| www.zominnen.com/FiRAOCB7snOcKkATtMOXUL38DB0lZxY9NhuE2rZVNGH4-uOP5cVDoATEhkuz1mnKcf3XVSNyvsB2kaE8cNEdGw~~ | 216.107.136.133 | 302 Found | 0 B |
URL User Request GET HTTP/1.1www.zominnen.com/FiRAOCB7snOcKkATtMOXUL38DB0lZxY9NhuE2rZVNGH4-uOP5cVDoATEhkuz1mnKcf3XVSNyvsB2kaE8cNEdGw~~ IP216.107.136.133:443
CertificateIssuerLet's Encrypt Subjectwww.zominnen.com Fingerprint3E:EA:21:66:F4:97:92:5E:49:3D:1B:63:58:8E:5D:FC:91:8E:F9:D9 ValidityMon, 25 Mar 2024 20:46:35 GMT - Sun, 23 Jun 2024 20:46:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /FiRAOCB7snOcKkATtMOXUL38DB0lZxY9NhuE2rZVNGH4-uOP5cVDoATEhkuz1mnKcf3XVSNyvsB2kaE8cNEdGw~~ HTTP/1.1
Host: www.zominnen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Wed, 17 Apr 2024 03:51:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Server: Apache
Set-Cookie: uid8759=758100228-20240416235112-db1d776f85fa36e932c4ac6b06e16edd-; domain=zominnen.com; path=/; SameSite=None; Secure
Location: http://castlhill.com/images/whoops.jpg
|
|
| castlhill.com/images/whoops.jpg | 159.65.99.190 | 200 OK | 42 kB |
URL User Request GET HTTP/1.1castlhill.com/images/whoops.jpg IP159.65.99.190:80 ASN#14061 DIGITALOCEAN-ASN
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 450x230, components 3 Hashd36c171ac8467ff2ce82e747c9aab086 1932c5675195169bcc8d3aad6d661ce279ebb6ee 378508849997be414ca3966a65635fd15b1bc2dbf1c733634b5054739088945e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/whoops.jpg HTTP/1.1
Host: castlhill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 17 Apr 2024 03:51:12 GMT
Content-Type: image/jpeg
Content-Length: 41589
Last-Modified: Wed, 18 Jul 2018 19:50:29 GMT
Connection: keep-alive
ETag: "5b4f9a05-a275"
Accept-Ranges: bytes
|
|
| ouzmail.com/p/aHR0cHM6Ly93d3cuem9taW5uZW4uY29tL0ZpUkFPQ0I3c25PY0trQVR0TU9YVUwzOERCMGxaeFk5Tmh1RTJyWlZOR0g0LXVPUDVjVkRvQVRFaGt1ejFtbktjZjNYVlNOeXZzQjJrYUU4Y05FZEd3fn4/click/MTcxMzMyNTM1NjY1MzI1MS42NjFmNDUyYzk1MzRhQG1ldGFtYWlsMTAuc2hvcA | 62.171.190.165 | 302 Found | 11 kB |
URL User Request GET HTTP/2ouzmail.com/p/aHR0cHM6Ly93d3cuem9taW5uZW4uY29tL0ZpUkFPQ0I3c25PY0trQVR0TU9YVUwzOERCMGxaeFk5Tmh1RTJyWlZOR0g0LXVPUDVjVkRvQVRFaGt1ejFtbktjZjNYVlNOeXZzQjJrYUU4Y05FZEd3fn4/click/MTcxMzMyNTM1NjY1MzI1MS42NjFmNDUyYzk1MzRhQG1ldGFtYWlsMTAuc2hvcA IP62.171.190.165:443
CertificateIssuerLet's Encrypt Subjectouzmail.com Fingerprint5C:DA:4E:D9:C3:96:84:CF:29:CE:B5:F7:A7:E2:64:73:44:DA:E2:A5 ValidityThu, 14 Mar 2024 10:46:14 GMT - Wed, 12 Jun 2024 10:46:13 GMT
Hash5101046e928e6376adc789b184ffd127 765a4548936747e9a981963f1f515c8b4d57ae8a 3637c31d1d194e8a918c3ac77d0d45b68d6238eb267a3887ec91a6e174d6abcd
GET /p/aHR0cHM6Ly93d3cuem9taW5uZW4uY29tL0ZpUkFPQ0I3c25PY0trQVR0TU9YVUwzOERCMGxaeFk5Tmh1RTJyWlZOR0g0LXVPUDVjVkRvQVRFaGt1ejFtbktjZjNYVlNOeXZzQjJrYUU4Y05FZEd3fn4/click/MTcxMzMyNTM1NjY1MzI1MS42NjFmNDUyYzk1MzRhQG1ldGFtYWlsMTAuc2hvcA HTTP/1.1
Host: ouzmail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: no-cache, private
date: Wed, 17 Apr 2024 03:51:11 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6Iml1ZzFONWQ5ZWkvS1hpNE82c2VLN2c9PSIsInZhbHVlIjoiNHlrSXhZdGl2Y2kzbXhHZzhyelpWeU9idllZRWZMdnJyVjd3NWNHUTkvUDRyaGNUdURhRUhFSE03ZG5pcjE5NFVFdGxMS0ZkeCtFUC9KUzhOWXNiSkFMQ1ppTDcxS1dCVWxRTE9qRlRRd0JnMjQ4Nk5pbTRYc0pJTFlHSEp5QVMiLCJtYWMiOiJkNDFiYTcwNGMxMThiNjQ1NTA3MWQ4OWYwZjI2Y2Y0YTg1MWJiZTMyZGQyYWE4NTA0ZTgzYWRjZDdhYWQ4ZWZkIiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 05:51:11 GMT; Max-Age=7200; path=/; samesite=lax
acelle_session=eyJpdiI6InF5THhMRjJKUXZWWDNiR29NbWlUQ1E9PSIsInZhbHVlIjoiSXFYWTFsYlVYOE54NlVFd2h0L211WlRxbzJKVnlDSkZhS0d4UGtwd0dPZFhuMnVwQlVyVUlYdGNlSGxtWi9jTHZWOG51OVV5MVZJQ2RvOS9PMWJsWUQxbE9BUzF5c2xMMUhKeEoyeERNWlFyMDhIUDlhQW40UHArNUw2MjI3cFgiLCJtYWMiOiI4MWRhMjU5ZDg2ZWU0YzMxMDQyYmYxYzJiNTY2YzNiNmMxYWI1MzczZTZkMzI4NDIzZDk2OGI1MzMxMjFiODg5IiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 05:51:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
location: https://www.zominnen.com/FiRAOCB7snOcKkATtMOXUL38DB0lZxY9NhuE2rZVNGH4-uOP5cVDoATEhkuz1mnKcf3XVSNyvsB2kaE8cNEdGw~~
content-type: text/html; charset=UTF-8
server: Apache
X-Firefox-Spdy: h2
|
|
| castlhill.com/favicon.ico | 159.65.99.190 | 404 Not Found | 169 B |
URL GET HTTP/1.1castlhill.com/favicon.ico IP159.65.99.190:80 ASN#14061 DIGITALOCEAN-ASN
Requested byhttp://castlhill.com/images/whoops.jpg
File typeHTML document, ASCII text, with CRLF line terminators Hashca8bba226fc38384d4e889ff1e5f0b02 8dc2ae5a396686aba485bec7815e8fc8a6e12be5 6640c51ecd2c4eb6c19c779df63efed77969da44c085c27f991ba8a40c60c914
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: castlhill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://castlhill.com/images/whoops.jpg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Wed, 17 Apr 2024 03:51:13 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 5.8 kB |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typegzip compressed data, max speed, from Unix Hash52a1e40d3746c76b0167007994950370 6c5838f16f22c0778bc428242b26ca65bf64683c 5ca94e7f36b9452fe67eeaf4a9898c2003278f9f9151c572b2cc6178afff781a
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:51:30 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=IQdVdTBazUccLr4dDN_cJoZYw_RZkRfXHQw4pfR9iC9KgKP5-Y8apn9Bu6qM7Ii10MUWIYyLCStAnT198uOk6nu50tZ80jenc_vcQ6kjG_KGjiMhV0jSSb32wz8jGHux
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|