with no line terminators Hash37faf614bbb4a7b4ba1b4e8143056291 1477110371c87d426adf78e2c8d935a046ae6ff2 aa7dc9551d9641febc7616653e797b381d7258077ed416e822b1ade51470c533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /revopush.js HTTP/1.1
Host: 8cd3ff7548.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8cd3ff7548.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 7472
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1d30"
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 8cd3ff7548.news-xapeva.cc/lands/48/preloader-43.5794040.gif | 193.108.117.211 | | 7.0 kB |
URL 8cd3ff7548.news-xapeva.cc/lands/48/preloader-43.5794040.gif IP193.108.117.211:0 ASN#63023 AS-GLOBALTELEHOST
File typeGIF image data, version 89a, 160 x 160 Hash5794040ee88def220320edd0ed2e2ac9 7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/48/preloader-43.5794040.gif HTTP/1.1
Host: 8cd3ff7548.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8cd3ff7548.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:39:00 GMT
content-type: image/gif
content-length: 7010
last-modified: Tue, 26 Mar 2024 13:19:08 GMT
etag: "6602cb4c-1b62"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| partners-tds.com/WzJQVS | 142.202.51.61 | | 0 B |
IP142.202.51.61:0 ASN#63023 AS-GLOBALTELEHOST
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WzJQVS HTTP/1.1
Host: partners-tds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8cd3ff7548.news-xapeva.cc/
Cookie: _subid=376l60j10h7eaf; 933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 09:39:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 26 Apr 2024 09:39:00 GMT
Location: https://news-pepafu.com/tds?id=1218914904&p1=&p2=&p3=&p4=
Set-Cookie: _subid=376l60j10h7eao; expires=Mon, 27 May 2024 09:39:00 GMT; path=/
933eb=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzE0MTI0MzIwfSxcInRpbWVcIjoxNzE0MTI0MzIwfSJ9.yYJXc-zJvjm4Dxphu35oW5Y_kpFZUzbEdsDVw4oNV9k; expires=Sun, 21 Aug 2078 19:18:00 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| d36c23681b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= | 0.0.0.0 | | 91 kB |
URL User Request GET d36c23681b.news-xapeva.cc/?id=1218914904&p1=&p2=&p3=&p4= IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=1218914904&p1=&p2=&p3=&p4= HTTP/1.1
Host: d36c23681b.news-xapeva.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4936d64bda.news-xapeva.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 09:38:59 GMT
content-type: text/html; charset=UTF-8
vary: Origin
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2
|
|