Report - lesnoyforum.info/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6987678&pdata=78gtzh2qrleq5q7pymvrpvlocduedaih0onfgkjmwskxy-qlc4wktggtpaiw2bpb2ph8uk3gl2_gts5qyei7h7jzz284z9yzgio4zwqpotjcw-19ukceeiwmjf0eu4vnpuhd7sgqn9aluol9htals6e7sk3yobfcd_kiuj6mf8jvauniwakt1mjp3g1lz-y16fq6piqc6bo

Report Overview

Visited public
2025-04-17 07:25:27
Tags
URL
lesnoyforum.info/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6987678&pdata=78gtzh2qrleq5q7pymvrpvlocduedaih0onfgkjmwskxy-qlc4wktggtpaiw2bpb2ph8uk3gl2_gts5qyei7h7jzz284z9yzgio4zwqpotjcw-19ukceeiwmjf0eu4vnpuhd7sgqn9aluol9htals6e7sk3yobfcd_kiuj6mf8jvauniwakt1mjp3g1lz-y16fq6piqc6bo_xfs=&id=7fa3b767c460b54a2be4d49030b349c7
Finishing URL
spacecadetsgaming.shop/
IP / ASN
104.21.28.140
#13335 CLOUDFLARENET
Title
SYAIR MACAU | KODE SYAIR MACAU | FORUM SYAIR MACAU

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
188.166.185.110	unknown	unknown	2016-06-15	2020-09-15	9.9 kB	10 MB	188.166.185.110
spacecadetsgaming.shop	unknown	unknown	2025-04-17	2025-04-17	4.6 kB	629 kB	172.67.168.58
cdn.ampproject.org	329	2015-08-31	2015-10-09	2025-04-17	1.4 kB	249 kB	216.58.207.193
4.bp.blogspot.com	11215	2000-07-31	2012-05-21	2025-04-15	1.1 kB	229 kB	142.250.178.97
143.198.198.194	unknown	unknown	2021-04-05	2022-06-13	2.7 kB	3.3 MB	143.198.198.194
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	534 B	10 kB	142.250.74.10
3.bp.blogspot.com	11048	2000-07-31	2012-05-21	2025-04-15	545 B	9.4 kB	142.250.74.97
sillysanta.store	unknown	2025-02-04	2025-04-17	2025-04-17	485 B	118 kB	172.67.157.48
165.232.165.130	unknown	unknown	2023-04-28	2024-03-10	3.6 kB	4.0 MB	165.232.165.130
opesia.vip	unknown	2022-03-25	2022-03-25	2025-04-17	1.8 kB	1.9 MB	172.67.150.144
143.198.201.173	unknown	unknown	2022-11-20	2023-09-14	3.2 kB	2.8 MB	143.198.201.173
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-16	1.6 kB	94 kB	142.250.74.35
lesnoyforum.info	unknown	2024-10-17	2025-04-17	2025-04-17	1.4 kB	235 kB	104.21.28.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	165.232.165.130	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	188.166.185.110	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed
2025-04-17	medium	143.198.198.194	Sinkholed
2025-04-17	medium	143.198.201.173	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	cdn.ampproject.org/v0/amp-anim-0.1.mjs	ScriptElement	3.8 kB	2025-04-17	2025-04-25
Pretty URL cdn.ampproject.org/v0/amp-anim-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-17 05:34 Last Seen2025-04-25 01:13 Times Seen10 Hash 1ccf714baebeaef3d9143c672bf0f861 5eb95d1846b26c49defc9dc103b5ce3cd6f0f423 63a02bf73624fcb072469b3e7106026483364143938a0d52211b82e9b2264650 Loading...

	cdn.ampproject.org/v0.mjs	ScriptElement	228 kB	2025-04-15	2025-04-25
Pretty URL cdn.ampproject.org/v0.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-15 23:05 Last Seen2025-04-25 12:45 Times Seen27 Hash fd039019b7c4ce65167c6a2a50755c0a e5f2c887ea745ffa6608395beee32768b0629b33 8f2a2e6333d2b41663bc53e8fb97c9945f320a90f9ab35d2079a1a7b8e8e279a Loading...

	cdn.ampproject.org/rtv/012503242227001/v0/amp-loader-0.1.mjs	ScriptElement	12 kB	2025-04-15	2025-04-25
Pretty URL cdn.ampproject.org/rtv/012503242227001/v0/amp-loader-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-15 23:05 Last Seen2025-04-25 12:45 Times Seen26 Hash c991dc481ecd0a28294b23d2f3c6a9df 2c8236ad9284068ac8e2e67d263d1ddb90110851 3c3f41288fc33ae03eab46939ab7109e0ec34e4ae26bac8eee486a4dc9ef7305 Loading...

HTTP Transactions (69)

URL IP Response Size

188.166.185.110/oscar/728x90.php

188.166.185.110

302 Found

564 kB

URL GET
188.166.185.110/oscar/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
564 kB (563551 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /oscar/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/oscartogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

165.232.165.130/maxtoto/728x90.gif

165.232.165.130

200 OK

529 kB

URL GET
165.232.165.130/maxtoto/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
529 kB (528622 bytes)
Hash
94b6bbd6cb3a08dad98be75ec7863585
bf75a8a4480b10291cacc0b5fbbdb3672a6fcaf5
14c19ebe9da3d07c0485cecfe40154d7bc8b19c3429a57962d060375ca10694c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /maxtoto/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 528622
Last-Modified: Tue, 02 Apr 2024 02:35:34 GMT
Connection: keep-alive
ETag: "660b6ef6-810ee"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

spacecadetsgaming.shop/wp-content/uploads/fbrfg/favicon-16x16.png

172.67.168.58

200 OK

808 B

URL GET
spacecadetsgaming.shop/wp-content/uploads/fbrfg/favicon-16x16.png
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
808 B (808 bytes)
Hash
7fa5cdd6c426c18bdd688125a09612b7
ff37013fbff0c579b87fe378c17e3b7707213e6a
d3a82c02180db441749af5d699bef20d512852720b17c92b50e5e42866549e23

HTTP Headers

GET /wp-content/uploads/fbrfg/favicon-16x16.png HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Apr 2025 07:25:11 GMT
content-type: image/png
content-length: 808
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QaIYcNk7A5B0q3fAM5waqnmQGx%2FPlG2giRz2SFSQYszccjs9H%2F%2Fmsc0oCKphOfxDZCWq6Csb1urNapXL9mb3O%2FnF4O4EjW3O7Ya9CSlC7Or4DBKNch1EWvfYNg%2BwbDNHes4UMlaTOcYg"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:11 GMT
last-modified: Fri, 13 Jan 2023 15:43:04 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 931a2fe19e88e4d9-RIX
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21583&min_rtt=20031&rtt_var=7198&sent=36&recv=36&lost=0&retrans=0&sent_bytes=5068&recv_bytes=2671&delivery_rate=1317&cwnd=12000&unsent_bytes=0&cid=d5f75afdc973f97b&ts=4849&x=16"

cdn.ampproject.org/v0.mjs

216.58.207.193

200 OK

228 kB

URL GET
cdn.ampproject.org/v0.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.google.com
Fingerprint75:B9:9F:08:CE:E8:70:C4:27:70:86:AA:9A:53:97:45:A3:D9:E2:03
ValidityThu, 20 Mar 2025 11:18:56 GMT - Thu, 12 Jun 2025 11:18:55 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64648)
Size
228 kB (228148 bytes)
Hash
fd039019b7c4ce65167c6a2a50755c0a
e5f2c887ea745ffa6608395beee32768b0629b33
8f2a2e6333d2b41663bc53e8fb97c9945f320a90f9ab35d2079a1a7b8e8e279a

HTTP Headers

GET /v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 63505
date: Thu, 17 Apr 2025 07:25:07 GMT
expires: Thu, 17 Apr 2025 07:25:07 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "d18a3b04c8dcc28b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012503242227001/v0/amp-loader-0.1.mjs

216.58.207.193

200 OK

12 kB

URL GET
cdn.ampproject.org/rtv/012503242227001/v0/amp-loader-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.google.com
Fingerprint75:B9:9F:08:CE:E8:70:C4:27:70:86:AA:9A:53:97:45:A3:D9:E2:03
ValidityThu, 20 Mar 2025 11:18:56 GMT - Thu, 12 Jun 2025 11:18:55 GMT

File type
JavaScript source, ASCII text, with very long lines (12245)
Size
12 kB (12361 bytes)
Hash
c991dc481ecd0a28294b23d2f3c6a9df
2c8236ad9284068ac8e2e67d263d1ddb90110851
3c3f41288fc33ae03eab46939ab7109e0ec34e4ae26bac8eee486a4dc9ef7305

HTTP Headers

GET /rtv/012503242227001/v0/amp-loader-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 3917
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Apr 2025 21:22:24 GMT
expires: Wed, 15 Apr 2026 21:22:24 GMT
cache-control: public, max-age=31536000
etag: "05252424c6f12397"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 122564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/royaltogel/728x90.php

188.166.185.110

302 Found

429 kB

URL GET
188.166.185.110/royaltogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
429 kB (428865 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /royaltogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/royaltogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

4.bp.blogspot.com/-hg4Ja3hcYSY/X06b9i3gADI/AAAAAAAAVuw/_Q1XpfaLJz4POmcMer1zt_GMouYtSmm8wCLcBGAsYHQ/s1600/info_opesia.gif

142.250.178.97

200 OK

227 kB

URL GET
4.bp.blogspot.com/-hg4Ja3hcYSY/X06b9i3gADI/AAAAAAAAVuw/_Q1XpfaLJz4POmcMer1zt_GMouYtSmm8wCLcBGAsYHQ/s1600/info_opesia.gif
IP
142.250.178.97:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
GIF image data, version 89a, 500 x 224
Size
227 kB (226708 bytes)
Hash
8c003e8f5aa8389a8df01f8990b4d815
3e0490e3e05ad88fcaf25f7b4d74c62ea2aea0ac
b4164a737a3e092e9793262b599851cf20e76c78e6a6ea1db33e56277ffe17c0

HTTP Headers

GET /-hg4Ja3hcYSY/X06b9i3gADI/AAAAAAAAVuw/_Q1XpfaLJz4POmcMer1zt_GMouYtSmm8wCLcBGAsYHQ/s1600/info_opesia.gif HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/gif
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v56ed"
expires: Fri, 18 Apr 2025 07:25:09 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="info_opesia.gif"
x-content-type-options: nosniff
date: Thu, 17 Apr 2025 07:25:09 GMT
server: fife
content-length: 226708
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/maxtoto/728x90.php

188.166.185.110

302 Found

529 kB

URL GET
188.166.185.110/maxtoto/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
529 kB (528622 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /maxtoto/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/maxtoto/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

165.232.165.130/mvptogel/728x90.gif

165.232.165.130

200 OK

367 kB

URL GET
165.232.165.130/mvptogel/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
367 kB (367057 bytes)
Hash
df44cf5e8230d8d61861386d2256ec31
6d6194fc8bba4cd337576fb113a280a3c8ac0dea
6141327c7f4ac068796b42dc8697e2c3e32f2c676d131cf7692a8b9b076c14bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mvptogel/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 367057
Last-Modified: Tue, 02 Apr 2024 02:35:28 GMT
Connection: keep-alive
ETag: "660b6ef0-599d1"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

188.166.185.110/plustogel/728x90.php

188.166.185.110

302 Found

466 kB

URL GET
188.166.185.110/plustogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
466 kB (466200 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /plustogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/plustogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

188.166.185.110/elitetogel/728x90.php

188.166.185.110

302 Found

400 kB

URL GET
188.166.185.110/elitetogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
400 kB (400394 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /elitetogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/elitetogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

opesia.vip/banner-float-bawah-satu.php

172.67.150.144

302 Found

374 kB

URL GET
opesia.vip/banner-float-bawah-satu.php
IP
172.67.150.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectopesia.vip
FingerprintF0:4B:A2:F9:8D:82:43:08:A1:DE:22:E9:82:EF:01:08:50:6D:45:74
ValidityWed, 02 Apr 2025 12:52:00 GMT - Tue, 01 Jul 2025 13:50:10 GMT

File type

Size
374 kB (373770 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /banner-float-bawah-satu.php HTTP/1.1
Host: opesia.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: text/html; charset=UTF-8
location: https://188.166.185.110/crown/728x90.php
server: cloudflare
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fd14b12e4e5-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

188.166.185.110/mvptogel/728x90.php

188.166.185.110

302 Found

367 kB

URL GET
188.166.185.110/mvptogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
367 kB (367057 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mvptogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/mvptogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

143.198.201.173/platinumtoto/728x90.gif

143.198.201.173

200 OK

250 kB

URL GET
143.198.201.173/platinumtoto/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
250 kB (249925 bytes)
Hash
e0d24976cd1fae7766b9d376f6a3ab28
ea15540eb7a3dee84997c6603c4ee5217a2c9ed2
a5cc9447ef74f922692e9a39a92e54ae3ef63a34a9a75e7c936e3bb978a5e7f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platinumtoto/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 249925
Last-Modified: Tue, 02 Apr 2024 02:40:47 GMT
Connection: keep-alive
ETag: "660b702f-3d045"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.eot

172.67.168.58

404 Not Found

56 kB

URL GET
spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.eot
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (22572), with CRLF, LF line terminators
Size
56 kB (56231 bytes)
Hash
5f37a0e859be348c542b3fbb6118ef55
399088f8471f8dea71e08924c3a0a64ddc1d7836
5b995ef56604127e9f6ac00cf6302874f1da988e09182213acb4f6c45cdfc755

HTTP Headers

GET /wp-content/themes/frontier/includes/genericons/Genericons.eot HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Thu, 17 Apr 2025 07:25:08 GMT
content-type: text/html; charset=utf-8
server: cloudflare
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://spacecadetsgaming.shop/wp-json/>; rel="https://api.w.org/"
server-timing: amp_sanitizer;dur="31.7",amp_style_sanitizer;dur="15.8",amp_tag_and_attribute_sanitizer;dur="12.8",amp_optimizer;dur="4.2"
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
content-encoding: br
cf-ray: 931a2fc8580fe4e4-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

188.166.185.110/ktvtogel/728x90.php

188.166.185.110

302 Found

517 kB

URL GET
188.166.185.110/ktvtogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
517 kB (516805 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ktvtogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/ktvtogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

165.232.165.130/elitetogel/728x90.gif

165.232.165.130

200 OK

400 kB

URL GET
165.232.165.130/elitetogel/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
400 kB (400394 bytes)
Hash
d5e7f7c1c2ea6d692342fbebb73ad1dd
5d9755519700cec5835579e254173f64a507c5c8
e4162dc0a40eda6e475a59c4e4fc77d14198621a2c9bb0f03fa50dbb0a1ca392

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /elitetogel/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 400394
Last-Modified: Tue, 02 Apr 2024 02:36:10 GMT
Connection: keep-alive
ETag: "660b6f1a-61c0a"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

165.232.165.130/viptoto/728x90.gif

165.232.165.130

200 OK

471 kB

URL GET
165.232.165.130/viptoto/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
471 kB (471090 bytes)
Hash
4d2a3242c90e998d687dc83cdca28aba
fbd841e4b5a74cb734333bdfb2a1a468490fe75d
327ac662a2b012bcbdc5971df52758131ee8cdd09bb9cad8934788d3f0e79df5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /viptoto/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 471090
Last-Modified: Tue, 02 Apr 2024 02:24:08 GMT
Connection: keep-alive
ETag: "660b6c48-73032"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

opesia.vip/banner-float-bawah-dua.php

172.67.150.144

302 Found

529 kB

URL GET
opesia.vip/banner-float-bawah-dua.php
IP
172.67.150.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectopesia.vip
FingerprintF0:4B:A2:F9:8D:82:43:08:A1:DE:22:E9:82:EF:01:08:50:6D:45:74
ValidityWed, 02 Apr 2025 12:52:00 GMT - Tue, 01 Jul 2025 13:50:10 GMT

File type

Size
529 kB (528622 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /banner-float-bawah-dua.php HTTP/1.1
Host: opesia.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: text/html; charset=UTF-8
location: https://188.166.185.110/maxtoto/728x90.php
server: cloudflare
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fd15b2ee4e5-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

188.166.185.110/oktogel/728x90.php

188.166.185.110

302 Found

243 kB

URL GET
188.166.185.110/oktogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
243 kB (242933 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /oktogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/oktogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

143.198.201.173/kingtogel/960x200.gif

143.198.201.173

200 OK

506 kB

URL GET
143.198.201.173/kingtogel/960x200.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 200
Size
506 kB (506342 bytes)
Hash
ee279794024551e4bbb9bb3d32a24fe7
3b402338e61f33c6b2dbe7e79f2a327a4a3e55e1
ff4f11184e59ebb335430e3cc0ecdad88b7de069f001432e4e9fe9a382da8a8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /kingtogel/960x200.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 506342
Last-Modified: Tue, 02 Apr 2024 02:40:39 GMT
Connection: keep-alive
ETag: "660b7027-7b9e6"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

165.232.165.130/luxtogel/960x200.gif

165.232.165.130

200 OK

846 kB

URL GET
165.232.165.130/luxtogel/960x200.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 200
Size
846 kB (845490 bytes)
Hash
af53c331b40f084082db6a877596ee64
fd39d1a1002135495319d5e8a7ae4fa7b193feda
352bfbcb5bf5d3b07c18070080dc8a5365dafca68cc2e750f0d76ec3e3777370

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /luxtogel/960x200.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 845490
Last-Modified: Tue, 02 Apr 2024 02:35:47 GMT
Connection: keep-alive
ETag: "660b6f03-ce6b2"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

188.166.185.110/luxtogel/960x200.php

188.166.185.110

302 Found

846 kB

URL GET
188.166.185.110/luxtogel/960x200.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
846 kB (845490 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /luxtogel/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/luxtogel/960x200.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

143.198.198.194/alitoto/960x200.gif

143.198.198.194

200 OK

532 kB

URL GET
143.198.198.194/alitoto/960x200.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 200
Size
532 kB (531657 bytes)
Hash
f350cfd8f676ea38a225efd5f075b31f
a6637ae2b8954f211be604bb6b7744e5dd04e6ab
1b58becae73e5829c32e13e408bd04454e237b6e1868589d3f4227929f629e3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /alitoto/960x200.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 531657
Last-Modified: Tue, 02 Apr 2024 02:40:07 GMT
Connection: keep-alive
ETag: "660b7007-81cc9"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

165.232.165.130/royaltogel/728x90.gif

165.232.165.130

200 OK

429 kB

URL GET
165.232.165.130/royaltogel/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
429 kB (428865 bytes)
Hash
c26ae24442acb1870161a8db21d8843b
a6a698af687e3e0550400a4a9ade4f5c2a1d6d29
fabbcbcbccfc4777ba684bb055cc3d6b7aeb4e68b0b9203991ed43085aed8a3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /royaltogel/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 428865
Last-Modified: Tue, 02 Apr 2024 02:24:55 GMT
Connection: keep-alive
ETag: "660b6c77-68b41"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

188.166.185.110/crown/728x90.php

188.166.185.110

302 Found

374 kB

URL GET
188.166.185.110/crown/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
374 kB (373770 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crown/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/crowntogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

spacecadetsgaming.shop/wp-content/uploads/2023/01/cropped-macau-pools-logo-192x192.png

172.67.168.58

200 OK

9.2 kB

URL GET
spacecadetsgaming.shop/wp-content/uploads/2023/01/cropped-macau-pools-logo-192x192.png
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.2 kB (9185 bytes)
Hash
787216f32d901ac2fa6ce9ee1ef0666e
b51e69a2d768c0ce2f3bf2f499a43dbc488fe665
abd96670dcc0b3a76cb665e991e42a92b98aea5bf4d0f09335e6f53201f3f8d1

HTTP Headers

GET /wp-content/uploads/2023/01/cropped-macau-pools-logo-192x192.png HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Apr 2025 07:25:11 GMT
content-type: image/png
content-length: 9185
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szdvI4rOUZI7aA87HkRyNyIJx%2FYsD5o%2BuLLj2FQQMCQPl8gCiBIHqx43l%2Bs0GL2d64OXYX33%2Fdw3wyVHgI8B6vrvp69SmcoZJfSvfTXIHvWBSv7JwfzAzlZujHk5rE4Aett91FZOLyUD"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:11 GMT
last-modified: Sat, 18 Jan 2025 18:24:19 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 931a2fe19e87e4d9-RIX
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21583&min_rtt=20031&rtt_var=7198&sent=36&recv=36&lost=0&retrans=0&sent_bytes=5068&recv_bytes=2671&delivery_rate=1317&cwnd=12000&unsent_bytes=0&cid=d5f75afdc973f97b&ts=4939&x=16"

143.198.201.173/oscartogel/728x90.gif

143.198.201.173

200 OK

564 kB

URL GET
143.198.201.173/oscartogel/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
564 kB (563551 bytes)
Hash
ba79e241c96b50e94822aab3ad9acf43
9ba4c340c496e4c63aed7442dd2b84e1ea77ba3f
784ded8775a1e4eea107423a40131c023873c69d13b1c1e76e7907f658e2f533

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /oscartogel/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 563551
Last-Modified: Tue, 02 Apr 2024 02:40:45 GMT
Connection: keep-alive
ETag: "660b702d-8995f"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.8

142.250.74.10

200 OK

9.8 kB

URL GET
fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.8
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text
Size
9.8 kB (9834 bytes)
Hash
b79cfc6a7af8be8f85eb4b18e76c0c0e
6edef417533efd651d1fbac298b3284acd2169ea
4119ec604fd42a061776a7b0921713e2a630120dd0924c605aeb2bfcf312317d

HTTP Headers

GET /css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.8 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 17 Apr 2025 07:25:07 GMT
date: Thu, 17 Apr 2025 07:25:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/hokitoto/960x200.php

188.166.185.110

302 Found

739 kB

URL GET
188.166.185.110/hokitoto/960x200.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
739 kB (738573 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hokitoto/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/hokitoto/960x200.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

188.166.185.110/alitoto/960x200.php

188.166.185.110

302 Found

532 kB

URL GET
188.166.185.110/alitoto/960x200.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
532 kB (531657 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /alitoto/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/alitoto/960x200.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

188.166.185.110/bosstoto/728x90.php

188.166.185.110

302 Found

453 kB

URL GET
188.166.185.110/bosstoto/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
453 kB (453287 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bosstoto/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/bosstoto/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

188.166.185.110/platinumslot/728x90.php

188.166.185.110

302 Found

464 kB

URL GET
188.166.185.110/platinumslot/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
464 kB (463727 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platinumslot/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/platinumslot/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

4.bp.blogspot.com/-KCWiYluf77M/XbQ5-9H8MyI/AAAAAAAAVC4/Za-ijvWdofsSk5hCgMFigekJY9VIs4KHACNcBGAsYHQ/s1600/Close-Button.png

142.250.178.97

200 OK

1.1 kB

URL GET
4.bp.blogspot.com/-KCWiYluf77M/XbQ5-9H8MyI/AAAAAAAAVC4/Za-ijvWdofsSk5hCgMFigekJY9VIs4KHACNcBGAsYHQ/s1600/Close-Button.png
IP
142.250.178.97:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
PNG image data, 82 x 15, 8-bit/color RGB, non-interlaced
Size
1.1 kB (1098 bytes)
Hash
3dd1e4b70d73ebbd8b9250219dee1eda
d4699c1dba46f86fb8cc43504d72e329f98ae02f
07f17d9f613d7f3e18ab4f896cb00c048ccc294134d4f96d635e92798735e9ce

HTTP Headers

GET /-KCWiYluf77M/XbQ5-9H8MyI/AAAAAAAAVC4/Za-ijvWdofsSk5hCgMFigekJY9VIs4KHACNcBGAsYHQ/s1600/Close-Button.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Close-Button.png"
x-content-type-options: nosniff
server: fife
content-length: 1098
x-xss-protection: 0
date: Thu, 17 Apr 2025 05:17:18 GMT
expires: Fri, 18 Apr 2025 05:17:18 GMT
cache-control: public, max-age=86400, no-transform
age: 7670
etag: "v542f"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/autotogel/728x90.php

188.166.185.110

302 Found

286 kB

URL GET
188.166.185.110/autotogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
286 kB (286008 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /autotogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/autotogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

143.198.201.173/oktogel/728x90.gif

143.198.201.173

200 OK

243 kB

URL GET
143.198.201.173/oktogel/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
243 kB (242933 bytes)
Hash
adaff3e56af7a6816de5797508bd681e
89c9dcff97e6391d3159ca257d2d9b4209174a40
3e65b17fb285824b78f70b4c4e1fd495bb4d735242abd4c98f86663247dcb558

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /oktogel/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 242933
Last-Modified: Tue, 02 Apr 2024 02:40:44 GMT
Connection: keep-alive
ETag: "660b702c-3b4f5"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

142.250.74.35

200 OK

51 kB

URL GET
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Apr 2025 19:32:43 GMT
expires: Sat, 11 Apr 2026 19:32:43 GMT
cache-control: public, max-age=31536000
age: 474745
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2

142.250.74.35

200 OK

20 kB

URL GET
fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20040, version 1.0
Size
20 kB (20040 bytes)
Hash
a61c670a24d6794a95a9712f0d12b656
c9b3114b27790109ec51508f51f1a033ccfe0812
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

HTTP Headers

GET /s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 09:19:12 GMT
expires: Fri, 10 Apr 2026 09:19:12 GMT
cache-control: public, max-age=31536000
age: 597956
last-modified: Thu, 14 Sep 2023 00:51:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/dotatogel/728x90.php

188.166.185.110

302 Found

705 kB

URL GET
188.166.185.110/dotatogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
705 kB (705109 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dotatogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/dotatogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

spacecadetsgaming.shop/wp-content/uploads/2023/01/SYAIR-MACAU-768x230.png

172.67.168.58

200 OK

243 kB

URL GET
spacecadetsgaming.shop/wp-content/uploads/2023/01/SYAIR-MACAU-768x230.png
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
PNG image data, 768 x 230, 8-bit/color RGBA, non-interlaced
Size
243 kB (243171 bytes)
Hash
e76c283775d26f32b8ed06f53515ffa2
7a79be78c57408f39b24d6a9d46edeff68253c66
a166385bbc1d4c236c60a7771e338e6e4f9987ecebf20e6df43a64d84296cbff

HTTP Headers

GET /wp-content/uploads/2023/01/SYAIR-MACAU-768x230.png HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: image/png
content-length: 243171
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVdQgRiW%2FghZcKrNmEKJaKzbfoFe84ei20EKyY1fcrFEBv8ano06IpLoGY8LODSEr0XZdVFphMoNyuj96W7vrazVqqT1Mnm112zzpKgTwwZIaA7DafYlFxFQtKrydzeGjLGXm74PlTPd"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:08 GMT
last-modified: Fri, 13 Jan 2023 15:41:49 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 931a2fd09c74e4d9-RIX
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21583&min_rtt=20031&rtt_var=7198&sent=36&recv=36&lost=0&retrans=0&sent_bytes=5068&recv_bytes=2671&delivery_rate=1317&cwnd=12000&unsent_bytes=0&cid=d5f75afdc973f97b&ts=2480&x=16"

165.232.165.130/plustogel/728x90.gif

165.232.165.130

200 OK

466 kB

URL GET
165.232.165.130/plustogel/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
466 kB (466200 bytes)
Hash
06cc33da07286fa39bf6e8b55970e107
9bedf7cb97bb85be06304b594e0ed6aa33f324f8
7e2b2cd8bdaa24a920e801ca8f97fca7f77d35480958a57faff827fbfb8f9b12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /plustogel/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 466200
Last-Modified: Tue, 02 Apr 2024 02:25:00 GMT
Connection: keep-alive
ETag: "660b6c7c-71d18"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

188.166.185.110/viptoto/728x90.php

188.166.185.110

302 Found

471 kB

URL GET
188.166.185.110/viptoto/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
471 kB (471090 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /viptoto/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://165.232.165.130/viptoto/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

spacecadetsgaming.shop/wp-content/themes/frontier/images/honeycomb.png

172.67.168.58

200 OK

265 B

URL GET
spacecadetsgaming.shop/wp-content/themes/frontier/images/honeycomb.png
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced
Size
265 B (265 bytes)
Hash
34eeab79cc5fbe051ee0bb4992ff518c
b4a9290cf5f62ea0c398f23e174d7d0458f7726e
5ff46b82c72bcf5b303048058fff29bbc9a760a0fd65c75682b45c43ddfab637

HTTP Headers

GET /wp-content/themes/frontier/images/honeycomb.png HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Apr 2025 07:25:07 GMT
content-type: image/png
content-length: 265
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMFpEDylscvZc%2FbszdgzmKjPP5YJWEGx7WSNzjsSmNn8jrrbTATfdk6MaAINID%2BXw3hB8ZJ6xV3ifs%2BparPz%2B8EgUUpc9Z9ZJo20hIaD47cZlHrCulhii04nLrmvP7ujIlNFm%2BlU3I8m"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:07 GMT
last-modified: Tue, 18 Jan 2022 19:39:33 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 931a2fc97bd7e4d9-RIX
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21583&min_rtt=20031&rtt_var=7198&sent=36&recv=36&lost=0&retrans=0&sent_bytes=5068&recv_bytes=2671&delivery_rate=1317&cwnd=12000&unsent_bytes=0&cid=d5f75afdc973f97b&ts=975&x=16"

188.166.185.110/kingtogel/960x200.php

188.166.185.110

302 Found

506 kB

URL GET
188.166.185.110/kingtogel/960x200.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
506 kB (506342 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /kingtogel/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/kingtogel/960x200.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

spacecadetsgaming.shop/wp-content/uploads/2023/01/SYAIR-MACAU.png

172.67.168.58

200 OK

104 kB

URL GET
spacecadetsgaming.shop/wp-content/uploads/2023/01/SYAIR-MACAU.png
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
PNG image data, 1000 x 300, 8-bit colormap, non-interlaced
Size
104 kB (104256 bytes)
Hash
4ef40b174a50b0ec5dbcd2f414af5a5f
733cfbde0b7393094cb4e6cb02e946b322b76d34
bc8849ece83ed3338128d4b87d93e827fdc054e7fa95f6b7ea1abaa2a29ad583

HTTP Headers

GET /wp-content/uploads/2023/01/SYAIR-MACAU.png HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: image/png
content-length: 104256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HO4QedRF0f08g%2FBUCI%2FOVyfHqwksD4hyBx53n81Uq4%2ByFKrHcFvAWal4C3%2FT%2FL%2F2LwVb9SN3oIV4wlx5Ei8GTuhjoxPCfyT9amOcwlNcG9GAiqVTqiZPpwG9ETLvpi7mlsyQV1B335%2Fy"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:08 GMT
last-modified: Fri, 13 Jan 2023 15:41:49 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 931a2fd06c6be4d9-RIX
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21583&min_rtt=20031&rtt_var=7198&sent=36&recv=36&lost=0&retrans=0&sent_bytes=5068&recv_bytes=2671&delivery_rate=1317&cwnd=12000&unsent_bytes=0&cid=d5f75afdc973f97b&ts=2445&x=16"

opesia.vip/banner-float-atas-satu.php

172.67.150.144

302 Found

564 kB

URL GET
opesia.vip/banner-float-atas-satu.php
IP
172.67.150.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectopesia.vip
FingerprintF0:4B:A2:F9:8D:82:43:08:A1:DE:22:E9:82:EF:01:08:50:6D:45:74
ValidityWed, 02 Apr 2025 12:52:00 GMT - Tue, 01 Jul 2025 13:50:10 GMT

File type

Size
564 kB (563551 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /banner-float-atas-satu.php HTTP/1.1
Host: opesia.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: text/html; charset=UTF-8
location: https://188.166.185.110/oscar/728x90.php
server: cloudflare
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fd14b19e4e5-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

opesia.vip/banner-float-atas-dua.php

172.67.150.144

302 Found

464 kB

URL GET
opesia.vip/banner-float-atas-dua.php
IP
172.67.150.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectopesia.vip
FingerprintF0:4B:A2:F9:8D:82:43:08:A1:DE:22:E9:82:EF:01:08:50:6D:45:74
ValidityWed, 02 Apr 2025 12:52:00 GMT - Tue, 01 Jul 2025 13:50:10 GMT

File type

Size
464 kB (463727 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /banner-float-atas-dua.php HTTP/1.1
Host: opesia.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 17 Apr 2025 07:25:09 GMT
content-type: text/html; charset=UTF-8
location: https://188.166.185.110/platinumslot/728x90.php
server: cloudflare
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fd15b2ce4e5-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

188.166.185.110/djtogel/728x90.php

188.166.185.110

302 Found

226 kB

URL GET
188.166.185.110/djtogel/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
226 kB (226483 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /djtogel/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/djtogel/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

143.198.198.194/autotogel/728x90.gif

143.198.198.194

200 OK

286 kB

URL GET
143.198.198.194/autotogel/728x90.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
286 kB (286008 bytes)
Hash
28a9f4abeb8a6e7629addd50d9de41e3
2f7e2f258ee13256f570d0b6aeef5bac87eef9c9
04e345e937bd45a44728132d14543d0113723a5604dc34d08dda2bbf3d15be6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /autotogel/728x90.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 286008
Last-Modified: Tue, 02 Apr 2024 02:40:07 GMT
Connection: keep-alive
ETag: "660b7007-45d38"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

143.198.198.194/hokitoto/960x200.gif

143.198.198.194

200 OK

739 kB

URL GET
143.198.198.194/hokitoto/960x200.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 200
Size
739 kB (738573 bytes)
Hash
475066260277855cd5249adcef0fa668
99d808686e6c64f1001d0e2bcf3c068acd25a11a
8f5f26cf54cfc6c7d0ab778f454f4f2a0c4eb4416acdfc89c14516f07267378f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hokitoto/960x200.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 738573
Last-Modified: Tue, 02 Apr 2024 02:40:15 GMT
Connection: keep-alive
ETag: "660b700f-b450d"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

spacecadetsgaming.shop/

172.67.168.58

200 OK

117 kB

URL User Request GET
spacecadetsgaming.shop/
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (25290), with CRLF, LF line terminators
Size
117 kB (117221 bytes)
Hash
532c1ab94dd21b4e76ad2745a8296c74
1ee10a7edfb135bf9cad5a01e4749a18cc862a40
0ca24ecac4d738224e5bf2f712ec92b07c582ad67bca3ce58cb24ba96ae74652

HTTP Headers

GET / HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 17 Apr 2025 07:25:06 GMT
content-type: text/html; charset=utf-8
link: <https://spacecadetsgaming.shop/wp-json/>; rel="https://api.w.org/", <https://spacecadetsgaming.shop/wp-json/wp/v2/pages/2>; rel="alternate"; title="JSON"; type="application/json", <https://spacecadetsgaming.shop/>; rel=shortlink
server-timing: amp_sanitizer;dur="53.6",amp_style_sanitizer;dur="21.1",amp_tag_and_attribute_sanitizer;dur="27.3",amp_optimizer;dur="10.8"
vary: Accept-Encoding
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 931a2fbe3e82e4e4-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.svg#Genericons

172.67.168.58

200 OK

77 kB

URL GET
spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.svg#Genericons
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
SVG Scalable Vector Graphics image
Size
77 kB (76980 bytes)
Hash
29816c642aaa0e5a8c9402f4d2da62cf
48f2d2c09d6dd4c2faff3e76cc98d4779cd9a32e
306eb5338cdfb6df6b243aa37a8236bd291ec546c57bd8a439c0fc7aedc00534

HTTP Headers

GET /wp-content/themes/frontier/includes/genericons/Genericons.svg HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 17 Apr 2025 07:25:07 GMT
content-type: image/svg+xml
content-length: 22707
server: cloudflare
accept-ranges: bytes
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:07 GMT
last-modified: Tue, 18 Jan 2022 19:39:33 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
cf-ray: 931a2fc8581fe4e4-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-anim-0.1.mjs

216.58.207.193

200 OK

3.8 kB

URL GET
cdn.ampproject.org/v0/amp-anim-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.google.com
Fingerprint75:B9:9F:08:CE:E8:70:C4:27:70:86:AA:9A:53:97:45:A3:D9:E2:03
ValidityThu, 20 Mar 2025 11:18:56 GMT - Thu, 12 Jun 2025 11:18:55 GMT

File type
JavaScript source, ASCII text, with very long lines (3688)
Size
3.8 kB (3802 bytes)
Hash
1ccf714baebeaef3d9143c672bf0f861
5eb95d1846b26c49defc9dc103b5ce3cd6f0f423
63a02bf73624fcb072469b3e7106026483364143938a0d52211b82e9b2264650

HTTP Headers

GET /v0/amp-anim-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1679
date: Thu, 17 Apr 2025 07:25:07 GMT
expires: Thu, 17 Apr 2025 07:25:07 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "f1785ae703c7e720"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

188.166.185.110/bingotogel/960x200.php

188.166.185.110

302 Found

641 kB

URL GET
188.166.185.110/bingotogel/960x200.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
641 kB (641169 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bingotogel/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.198.194/bingotogel/960x200.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

188.166.185.110/platinumtoto/728x90.php

188.166.185.110

302 Found

250 kB

URL GET
188.166.185.110/platinumtoto/728x90.php
IP
188.166.185.110:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject188.166.185.110
FingerprintA6:A2:2E:39:64:87:59:76:94:F5:51:34:EB:B0:1C:D2:C7:B9:2F:79
ValidityFri, 10 Jan 2025 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type

Size
250 kB (249925 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platinumtoto/728x90.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://143.198.201.173/platinumtoto/728x90.gif
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive

lesnoyforum.info/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6987678&pdata=78gtzh2qrleq5q7pymvrpvlocduedaih0onfgkjmwskxy-qlc4wktggtpaiw2bpb2ph8uk3gl2_gts5qyei7h7jzz284z9yzgio4zwqpotjcw-19ukceeiwmjf0eu4vnpuhd7sgqn9aluol9htals6e7sk3yobfcd_kiuj6mf8jvauniwakt1mjp3g1lz-y16fq6piqc6bo_xfs=&id=7fa3b767c460b54a2be4d49030b349c7

104.21.28.140

302 Found

117 kB

URL User Request GET
lesnoyforum.info/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6987678&pdata=78gtzh2qrleq5q7pymvrpvlocduedaih0onfgkjmwskxy-qlc4wktggtpaiw2bpb2ph8uk3gl2_gts5qyei7h7jzz284z9yzgio4zwqpotjcw-19ukceeiwmjf0eu4vnpuhd7sgqn9aluol9htals6e7sk3yobfcd_kiuj6mf8jvauniwakt1mjp3g1lz-y16fq6piqc6bo_xfs=&id=7fa3b767c460b54a2be4d49030b349c7
IP
104.21.28.140:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlesnoyforum.info
Fingerprint33:47:EE:A0:25:86:34:E3:7A:4A:13:C7:0F:C2:D5:BE:A6:9B:87:61
ValidityMon, 14 Apr 2025 00:04:30 GMT - Sun, 13 Jul 2025 01:02:41 GMT

File type

Size
117 kB (117221 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6987678&pdata=78gtzh2qrleq5q7pymvrpvlocduedaih0onfgkjmwskxy-qlc4wktggtpaiw2bpb2ph8uk3gl2_gts5qyei7h7jzz284z9yzgio4zwqpotjcw-19ukceeiwmjf0eu4vnpuhd7sgqn9aluol9htals6e7sk3yobfcd_kiuj6mf8jvauniwakt1mjp3g1lz-y16fq6piqc6bo_xfs=&id=7fa3b767c460b54a2be4d49030b349c7 HTTP/1.1
Host: lesnoyforum.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 17 Apr 2025 07:25:04 GMT
content-length: 0
location: https://lesnoyforum.info/
server: cloudflare
cf-cache-status: DYNAMIC
set-cookie: wssplashchk=9f051a79055d0222c04cc466d0470e9b6ff7f833.1744878304.0; HttpOnly; SameSite=Lax; Path=/; Domain=lesnoyforum.info; Max-Age=3600
cf-ray: 931a2faff8a8a8a2-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2

142.250.74.35

200 OK

20 kB

URL GET
fonts.gstatic.com/s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20040, version 1.0
Size
20 kB (20040 bytes)
Hash
a61c670a24d6794a95a9712f0d12b656
c9b3114b27790109ec51508f51f1a033ccfe0812
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

HTTP Headers

GET /s/arimo/v29/P5sMzZCDf9_T_10ZxCE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spacecadetsgaming.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 09:19:12 GMT
expires: Fri, 10 Apr 2026 09:19:12 GMT
cache-control: public, max-age=31536000
age: 597956
last-modified: Thu, 14 Sep 2023 00:51:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

143.198.198.194/crowntogel/728x90.gif

143.198.198.194

200 OK

374 kB

URL GET
143.198.198.194/crowntogel/728x90.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
374 kB (373770 bytes)
Hash
f7a0dda0eb18d0ab52aaabd5262e67e6
6376d2cab25639dfd60030dec5138bc388fc0453
16bca0203c17723a97f32d501b24b9884adecb0c26a2657f92456305e6212b4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crowntogel/728x90.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 373770
Last-Modified: Tue, 02 Apr 2024 02:40:10 GMT
Connection: keep-alive
ETag: "660b700a-5b40a"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

lesnoyforum.info/

104.21.28.140

301 Moved Permanently

117 kB

URL User Request GET
lesnoyforum.info/
IP
104.21.28.140:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlesnoyforum.info
Fingerprint33:47:EE:A0:25:86:34:E3:7A:4A:13:C7:0F:C2:D5:BE:A6:9B:87:61
ValidityMon, 14 Apr 2025 00:04:30 GMT - Sun, 13 Jul 2025 01:02:41 GMT

File type

Size
117 kB (117221 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: lesnoyforum.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: wssplashchk=9f051a79055d0222c04cc466d0470e9b6ff7f833.1744878304.0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 17 Apr 2025 07:25:04 GMT
content-type: text/html
location: https://sillysanta.store/
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fb63b6ba8a2-RIX
X-Firefox-Spdy: h2

spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.woff

172.67.168.58

200 OK

14 kB

URL GET
spacecadetsgaming.shop/wp-content/themes/frontier/includes/genericons/Genericons.woff
IP
172.67.168.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectspacecadetsgaming.shop
Fingerprint7C:40:FF:C2:D1:93:19:21:72:2E:B9:FE:42:D7:CE:CC:C8:BC:EF:CD
ValidityTue, 18 Mar 2025 14:43:25 GMT - Mon, 16 Jun 2025 15:42:12 GMT

File type
Web Open Font Format, TrueType, length 13988, version 0.0
Size
14 kB (13988 bytes)
Hash
f3f73b280148eeed102d4a6874ac7886
973bfcd63513292f1bb220c241f6dde6509f1168
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7

HTTP Headers

GET /wp-content/themes/frontier/includes/genericons/Genericons.woff HTTP/1.1
Host: spacecadetsgaming.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 17 Apr 2025 07:25:08 GMT
content-type: font/woff
content-length: 13988
server: cloudflare
accept-ranges: bytes
cache-control: public, max-age=604800
expires: Thu, 24 Apr 2025 07:25:07 GMT
last-modified: Tue, 18 Jan 2022 19:39:33 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
cf-ray: 931a2fc85819e4e4-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

143.198.198.194/bingotogel/960x200.gif

143.198.198.194

200 OK

641 kB

URL GET
143.198.198.194/bingotogel/960x200.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 200
Size
641 kB (641169 bytes)
Hash
556591550cd6f38c620dfc0e387698e0
1fabfb0ff3f41c7e6fb992f5ab220e45e3f56594
83b06daece3d10ac2e2f7a2778f63e6f022a5232bdfd7e6c98d3750c0d275c45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bingotogel/960x200.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 641169
Last-Modified: Tue, 02 Apr 2024 02:40:09 GMT
Connection: keep-alive
ETag: "660b7009-9c891"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

165.232.165.130/platinumslot/728x90.gif

165.232.165.130

200 OK

464 kB

URL GET
165.232.165.130/platinumslot/728x90.gif
IP
165.232.165.130:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject165.232.165.130
Fingerprint50:C2:6A:37:0C:F2:B6:0C:3B:B5:3E:71:27:A4:1E:B7:00:85:9D:84
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
464 kB (463727 bytes)
Hash
7827c92813bdf5bb5fb058ea1b82c68a
0ecdd17492b863b79e6b0fdbf32f00961b48419d
1633cb974a31859a7cabb7b24cc5d52ec6f1f4f9689f42ea924e3b7d6de301f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platinumslot/728x90.gif HTTP/1.1
Host: 165.232.165.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:10 GMT
Content-Type: image/gif
Content-Length: 463727
Last-Modified: Tue, 02 Apr 2024 02:35:13 GMT
Connection: keep-alive
ETag: "660b6ee1-7136f"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

3.bp.blogspot.com/-44byhTrP5hA/WyNelRdePUI/AAAAAAAAA-Y/29evsSG9fl8Hingy9XrxWhrRYVoRYYAlgCLcBGAs/s1600/banner%2Biklan%2Bheader.jpg

142.250.74.97

200 OK

8.8 kB

URL GET
3.bp.blogspot.com/-44byhTrP5hA/WyNelRdePUI/AAAAAAAAA-Y/29evsSG9fl8Hingy9XrxWhrRYVoRYYAlgCLcBGAs/s1600/banner%2Biklan%2Bheader.jpg
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerGoogle Trust Services
Subjectmisc-sni.blogspot.com
FingerprintE7:98:65:28:50:8C:40:BC:4E:3C:F6:5D:DE:13:DB:2E:CC:B3:33:E1
ValidityThu, 20 Mar 2025 11:19:23 GMT - Thu, 12 Jun 2025 11:19:22 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 1024x204, components 3
Size
8.8 kB (8839 bytes)
Hash
967b33c7a84dd33c09b9e39dd1aa288e
9fea7cef4a0654604154dd3f5167230f0c722678
08598ab249039f2e5f9d2d3f441f7eaff25e41981be13021aff071bae63bb8fa

HTTP Headers

GET /-44byhTrP5hA/WyNelRdePUI/AAAAAAAAA-Y/29evsSG9fl8Hingy9XrxWhrRYVoRYYAlgCLcBGAs/s1600/banner%2Biklan%2Bheader.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="banner iklan header.jpg"
x-content-type-options: nosniff
server: fife
content-length: 8839
x-xss-protection: 0
date: Thu, 17 Apr 2025 06:48:08 GMT
expires: Fri, 18 Apr 2025 06:48:08 GMT
cache-control: public, max-age=86400, no-transform
age: 2219
etag: "v3e7"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

143.198.201.173/ktvtogel/728x90.gif

143.198.201.173

200 OK

517 kB

URL GET
143.198.201.173/ktvtogel/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
517 kB (516805 bytes)
Hash
857fce5ecf17ae68cc51c0363b02e0cc
1ba3386808682f5f5c371d67d7bc37f277d4ec57
4453b5d636bc429dd36ffced71e83751e1748a851c0e42e10503b48a3ea50996

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ktvtogel/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 516805
Last-Modified: Tue, 02 Apr 2024 02:40:40 GMT
Connection: keep-alive
ETag: "660b7028-7e2c5"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

sillysanta.store/

172.67.157.48

301 Moved Permanently

117 kB

URL User Request GET
sillysanta.store/
IP
172.67.157.48:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectsillysanta.store
Fingerprint8C:BB:C0:FC:B7:8E:9D:DB:80:64:AE:FB:E3:21:8F:CA:B5:4C:80:5F
ValidityTue, 18 Feb 2025 17:08:11 GMT - Mon, 19 May 2025 18:06:59 GMT

File type

Size
117 kB (117221 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: sillysanta.store
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 17 Apr 2025 07:25:05 GMT
content-type: text/html
location: https://spacecadetsgaming.shop/
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-ray: 931a2fba1a55b804-RIX
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

188.166.185.110/hokitoto/960x200.php

0.0.0.0

0 B

URL GET
188.166.185.110/hokitoto/960x200.php
IP
0.0.0.0:0
ASN
#0

Requested by
https://spacecadetsgaming.shop/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hokitoto/960x200.php HTTP/1.1
Host: 188.166.185.110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spacecadetsgaming.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

143.198.201.173/bosstoto/728x90.gif

143.198.201.173

200 OK

453 kB

URL GET
143.198.201.173/bosstoto/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
453 kB (453287 bytes)
Hash
f15c864c16bd8b458efde7fe94e552d9
c8b30284ea86199af94b95667ec16a4f6077f6fd
a5b6252476a75094d004469e6ed66574a4bbced43f98c082451da408f8eb2225

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bosstoto/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 453287
Last-Modified: Tue, 02 Apr 2024 02:40:33 GMT
Connection: keep-alive
ETag: "660b7021-6eaa7"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

143.198.198.194/dotatogel/728x90.gif

143.198.198.194

200 OK

705 kB

URL GET
143.198.198.194/dotatogel/728x90.gif
IP
143.198.198.194:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.198.194
Fingerprint5F:97:4D:4A:35:A8:F6:E1:5B:F6:8E:36:E1:AC:64:F2:97:55:79:B2
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
705 kB (705109 bytes)
Hash
e1d44ebf2af5003b6b15e83a91538fc1
abf452b041e6e372b993fcb7ea19defc129b3782
f77691a6e03b533f4459f1b15207acaa35d161368fef275acebefdcb557cf8f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dotatogel/728x90.gif HTTP/1.1
Host: 143.198.198.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 705109
Last-Modified: Tue, 02 Apr 2024 02:40:12 GMT
Connection: keep-alive
ETag: "660b700c-ac255"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

143.198.201.173/djtogel/728x90.gif

143.198.201.173

200 OK

226 kB

URL GET
143.198.201.173/djtogel/728x90.gif
IP
143.198.201.173:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://spacecadetsgaming.shop/
Certificate
IssuerZeroSSL
Subject143.198.201.173
FingerprintA3:02:7B:3F:AC:FB:46:6D:6E:69:44:2B:6A:AD:38:E7:F1:EA:1B:EA
ValidityTue, 01 Apr 2025 00:00:00 GMT - Mon, 30 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 728 x 90
Size
226 kB (226483 bytes)
Hash
7ddbb2423829fc5988471a36ca709fa9
bccd4a9ef1a192ed8a71daa7aedbedf245f3b93d
71a9c037ac63a55a69071b5e76278f388d302f447c80c14f360a2824ab8de831

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /djtogel/728x90.gif HTTP/1.1
Host: 143.198.201.173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://spacecadetsgaming.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 17 Apr 2025 07:25:09 GMT
Content-Type: image/gif
Content-Length: 226483
Last-Modified: Tue, 02 Apr 2024 02:40:35 GMT
Connection: keep-alive
ETag: "660b7023-374b3"
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (69)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash