Report - gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1

Report Overview

Visited public
2023-12-05 15:39:38
Tags
URL
gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1
Finishing URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP / ASN
192.133.142.177
#15317 SERVEREL-AS
Title

Detections

urlquery

Network Intrusion Detection

159

Threat Detection Systems

252

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gbstwrldnws.com	unknown	2022-12-16	2022-12-16 11:46:55	2023-12-05 12:56:08	1.8 kB	574 kB	192.133.142.177
ykrvt.bestssp.top	unknown	2022-12-30	2023-06-02 01:21:39	2023-11-20 02:18:15	557 B	661 B	188.114.96.1
news-xagedi.cc	unknown	2023-11-13	2023-11-13 15:41:15	2023-12-05 12:41:21	69 kB	3.4 MB	23.158.56.201
errors.house	unknown	2022-11-10	2022-11-11 11:51:47	2023-12-05 08:58:27	21 kB	102 kB	46.4.134.147

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 15:39:26	medium	173.214.244.181	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2023-12-05 15:39:26	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-12-05 15:39:26	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:26	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:26	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:27	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:28	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:29	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:30	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:31	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:32	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:33	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:34	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:35	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:36	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:37	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:38	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:39	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-05 15:39:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	gbstwrldnws.com	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	gbstwrldnws.com	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	gbstwrldnws.com	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed
2023-12-05	medium	news-xagedi.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (171)

URL IP Response Size

gbstwrldnws.com/adult_video_2/favicon.ico

192.133.142.177

1.4 kB

URL
gbstwrldnws.com/adult_video_2/favicon.ico
IP
192.133.142.177:0
ASN
#15317 SERVEREL-AS

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
bf5b6c805abb9d242e0eefe8f85e9253
7430ff53470894ca5d22d074c1569efc3b72b95d
edff483f89d1eeef57d191848be78a7f52313af079c116bf714a0f5d5b57e9c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adult_video_2/favicon.ico HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:19 GMT
content-type: image/x-icon
content-length: 1406
last-modified: Thu, 25 Jul 2019 13:49:48 GMT
etag: "5d39b37c-57e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

ykrvt.bestssp.top/?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328

188.114.96.1

0 B

URL
ykrvt.bestssp.top/?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=qRuQunqVKEWrY1jyLTBUOA&sub_id=1328 HTTP/1.1
Host: ykrvt.bestssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbstwrldnws.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 05 Dec 2023 15:39:20 GMT
content-length: 0
location: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2BVSpf7VZs%2FJ3VMuNFl1dL%2FB37Vpl5m9meYHEYxMccx6YlqMtv3h8ZspdqfpSFXRXj0Vlnr6j8wP4yNqEsc3Pm%2FTgLEml8ktswg63%2BRgKIJn7nEhCmF7Z8x6BXa%2FFvfjeI8rtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830d619e8ffd56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:21 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/logo.png

23.158.56.201

7.4 kB

URL
news-xagedi.cc/lands/36/img/logo.png
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
PNG image data, 180 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
7.4 kB (7398 bytes)
Hash
6cd3a78b39a704ee1c84f31c8c4e5808
bb5c81cadfcd60bd5c7b29af2395ef24b11ebb93
4cfbf07b7b4def7ad505f3be44e311c631ffec252a93f031d11356bc1b0c8193

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/logo.png HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/png
content-length: 7398
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1ce6"
accept-ranges: bytes
X-Firefox-Spdy: h2

gbstwrldnws.com/adult_video_2/video.mp4

192.133.142.177

283 kB

URL
gbstwrldnws.com/adult_video_2/video.mp4
IP
192.133.142.177:0
ASN
#15317 SERVEREL-AS

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
283 kB (283022 bytes)
Hash
7e176ce512915b713eed7557bc47a067
952a0736d4a01cd5f09a46b4d0cf614dbb21c275
d2fc12a6c3700f5555a9e5b083a82e016c7d100f45f858f2b8eb9a00af6ae402

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adult_video_2/video.mp4 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Tue, 05 Dec 2023 15:39:19 GMT
content-type: video/mp4
content-length: 483291
last-modified: Thu, 25 Jul 2019 13:49:48 GMT
etag: "5d39b37c-75fdb"
content-range: bytes 0-483290/483291
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/Spin-1s-80px.gif

23.158.56.201

31 kB

URL
news-xagedi.cc/lands/36/img/Spin-1s-80px.gif
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
GIF image data, version 89a, 80 x 80\012- data
Size
31 kB (30677 bytes)
Hash
68556766cd260e97fec2b60a9bfaf8c7
26c969371c9a3de360fab6d7a7a3bec2c5d5c99f
ef50b84645244197917d80f6bcd6f604dce892ec4cdcdc96f11ea40f4a093676

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/Spin-1s-80px.gif HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/gif
content-length: 30677
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-77d5"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

79 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (63929)
Size
79 kB (78959 bytes)
Hash
aca20f4293e91b6c4fb1426511fc5ee2
1547d59262a3aea34830822669872d24df035a56
8dfcc4886582481585e06c76debc6d6dc05559314c7710ffde7afa560494f5e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbstwrldnws.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:20 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:20 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/player-controls-r.png

23.158.56.201

408 B

URL
news-xagedi.cc/lands/36/img/player-controls-r.png
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
PNG image data, 60 x 60, 8-bit gray+alpha, non-interlaced\012- data
Size
408 B (408 bytes)
Hash
f0e42db89f7d0994b3723b35eb05a49f
b4e08e7b2c525345d86dc2299663915c84a41b2b
13bbdf214a22994e4e0e655c256ab493cc495f15f9c1f08772cad0761625a9be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/player-controls-r.png HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/png
content-length: 408
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-198"
accept-ranges: bytes
X-Firefox-Spdy: h2

gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1

192.133.142.177

288 kB

URL
gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1
IP
192.133.142.177:0
ASN
#15317 SERVEREL-AS

File type
gzip compressed data, max speed, from Unix\012- data
Size
288 kB (288111 bytes)
Hash
8c6dcf1daf1cfe244c0185b9c3236975
ea2774837b7d359ad54536265b589808661ded4f
52c71a3ca345d95e258db60728386eccb51d03d70c38d00ffb6eb3057d3f04e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w2o55c4cd6a4688mif3ums2m&sub1=&sub2=&sub3=&tb=&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:18 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
permissions-policy: ch-ua=(self "https://rexpush.club"), ch-ua-mobile=(self "https://rexpush.club"), ch-ua-platform=(self "https://rexpush.club"), ch-ua-full-version=(self "https://rexpush.club"), ch-ua-full-version-list=(self "https://rexpush.club"), ch-ua-platform-version=(self "https://rexpush.club"), ch-ua-arch=(self "https://rexpush.club"), ch-ua-wow64=(self "https://rexpush.club"), ch-ua-bitness=(self "https://rexpush.club"), ch-ua-model=(self "https://rexpush.club")
content-encoding: gzip
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-1.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-1.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9604 bytes)
Hash
8374be5c573da988b4d76c1051f8cbc7
c319af79d391edeac2268173798952dd71f0ecf2
41889b3a66aec88fc8a474f19a6c2f6933200524597ccf76f2c9f995687099ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-1.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9604
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2584"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-2.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-2.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9474 bytes)
Hash
b1444ede1cb63c55f07c4b7cc861ec58
504823696a6990f0c6892721e34a7496cfe4e704
628146e090737199d0b92e0d069cdc8fa95d65391a7e84b7da053dbc0275b2f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-2.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9474
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2502"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-3.jpg

23.158.56.201

9.4 kB

URL
news-xagedi.cc/lands/36/img/pics-3.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.4 kB (9413 bytes)
Hash
76025b7cd7b3e168342e9f6916d8c7f4
bd2a6ea7c9105935c7a616fec2d6d85dbf98bfc2
46eaa0e5c25c663d858a5c65629f960ed17d2fe30b2484f629158e6d6460d775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-3.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9413
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-24c5"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-4.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-4.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9468 bytes)
Hash
107bdcec0a201d69db378827b68127cd
efc977edd0a369769d5f32d88e9858302bed1e5e
cb8a23effd64618021ebe40be5ed24bfb27c17f6d0a82c87a96d9efd91e06468

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-4.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9468
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-24fc"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-5.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-5.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9557 bytes)
Hash
628b98b82d0aca1c1b2155aa5ec51a6a
db663b2b85cf8828f3e9c5aa879325bb50e684a0
d7dfe6be5b49bee8bbf743bc58d74af3dc7d0250c89bd6dd7e9ad268c287289d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-5.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9557
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2555"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-6.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-6.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9620 bytes)
Hash
a83d5196e71bd6f9c55ef3e7322e527c
9dbddad413391599552c4d9cc5c9e8a287ef910f
52212d360cbbf493678d8e8bf75c20b7ad4b1d6cf86bf03e1c87fb5b4d6cb818

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-6.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9620
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2594"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-7.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-7.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9484 bytes)
Hash
94edfad63e95c79618692b8d8dc20587
f582b7b70443ea1fff184ade49ab560fc8fd3318
0940f729e51d0fb610affca787415657f39a630cc0450d08576f69fd0f71756e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-7.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9484
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-250c"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-8.jpg

23.158.56.201

9.8 kB

URL
news-xagedi.cc/lands/36/img/pics-8.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.8 kB (9750 bytes)
Hash
2e7eafc3878ee465f96bca0f9d1e1712
c4f353f12542db5d2df3be74dbae890e0430ac6e
df67f968a051026a5c43eb3e40b8d02a0c72bc742055526fef7e2655dd837cc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-8.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9750
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2616"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-9.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-9.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9646 bytes)
Hash
c3af10d166a4447c21f25e4a32383a5d
37a0342d08d6933b3bbfd4063b7ba998c991dd73
963fbe86dc33b1a1ba5c695bf9b74ebde439bc7a9260137121d747cf4cfbdd73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-9.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9646
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-25ae"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-10.jpg

23.158.56.201

9.7 kB

URL
news-xagedi.cc/lands/36/img/pics-10.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.7 kB (9681 bytes)
Hash
00ad8eccd280144f038e883859beeabe
e13583bbe25712e827b8b22b1353c883531f849f
21397b18bd87b564f70404ea1ff41d8d23ba804ed6eea4de323ac1c94e096ada

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-10.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9681
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-25d1"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-11.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-11.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9483 bytes)
Hash
8611f67b36ff57eaa1060e793b9e6ad4
49f273a5760e7375adb1efc58f0ed2c665da6ae8
de70c6d29629dd9ec1b85e3146390c1019bd608eeb3d7ffdc196627f70ee30b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-11.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9483
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-250b"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-12.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-12.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9487 bytes)
Hash
3971b0cd6849aef8e63c281fe7e53c57
690281f0f9a05a32be18029632240693f7b26270
20a9e9a79f97878e87f805b977eb6046480b734dfd9e90df9f34b22ef484777a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-12.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9487
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-250f"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-13.jpg

23.158.56.201

9.4 kB

URL
news-xagedi.cc/lands/36/img/pics-13.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.4 kB (9378 bytes)
Hash
cd911694d58b5fb86c94cf7a1d5b530b
f32925a79b755d76fdf1ae56fa898ef23d816699
5a8f5f99cb386403813964a7ee271660131e9c50eb5267f932a67ce0f4fb2ea2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-13.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9378
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-24a2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-14.jpg

23.158.56.201

9.5 kB

URL
news-xagedi.cc/lands/36/img/pics-14.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.5 kB (9498 bytes)
Hash
4957499f251b620472eb5fe6fd126c22
a237ac15f4b16256f1c49a40ca07ca168dea540c
de5d64cc00dd3bc0e0998e274f41bb78de69cae402e53c4f41c0ab8e0af2cd0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-14.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9498
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-251a"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-15.jpg

23.158.56.201

9.7 kB

URL
news-xagedi.cc/lands/36/img/pics-15.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.7 kB (9673 bytes)
Hash
bf608c2d10293273951a88b8d38de015
15b2a17c7300725aacc27f320480dfe5bf173a00
118f446f628921fb7cab1afeac932ef77d63a7c5a31ffa288427d80c4de69f9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-15.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9673
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-25c9"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-16.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-16.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9570 bytes)
Hash
700dfe65fca751e5c160aa1ed38c0389
61a7a9ba2a5209bb28b6a36c4b7ba9088f4b2886
8f8c3d5f93cc6dc00172cf203f6b0113819e853de45518cbcee1e68f9e95fbc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-16.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9570
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2562"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-17.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-17.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9595 bytes)
Hash
3617c828a4589dfd2af8f90e31f92666
0e7a1dbe743c9eaad109659f7b21ab86719b9cd0
f3ab898058b0ebaba11001b5a2b3c5b5db2d7f766000d95abdbfb841fcb16c1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-17.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9595
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-257b"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/pics-18.jpg

23.158.56.201

9.6 kB

URL
news-xagedi.cc/lands/36/img/pics-18.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data\012- data
Size
9.6 kB (9645 bytes)
Hash
52ada45615791fefe3513b98a28d6c61
334b68a65108b2274dc0d41bbed58d10cbfb41a0
204715e71db20e5daffe8494816412e0998ec0b97b303f16fb4102226c492fa4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/pics-18.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 9645
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-25ad"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:21 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/63/images/thumb-big.jpg

23.158.56.201

83 kB

URL
news-xagedi.cc/lands/63/images/thumb-big.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Size
83 kB (82623 bytes)
Hash
cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/63/images/thumb-big.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-142bf"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/63/images/male.jpg

23.158.56.201

728 B

URL
news-xagedi.cc/lands/63/images/male.jpg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3\012- data
Size
728 B (728 bytes)
Hash
11887dd0a5df5563fc133e173f0fd484
56c828481f045e04ad0543cecfe06bbb25b41655
9233233438671b5836951cd8d3d8cef0dff3a26fd6693ea22ec92cb67c5c32de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/63/images/male.jpg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: image/jpeg
content-length: 728
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d8"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:21 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/48/preloader-43.5794040.gif

23.158.56.201

7.0 kB

URL
news-xagedi.cc/lands/48/preloader-43.5794040.gif
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
GIF image data, version 89a, 160 x 160\012- data
Size
7.0 kB (7010 bytes)
Hash
5794040ee88def220320edd0ed2e2ac9
7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b
c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/48/preloader-43.5794040.gif HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: image/gif
content-length: 7010
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1b62"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:22 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/images/spinning-circles2.svg

23.158.56.201

503 B

URL
news-xagedi.cc/lands/53/images/spinning-circles2.svg
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1f7"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/images/video.gif

23.158.56.201

500 kB

URL
news-xagedi.cc/lands/53/images/video.gif
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-7a172"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:22 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

12 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (9366)
Size
12 kB (12466 bytes)
Hash
6247983515c58cc0363e767c22505b65
09d50099e7fdaf05c5a558dd7757e9d8e68dd7b8
19dcf01800e5dfffa4f24a4d583b43459c7727d786fb081b0eb309945699a3cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:21 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:22 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:23 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:23 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:23 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/37/jquery-3.2.1.min.js

23.158.56.201

86 kB

URL
news-xagedi.cc/lands/37/jquery-3.2.1.min.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (65460)
Size
86 kB (86537 bytes)
Hash
749cf8b9115d2e483c42a09caba49a47
6071774de33379640cc5bc565bc4f5fc8a73dc8d
4c6c48643cdfc617725f69f7c826b4e87983947a709b36f1e8016ad818bb6d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/37/jquery-3.2.1.min.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 86537
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-15209"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:23 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

79 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63491)
Size
79 kB (79267 bytes)
Hash
8991337904e36729b158d8f65aadd30c
8baeff47a0df5e3238003494b1c7a81c9145746b
194d75b6a963e99f1bd89b1fae6daa934c89d1cad896b8a5b8e372cf56ac3fea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:23 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:24 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:24 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:24 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

63 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (59622)
Size
63 kB (62945 bytes)
Hash
e5f320e1aab3daf6a0b1624a27118867
385e40e9f34094073f56602cfe2621dde4989a9c
99b701c5cb87a8263b51dc9a2364fb0751d241294f5781ad97fa43646d9183e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:24 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:25 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/37/jquery-3.2.1.min.js

23.158.56.201

86 kB

URL
news-xagedi.cc/lands/37/jquery-3.2.1.min.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (65460)
Size
86 kB (86537 bytes)
Hash
749cf8b9115d2e483c42a09caba49a47
6071774de33379640cc5bc565bc4f5fc8a73dc8d
4c6c48643cdfc617725f69f7c826b4e87983947a709b36f1e8016ad818bb6d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/37/jquery-3.2.1.min.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 86537
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-15209"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:25 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:25 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:25 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:26 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

11 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9539)
Size
11 kB (11333 bytes)
Hash
ada86f92ded2bd26c943d6fd372f34b1
fa136ef344dc8ea10e2b57dd7895c619a0bbcc2b
bb429af82262d23b5d74e4ff91ec525b85d4aab932fb9909bf9ce61d276c23ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:26 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:26 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

96 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (47321)
Size
96 kB (96477 bytes)
Hash
bedf819fbe85bab2151be4774efd37e3
817a52c05fcd2c25874eb35c943aac0035b05d3a
7f4d0a3d00bc45e63375c759fe949cc27bfebb68ef6e62bcc1f59041ee231e69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:22 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

35 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (15233)
Size
35 kB (35071 bytes)
Hash
8f04bde44fb07f2828b50b6777423b2b
9893044c6a50635daadeaea818063046e3973673
3e824bcf23ea9192c1b6866ff7492d6439c663857d08d807ddc0906c19c0f1a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:22 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

80 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (63929)
Size
80 kB (79869 bytes)
Hash
82943d1d16d9e2a78abaa963cad5346f
b0a89fa10d37077c5489fb1f7280591cdabd5ec9
ba31b6d784ca466c8da573cf62969cc2160fefc9f59c08d49a047e7a5bf0d96b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:23 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:27 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

79 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63491)
Size
79 kB (79267 bytes)
Hash
9a5ac10acabbce2cfbdd90531d028e7a
698512b3d8b3148becffadc8b652ab0774e071b5
29b48fcc5a1617656780433d37d41a485bd8e9dff2d8016a04219d9c8619c9e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:23 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:27 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:28 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

63 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (59622)
Size
63 kB (62945 bytes)
Hash
cb405ffef9996773fdb28d452fbca2e2
bde058d3f0c43cf58e45befbdecda1c7a6bc11b3
eb78662f647c3964de9cd28712f1f4507baf1f75a7b3bd000a8130be77786d46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:28 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:28 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:28 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/37/jquery-3.2.1.min.js

23.158.56.201

86 kB

URL
news-xagedi.cc/lands/37/jquery-3.2.1.min.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (65460)
Size
86 kB (86537 bytes)
Hash
749cf8b9115d2e483c42a09caba49a47
6071774de33379640cc5bc565bc4f5fc8a73dc8d
4c6c48643cdfc617725f69f7c826b4e87983947a709b36f1e8016ad818bb6d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/37/jquery-3.2.1.min.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 86537
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-15209"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:29 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:29 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

62 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (59795)
Size
62 kB (61812 bytes)
Hash
7d51780458694d80c6175c25a421e5e3
8df045fe4fcadbc3c81cb230e29c839f98220a4b
edf72ff37f9bdcfb13c01589e801ccf7b376b7a120ca1a923a6dbf5281694940

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:26 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:26 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:29 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:30 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:30 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:30 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:31 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/36/lp.js

23.158.56.201

722 B

URL
news-xagedi.cc/lands/36/lp.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (685), with no line terminators
Size
722 B (722 bytes)
Hash
8061571ac71b47c9ef862658f7e3e81c
c8109eda3ac59808f2e331aa52883ef72526833d
0437c5e6e3fb2533b3166485bb94ad975513518f741a5a7e2d74aeb0ddaa0875

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/lp.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 722
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/36/img/style.css

23.158.56.201

12 kB

URL
news-xagedi.cc/lands/36/img/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (11701), with no line terminators
Size
12 kB (11701 bytes)
Hash
ceafd56cc56028ed6235ce4c4db73d43
c0d374219bfbd71aebf2caa38494d48838d4cce0
8878692d5f9a94657f598a59e11fde8703ff41c6ee99d378acc5b22bec49cbd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/36/img/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: text/css
content-length: 11701
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-2db5"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:31 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:31 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:31 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

83 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (63929)
Size
83 kB (82942 bytes)
Hash
3b9dd2b4a150bacdc1aa0957902b3777
4b141f58ad9a45544f4359e9aa5a11696c242d1a
cc49d94c3107b03879bcb78810351d7f499c4e118eece47d37ea3bac6b77fa6b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:29 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

14 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (12143)
Size
14 kB (13900 bytes)
Hash
efbcf185ec4068b8bb4d135df3745bca
58c9a19aa54f15ed42505892db16995d23fd2914
386bff2df6d6f7471bdaceb875cb0352d56751d5c8d1fda74df5c726e7a56413

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:28 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:32 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/37/jquery-3.2.1.min.js

23.158.56.201

86 kB

URL
news-xagedi.cc/lands/37/jquery-3.2.1.min.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (65460)
Size
86 kB (86537 bytes)
Hash
749cf8b9115d2e483c42a09caba49a47
6071774de33379640cc5bc565bc4f5fc8a73dc8d
4c6c48643cdfc617725f69f7c826b4e87983947a709b36f1e8016ad818bb6d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/37/jquery-3.2.1.min.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 86537
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-15209"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

29 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26966)
Size
29 kB (28788 bytes)
Hash
b3a5ce48954fd7cc094f37ad22343d74
c4abb61124c66d70ea296b73cec50d1c3348521b
bd80a47f507b264b4a0241c1893bf3b762f07c57a87f322f8eb01d16ab8b6ef1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:29 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:32 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

126 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (37014)
Size
126 kB (125465 bytes)
Hash
2eb169738adc5fbb8b98007c51dc5e2b
33fffe706315c2ae66985f3e271dc455e628df85
0fd265bb7aefe7764ff8fe4593803a15aa300cf0892bae9591397fd0434f2b8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:23 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:32 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:32 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:32 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:33 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

63 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (59622)
Size
63 kB (62945 bytes)
Hash
69d36276fe80eac613ad3d67d1174eb0
36176b7e40844ba9a5e9419ea7d81a9911b7b286
cbef5c685447959ee30a910ecba2005d5aae93a9b968ce0a9f4ccb3d2c2cf08e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:30 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

79 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63491)
Size
79 kB (79267 bytes)
Hash
7f1e6cf8923ee4cd514c7685e311aae4
35f4fca31d99703c50f4e58fa5c0c85744a1c2f6
fa62ded0be1135b87fcef13034a129660e0d06ccb584732036bc56661571ed63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:33 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjYzLCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:33 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/css/style.css

23.158.56.201

4.9 kB

URL
news-xagedi.cc/lands/53/css/style.css
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (4928), with no line terminators
Size
4.9 kB (4928 bytes)
Hash
ff30963b59d24c95ee8ed06ee6f286d1
dbba4c06e6064e4bce5a928ff9905684d66a073d
d5ef0347241cb62969a80994ed4e4f87cf20f817e3036756df731aa04d238581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:33 GMT
content-type: text/css
content-length: 4928
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-1340"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/lands/53/js/device.js

23.158.56.201

3.3 kB

URL
news-xagedi.cc/lands/53/js/device.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
ASCII text, with very long lines (3289), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
2d9887b21aa6b47c56e7f43e66560a4f
42cdfc5b3b23d32152750bf2cea4233044491768
863a13c42ef72b562bc7aa5005b8ff5693763ae8d16ce3bfc3d876e92a7fdf85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUzLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 3289
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-cd9"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:33 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:34 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/lands/37/jquery-3.2.1.min.js

23.158.56.201

86 kB

URL
news-xagedi.cc/lands/37/jquery-3.2.1.min.js
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (65460)
Size
86 kB (86537 bytes)
Hash
749cf8b9115d2e483c42a09caba49a47
6071774de33379640cc5bc565bc4f5fc8a73dc8d
4c6c48643cdfc617725f69f7c826b4e87983947a709b36f1e8016ad818bb6d83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lands/37/jquery-3.2.1.min.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM3LCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 86537
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-15209"
accept-ranges: bytes
X-Firefox-Spdy: h2

news-xagedi.cc/?id=1218770951&p1=tk_adult

23.158.56.201

57 kB

URL
news-xagedi.cc/?id=1218770951&p1=tk_adult
IP
23.158.56.201:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55053)
Size
57 kB (57105 bytes)
Hash
dbea51b500f43dc9d834870925a38ca7
e3eef0fa5adfb656829bd8b9e464717b001501fa
cc2498098a7d9b6c778550b79ec93597289a70085ea7fa4ef7463f7e10f18bc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?id=1218770951&p1=tk_adult HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjM2LCJwMSI6InRrX2FkdWx0In0=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjQ4LCJwMSI6InRrX2FkdWx0In0=; Path=/; Expires=Wed, 06 Dec 2023 15:39:30 GMT; HttpOnly; Secure; SameSite=None
vary: Origin
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:34 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:34 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

news-xagedi.cc/revopush.js

23.158.56.201

200 OK

18 kB

URL GET HTTP/2
news-xagedi.cc/revopush.js
IP
23.158.56.201:443
ASN
#0

Requested by
https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Certificate
IssuerLet's Encrypt
Subject*.news-xagedi.cc
Fingerprint2D:C4:ED:BB:E2:76:1C:34:86:91:EF:35:26:D5:27:27:63:7E:52:BC
ValidityMon, 13 Nov 2023 13:39:42 GMT - Sun, 11 Feb 2024 13:39:41 GMT

File type
Unicode text, UTF-8 text, with very long lines (18112), with no line terminators
Size
18 kB (18177 bytes)
Hash
773d5dd04e1cf97341ac6e4cf2b23707
a56ebf246900b619f34bdfa36ea0f4a36d800730
a35876c74a7686acc90ac9e198313f89062cf1e0e22cac557b623c92f69f19d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /revopush.js HTTP/1.1
Host: news-xagedi.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/?id=1218770951&p1=tk_adult
Cookie: clickdata=eyJzdWJhY2MiOjEyMTg3NzA5NTEsImxhbmQiOjUwLCJwMSI6InRrX2FkdWx0In0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 15:39:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 18177
last-modified: Fri, 01 Dec 2023 12:50:34 GMT
etag: "6569d69a-4701"
accept-ranges: bytes
X-Firefox-Spdy: h2

errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js

46.4.134.147

1.9 kB

URL
errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js
IP
46.4.134.147:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (512)
Size
1.9 kB (1855 bytes)
Hash
cecbd15c62682460fc296825e598657c
7ea3ec61b65e0a88058e3943327a61d055ef4284
58664ef4f18d3763e07cf7c74738b3a1089fc115331ce34bfe300be3e125b510

HTTP Headers

GET /js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js HTTP/1.1
Host: errors.house
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news-xagedi.cc
DNT: 1
Connection: keep-alive
Referer: https://news-xagedi.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Tue, 05 Dec 2023 15:39:35 GMT
Content-Type: text/javascript
Content-Length: 1855
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
Surrogate-Key: project/7 sdk/7.15.0 sdk-loader
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (171)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Certificate

File type

Size