Report - mgmarket5at.com/

Report Overview

Visited public
2025-05-11 20:18:49
Tags
URL
mgmarket5at.com/
Finishing URL
mgmarket5at.com/captcha/171773/index
IP / ASN
172.67.195.222
#13335 CLOUDFLARENET
Title
MEGA

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mgmarket5at.com	unknown	2025-04-07	2025-05-11	2025-05-11	9.7 kB	70 kB	172.67.195.222

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed
2025-05-11	medium	mgmarket5at.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	mgmarket5at.com/captcha/171773/index	ScriptElement	133 B	2025-03-12	2025-05-11
Pretty URL mgmarket5at.com/captcha/171773/index IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-12 08:31 Last Seen2025-05-11 20:18 Times Seen7 Hash a58c8468c494a49f68168c994c3e7fff 090d36d13198a4dd1cbe089c6ed03df87e2508ae 42a27f4120963ddcd4065d5c990163f7ccd110ce86721ef68098869897307def Loading...

	mgmarket5at.com/captcha/171773/js/ad.js?v=3	ScriptElement	3.5 kB	2025-05-11	2025-05-11
Pretty URL mgmarket5at.com/captcha/171773/js/ad.js?v=3 IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 20:18 Last Seen2025-05-11 20:18 Times Seen1 Hash b88b9f0746feff14595ae273f472017f 968d33e62118c581d7e771c172fc5e5dd7bc3cdf d8d5fd6de89f9a11d4453e1705cb30afae86880f25f3632d7ca86b8a10a5b46c Loading...

	mgmarket5at.com/captcha/171773/js/start.js?v=3	ScriptElement	18 kB	2025-05-11	2025-05-11
Pretty URL mgmarket5at.com/captcha/171773/js/start.js?v=3 IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 20:18 Last Seen2025-05-11 20:18 Times Seen1 Hash 9c32beef646a5108671051714668414d ed858becc66c803948566e249ed879bdd5e6a66c 001e20f5957ec67af99cb5a9acc30c50f4c2e8c6c89681a691ade46adb2ffdfd Loading...

	mgmarket5at.com/captcha/171773/js/challenge.js	ScriptElement	6.4 kB	2024-10-20	2025-05-11
Pretty URL mgmarket5at.com/captcha/171773/js/challenge.js IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-20 10:03 Last Seen2025-05-11 20:18 Times Seen10 Hash d9734944bf733c1d561bc88f1ad7c5c3 d2dd3234e8ee301e57f40c44461259a3f8cccafc 79630260b316b4e08ed3b22102d9306b391f88082b52835a4a9e34fd1cd88440 Loading...

	mgmarket5at.com/	ScriptElement	1.2 kB	2025-05-11	2025-05-11
Pretty URL mgmarket5at.com/ IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 20:18 Last Seen2025-05-11 20:18 Times Seen1 Hash a6d6f5f102528eff1a086fda25b4c159 b4161aa1b2846a13bb8b8f85e03b21d12af22324 fe39d4bb3d13a2003d0b7bc1378cbf7e74530468e97fb1f456cf702c3e6d4d0b Loading...

	mgmarket5at.com/	ScriptElement	3 B	2023-03-07	2025-05-19
Pretty URL mgmarket5at.com/ IP 172.67.195.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-05-19 23:24 Times Seen2432 Hash f67be96ce768fb5b40aecf0438f97886 d27fecd03a022cc6f670ca42ef1b99d5f5bcc74c 3441b5696d6abf2bd959d18bcb31dde8239a6ad8185bfa659af60bc764c238a8 Loading...

HTTP Transactions (12)

URL IP Response Size

mgmarket5at.com/index/login

172.67.195.222

307 Temporary Redirect

318 B

URL User Request GET
mgmarket5at.com/index/login
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type

Size
318 B (318 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/login HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/
Cookie: gate=13f5692d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 307 Temporary Redirect
date: Sun, 11 May 2025 20:18:37 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8BHNY92%2FdVITcyHQFwEkSfY6soBsXmJjRtEi45wg%2BDsAi140nUKCie8D2lKST7k8C5Ef6n7zOFamZkKfHmbOjg6CJkacRxx1NjjRMy4ddjQKPWoCyXRz%2Fy4FTrslkk7VbeY%3D"}],"group":"cf-nel","max_age":604800}
set-cookie: rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; expires=Mon, 11-May-2026 20:18:35 GMT; Max-Age=31536000; path=/
clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:37 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:37 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:37 GMT; Max-Age=7200; path=/; httponly; samesite=lax
cache-control: max-age=0, must-revalidate, no-cache, no-store, proxy-revalidate, private
location: /captcha
vary: Origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
cf-ray: 93e45dcd9ad10b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2310&min_rtt=705&rtt_var=1227&sent=199&recv=295&lost=0&retrans=0&sent_bytes=15062&recv_bytes=16418&delivery_rate=6522&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=10471&x=16"

mgmarket5at.com/captcha

172.67.195.222

200 OK

318 B

URL User Request GET
mgmarket5at.com/captcha
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (309)
Size
318 B (318 bytes)
Hash
3bd43972d8b179b3346d0135408b3f63
16bdc1765ac48d12ba078c095e1320825b6be0be
3102a9a262befff3688bee9ab7fcbc983d1f1ba185097d1df88554273f9ae7fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mgmarket5at.com/
DNT: 1
Connection: keep-alive
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:39 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KUMhA298BwgBF5XdBBDfgcEPgbEsi7NDDo4p8WEdjCZS5L%2Bef%2BhsiAlpcZ1qwRiVIejKU2vXtO3cvAoPQuTfMevFDvOUse%2Fnka4%2FfFwlto29DS8NgZkiul8fK9deY6s0HNY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, accept-encoding
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:39 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:39 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:39 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93e45dda7bc20b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2198&min_rtt=705&rtt_var=1144&sent=203&recv=297&lost=0&retrans=0&sent_bytes=16592&recv_bytes=17185&delivery_rate=737&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=12506&x=16"

mgmarket5at.com/captcha/171773/index

172.67.195.222

200 OK

1.6 kB

URL User Request GET
mgmarket5at.com/captcha/171773/index
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.6 kB (1639 bytes)
Hash
f723254413c27c7211f5cc2cdaab8f79
f6d6713f0d8b972e78220cef1a20b13e94434e45
7b22a418f6a2d07adb53db6189f239b91c1a69bb68678a03d0ad34caa6e7be3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/171773/index HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:41 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E4JyFDx2wL5va1Xiikr4bEMnoMLu%2Fff6eZtj9hY%2BhYaVx4OuwSNrvO5zgUkikT7mIYLOByQXRKSiv3DNqDrrZyabogP9FToUakDVRBBSNaMILIYQwrXvXKK%2FioNIdFU0R2w%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, accept-encoding
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:41 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:41 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:41 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93e45de78c560b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2491&min_rtt=705&rtt_var=1391&sent=208&recv=301&lost=0&retrans=0&sent_bytes=19064&recv_bytes=18691&delivery_rate=8940&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=14576&x=16"

mgmarket5at.com/favicon.ico

172.67.195.222

200 OK

1.7 kB

URL GET
mgmarket5at.com/favicon.ico
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
MS Windows icon resource - 1 icon, 48x48, 16 colors, 4 bits/pixel
Size
1.7 kB (1662 bytes)
Hash
5590798a04912369f29a14d7f3d1945c
d3e7ee2d7c9c08ed22ed000ed589975e88e56fb7
8cf73bf270f0ffc3a15f070df1a5ec73fdce9f7ee693d920a5f7d6152d679818

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:40 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IIFYnsyHdiT%2FO5vzfbilpPbrVQDIW%2Bm7N5jW4zrobaNhlv8HrsHse7anrJP5y32qMzxEX8%2FBaOgm5DOAq%2BJtOe1EjoE4v9%2BumEgh2S4eCW3kctKA9Sar6L0hgREaCi9Tkgs%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 20 Jul 2024 21:05:40 GMT
etag: W/"669c26a4-67e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
age: 12
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93e45de82c7a0b06-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2579&min_rtt=705&rtt_var=1620&sent=207&recv=300&lost=0&retrans=0&sent_bytes=17873&recv_bytes=18646&delivery_rate=606&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=12692&x=16"

mgmarket5at.com/captcha/171773/css/challenge.css?v=1

172.67.195.222

200 OK

7.0 kB

URL GET
mgmarket5at.com/captcha/171773/css/challenge.css?v=1
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha/171773/index
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
ASCII text
Size
7.0 kB (6980 bytes)
Hash
b4e2acfb8658237855aeaa12711d7125
2bb7b41eee60914ab2e26fdee3f91c9de85eaaee
c2108e462a0bbb1596f5b43347039e4cc9f84e4868fb933e539a15d5e7f18e6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/171773/css/challenge.css?v=1 HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha/171773/index
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:44 GMT
content-type: text/css; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bIA9jdWrVW551BMwNb9J2vDpkALZy%2BjV81akLOee2hTYuSiukb3gG7%2FbBWAVqDb4ygulZ6XSRdYPCb3ZddQa7nB65e%2FFourMfLCwPZlTp8%2F5J9m6MUBFzAAkUYWGth29M4k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, accept-encoding
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:44 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: BYPASS
cf-ray: 93e45df45d430b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2609&min_rtt=705&rtt_var=1603&sent=216&recv=306&lost=0&retrans=0&sent_bytes=24038&recv_bytes=20823&delivery_rate=1495&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=16724&x=16"

mgmarket5at.com/captcha/171773/js/challenge.js

172.67.195.222

200 OK

6.4 kB

URL GET
mgmarket5at.com/captcha/171773/js/challenge.js
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha/171773/index
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
JavaScript source, ASCII text
Size
6.4 kB (6426 bytes)
Hash
d9734944bf733c1d561bc88f1ad7c5c3
d2dd3234e8ee301e57f40c44461259a3f8cccafc
79630260b316b4e08ed3b22102d9306b391f88082b52835a4a9e34fd1cd88440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/171773/js/challenge.js HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha/171773/index
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:46 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHWO2bexFaK1TVMjMrMSYooWluZWU7ER%2BzZqt8fhcmtFhQX%2F3gUCa8f7myLlK9bfB%2B7ZH8SzqIQVqbeXa2qQ1Va0j0uUI7Dukzqkhv2n%2BFdzpwihWMbp4nU7x9YAPvzL5eo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, accept-encoding
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:46 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:46 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:46 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: BYPASS
cf-ray: 93e45e01cecb0b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2474&min_rtt=705&rtt_var=1089&sent=237&recv=312&lost=0&retrans=0&sent_bytes=41917&recv_bytes=22367&delivery_rate=10332&cwnd=24000&unsent_bytes=0&cid=127ad521eb5c5455&ts=18882&x=16"

mgmarket5at.com/favicon.ico

172.67.195.222

200 OK

1.7 kB

URL GET
mgmarket5at.com/favicon.ico
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha/171773/index
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
MS Windows icon resource - 1 icon, 48x48, 16 colors, 4 bits/pixel
Size
1.7 kB (1662 bytes)
Hash
5590798a04912369f29a14d7f3d1945c
d3e7ee2d7c9c08ed22ed000ed589975e88e56fb7
8cf73bf270f0ffc3a15f070df1a5ec73fdce9f7ee693d920a5f7d6152d679818

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha/171773/index
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:44 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUHhH6i0DSPZltosiN4e49vewX%2FNquXmMGSjPfyle4T65LXKys4BM1%2FFbFIoP26Bms3nomzYb4GUnhtHiGT%2F%2Ba%2F12uU3LjV4d4g%2B6k43BRJnlzji1%2Bl%2BMvD9sL8PYFCgOtQ%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 20 Jul 2024 21:05:40 GMT
etag: W/"669c26a4-67e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
age: 16
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93e45e027ed80b06-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2501&min_rtt=705&rtt_var=1380&sent=234&recv=311&lost=0&retrans=0&sent_bytes=40661&recv_bytes=22322&delivery_rate=481713&cwnd=24000&unsent_bytes=0&cid=127ad521eb5c5455&ts=16898&x=16"

mgmarket5at.com/

172.67.195.222

200 OK

6.3 kB

URL User Request GET
mgmarket5at.com/
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2063), with CRLF line terminators
Size
6.3 kB (6316 bytes)
Hash
3b45c6a8df7a55d94e25505f3172d760
bc84bdef10cf101522b2abc292cdb4efde51db6d
32e1370c2bc9877dc32e5f0c46fc44e743a0cd758c115dc033242dea90495d76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 11 May 2025 20:18:27 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qgzyBgto%2FGfKciVbcoH4I%2BQvotsH%2F8XLWPsQeI3X%2F77SkHaCTsOHHHT0ck4efkwY%2F2iYewONUuwCV66kK9343VnBFE1IxSDAMUHgJfN%2FoW9ug%2FlamEyPPbcN3BIFp52SHlw%3D"}]}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 93e45d97ec780b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mgmarket5at.com/favicon.ico

172.67.195.222

200 OK

1.7 kB

URL GET
mgmarket5at.com/favicon.ico
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
MS Windows icon resource - 1 icon, 48x48, 16 colors, 4 bits/pixel
Size
1.7 kB (1662 bytes)
Hash
5590798a04912369f29a14d7f3d1945c
d3e7ee2d7c9c08ed22ed000ed589975e88e56fb7
8cf73bf270f0ffc3a15f070df1a5ec73fdce9f7ee693d920a5f7d6152d679818

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:27 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNrIxh3UqsslzWL%2FHmHi5MfK4WGsxzOjWiSt69DfS4Y7O9mRJItiva%2Btx4k4ByCJFFPW9aBc%2Fxn4B1EtNmYDZ3sw2MU7g7U6U2Z4Xig3l8mYCAHCm8NpLPmgIeY1cQrV6uA%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 20 Jul 2024 21:05:40 GMT
etag: W/"669c26a4-67e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-encoding: br
cf-ray: 93e45d9bbfe80b06-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2369&min_rtt=705&rtt_var=1477&sent=195&recv=293&lost=0&retrans=0&sent_bytes=13753&recv_bytes=16032&delivery_rate=2258&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=646&x=16"

mgmarket5at.com/captcha/171773/js/start.js?v=3

172.67.195.222

200 OK

18 kB

URL GET
mgmarket5at.com/captcha/171773/js/start.js?v=3
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha/171773/index
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
Unicode text, UTF-8 text, with very long lines (14462)
Size
18 kB (18417 bytes)
Hash
9c32beef646a5108671051714668414d
ed858becc66c803948566e249ed879bdd5e6a66c
001e20f5957ec67af99cb5a9acc30c50f4c2e8c6c89681a691ade46adb2ffdfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/171773/js/start.js?v=3 HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha/171773/index
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:44 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8YFHN8hEQyGYJr6buS28%2BvEtTjMHMXz%2FeJryM4CnWV40WBmIaLGH%2FM56TLRB32PFO89SRSA50SWjSgj2rAiDkF9%2BDduzQB1xOXymAZ%2B8gv895Hu4ZD3Yxmhc0%2F0pZHWU48%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, accept-encoding
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:44 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: BYPASS
cf-ray: 93e45df45d440b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2424&min_rtt=705&rtt_var=1572&sent=219&recv=307&lost=0&retrans=0&sent_bytes=26721&recv_bytes=20870&delivery_rate=1565374&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=16763&x=16"

mgmarket5at.com/captcha/171773/js/ad.js?v=3

172.67.195.222

200 OK

3.5 kB

URL GET
mgmarket5at.com/captcha/171773/js/ad.js?v=3
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/captcha/171773/index
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
C++ source, Unicode text, UTF-8 text, with very long lines (1708)
Size
3.5 kB (3477 bytes)
Hash
b88b9f0746feff14595ae273f472017f
968d33e62118c581d7e771c172fc5e5dd7bc3cdf
d8d5fd6de89f9a11d4453e1705cb30afae86880f25f3632d7ca86b8a10a5b46c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/171773/js/ad.js?v=3 HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/captcha/171773/index
Cookie: gate=13f5692d; rft=eyJpdiI6Ii94QUpMWnlGRWJLR1BGNWlUNjNjc1E9PSIsInZhbHVlIjoiekllWWs1RjZVcHhReHNBRGl4bHFRTkpQZWxvcTZiTEoyWDRXc1ZnQko1ZEU4K2x5bms3aitaWXJFMW1LbWxNQ3VRWGdzNWNJYzRiVnVHVVE4c1hLVGc9PSIsIm1hYyI6ImQ2ZmE3OTIwYzA4ZTU0MTY4NGQ2ZDYwNmI5OTMwNzQ1NGMxY2VlZTgzYzNiMWQ5ZWRjMzU4Y2E0MTJlMWFjMTEiLCJ0YWciOiIifQ%3D%3D; clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 11 May 2025 20:18:44 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuxXZIzJwy5dcFZDQBgQEBoT9hz5Q1ArSCfk2ZVocaWS737Fkqem%2BiRwxu064Fx2YFELiYRc0zrAD6EPPtTYvNjYOlPX9Pd36FlX7X5HpqY9W2FmMaHhJVAxewC98VJG4vo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: BYPASS
set-cookie: clearnet=CgY0rUCjy5pXZ0l9vg5HJAEf7j2ZO7Tb6M4vi2Ogtm4QzPATy1aXXp; expires=Sun, 11 May 2025 20:28:44 GMT; Max-Age=600; path=/; httponly; samesite=strict
XSRF-TOKEN=D6Vv9RZC26oijAeMMODwTw7Kt0nVQ86k65rlwS77; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=4wm3VDk9o1h0ofw8TJ2KUq5DFNOFE8xXvdd4wYEV; expires=Sun, 11 May 2025 22:18:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
cf-ray: 93e45df45d450b06-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2793&min_rtt=705&rtt_var=1646&sent=213&recv=305&lost=0&retrans=0&sent_bytes=20918&recv_bytes=20778&delivery_rate=318957&cwnd=12000&unsent_bytes=0&cid=127ad521eb5c5455&ts=16711&x=16"

mgmarket5at.com/static/css/challenge.css

172.67.195.222

200 OK

7.6 kB

URL GET
mgmarket5at.com/static/css/challenge.css
IP
172.67.195.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mgmarket5at.com/
Certificate
IssuerGoogle Trust Services
Subjectmgmarket5at.com
FingerprintC8:81:99:5A:B2:EC:B8:5C:B3:F9:1E:05:D6:08:41:A8:41:EA:99:15
ValidityTue, 08 Apr 2025 11:46:56 GMT - Mon, 07 Jul 2025 11:55:05 GMT

File type
ASCII text
Size
7.6 kB (7627 bytes)
Hash
6942d2e9718ce50bcc7cf038a4b375f2
bc810a03f238cf2e2a179379c4fcde68acb33eb2
dfa92041ecc4b2c9632ac48d3c915de2eac7651231e2acb67623ff602c55014b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/challenge.css HTTP/1.1
Host: mgmarket5at.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mgmarket5at.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 11 May 2025 20:18:27 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 04 Oct 2024 12:00:56 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: W/"66ffd8f8-1dcb"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=F6W8EDSyqke909E55RjNqx1TAVCfoor6hkyevCgwkoIup6nAkTDpkqugL4eQ1fiByHX6IlKVNdNwadztpEXAdORXoXXUc10ZH2nHWC65Wj%2FGd%2BDPy%2B7WZvtTFFnTF0YJUFc%3D"}]}
cf-ray: 93e45d9a6fa10b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash