| ardschatota.com/Attention_files/new_free.svg | 139.45.197.161 | 200 OK | 1.5 kB |
URL GET HTTP/2ardschatota.com/Attention_files/new_free.svg IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeSVG Scalable Vector Graphics image Hashadd28f2b5b2a568a5d5b49bd7b40ec03 66ad7a5ce73b4f84f2f54e5e6150cd5cc923d25e 89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Attention_files/new_free.svg HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: image/svg+xml
content-length: 1545
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"609-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ardschatota.com/Attention_files/loading.svg | 139.45.197.161 | 200 OK | 386 B |
URL GET HTTP/2ardschatota.com/Attention_files/loading.svg IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeSVG Scalable Vector Graphics image Hash484f8bcb59050331f28ec35ae84c3ef0 e083f687af91382e8485515369daffde1899a12a d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Attention_files/loading.svg HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: image/svg+xml
content-length: 386
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"182-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| phicmune.net/zone?&pub=0&zone_id=6601407&is_mobile=false&domain=ardschatota.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b04e1371-7fb4-452e-84a9-507197dc6295&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2phicmune.net/zone?&pub=0&zone_id=6601407&is_mobile=false&domain=ardschatota.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b04e1371-7fb4-452e-84a9-507197dc6295&action=prerequest IP139.45.197.251:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectphicmune.net FingerprintD9:E1:7F:18:6B:70:58:A2:8E:07:9D:4B:06:16:79:22:32:F5:40:94 ValidityFri, 09 Feb 2024 05:11:42 GMT - Thu, 09 May 2024 05:11:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=6601407&is_mobile=false&domain=ardschatota.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b04e1371-7fb4-452e-84a9-507197dc6295&action=prerequest HTTP/1.1
Host: phicmune.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-length: 0
x-trace-id: 6f142b2024ce9632789b242e5695f35b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 273
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: cf82e9f726f6e8e6fd1703a5845daaf2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 275
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 17484591bf10a553e12016f2849e732a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 276
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0b3118435e58d32c92bbcfbab03b2ad5
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ardschatota.com/
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash47332be9e06c7e44b38f02ec783c158d 3b0cc4393e9d42db22bd9ce9b7b840271c1d11ca b989d75649c2085050774bbd33c563458d79d666823b6ff99266609bb9c86709
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ardschatota.com/
Content-Type: application/json
Content-Length: 790
Origin: https://ardschatota.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ardschatota.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| confirm.95urbehxy2dh.top/eb430691fe30d16070b5a144c3d3303c/3295c76acbf4caaed33c36b1b5fc2cb1/assets/fav.png | 64.190.63.222 | 441 No Reason Phrase | 0 B |
URL GET HTTP/2confirm.95urbehxy2dh.top/eb430691fe30d16070b5a144c3d3303c/3295c76acbf4caaed33c36b1b5fc2cb1/assets/fav.png IP64.190.63.222:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerDigiCert Inc Subjectconfirm.95urbehxy2dh.top Fingerprint19:7D:69:2A:EC:32:A3:53:96:45:32:4D:E9:D7:12:49:E0:DC:BF:2E ValidityFri, 17 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eb430691fe30d16070b5a144c3d3303c/3295c76acbf4caaed33c36b1b5fc2cb1/assets/fav.png HTTP/1.1
Host: confirm.95urbehxy2dh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 441 No Reason Phrase
date: Thu, 25 Apr 2024 23:22:12 GMT
server: NginX
content-length: 0
X-Firefox-Spdy: h2
|
|
| phicmune.net/pfe/current/micro.tag.min.js?z=6601407&sw=/micro.js | 139.45.197.251 | 200 OK | 15 kB |
URL GET HTTP/2phicmune.net/pfe/current/micro.tag.min.js?z=6601407&sw=/micro.js IP139.45.197.251:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectphicmune.net FingerprintD9:E1:7F:18:6B:70:58:A2:8E:07:9D:4B:06:16:79:22:32:F5:40:94 ValidityFri, 09 Feb 2024 05:11:42 GMT - Thu, 09 May 2024 05:11:41 GMT
File typegzip compressed data, max speed, from Unix Hashf8a562cf594a626ba666191a13769669 2781a7002c10bc9a790a8248120792f6aa62ebf0 41e475dd3b22fad34327ea0d017e943d0672a868a446c9c65724815dc4c28a52
GET /pfe/current/micro.tag.min.js?z=6601407&sw=/micro.js HTTP/1.1
Host: phicmune.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ardschatota.com/micro.js?zoneId=6601407 | 139.45.197.161 | 200 OK | 5.2 kB |
URL GET HTTP/2ardschatota.com/micro.js?zoneId=6601407 IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
Hashd1b7e65d9a79bc0a52bead6a4411abcd bcf43c1136f6b024c4aa2c693fc76f308500c3c1 1db060b467fb915a3d780244d1c69d4fb524f51ad562706c159874b19a6181a7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /micro.js?zoneId=6601407 HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"235-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ardschatota.com/Attention_files/animate.css | 139.45.197.161 | 200 OK | 10 kB |
URL GET HTTP/2ardschatota.com/Attention_files/animate.css IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
Hash97d64faca1f1a0422ecf3ae998026899 61bc4cbfc9fc6e0db503aa67ba92c7c768a4c7e1 d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Attention_files/animate.css HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"1361f-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ardschatota.com/w/hmze4ek3sta | 139.45.197.161 | 200 OK | 7 B |
URL GET HTTP/2ardschatota.com/w/hmze4ek3sta IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeASCII text, with no line terminators Hash070a0fb40f6c308ab544b227660aadff 6ec6121cd150a73105f36a36219f4e978fe2e3dc ab5b50c3846ccfef52997e6e153b187022cde34b543019aa4feaf1f732feff50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /w/hmze4ek3sta HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:21 GMT
content-type: text/html; charset=utf-8
content-length: 7
etag: W/"7-bsYSHNFQpzEF82o2IZ9Ol4/i49w"
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ardschatota.com/w/hmze4ek3sta | 139.45.197.161 | 200 OK | 7 B |
URL GET HTTP/2ardschatota.com/w/hmze4ek3sta IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeASCII text, with no line terminators Hash070a0fb40f6c308ab544b227660aadff 6ec6121cd150a73105f36a36219f4e978fe2e3dc ab5b50c3846ccfef52997e6e153b187022cde34b543019aa4feaf1f732feff50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /w/hmze4ek3sta HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:32 GMT
content-type: text/html; charset=utf-8
content-length: 7
etag: W/"7-bsYSHNFQpzEF82o2IZ9Ol4/i49w"
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ardschatota.com/?t=0&ymid=807499947204153344 | 139.45.197.161 | 200 OK | 21 kB |
URL User Request GET HTTP/2ardschatota.com/?t=0&ymid=807499947204153344 IP139.45.197.161:443
CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeHTML document, ASCII text, with very long lines (1947) Hash98802378ad12e0ef0d31fb7d5aec5768 06f6c6b4c67d74646f1954a083f87966e6b1c145 2b8347db0ad54c0556e54bd9eb35489331873bfabb9660d664aca5777e408d27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?t=0&ymid=807499947204153344 HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"5176-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ardschatota.com/assets/bg.gif | 139.45.197.161 | 404 Not Found | 152 B |
URL GET HTTP/2ardschatota.com/assets/bg.gif IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
File typeHTML document, ASCII text, with no line terminators Hash375afe6444f4427295df0fa85a067d8e b869ccd897bdeddc61d7f465c1ea181b6d00d65d 7ae09b8b6dbec7ad3c39aa07bff02370472ec12ae8acd2a897f3980a624acccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/bg.gif HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-security-policy: default-src 'none'
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ardschatota.com/qrcode.js | 139.45.197.161 | 200 OK | 33 kB |
URL GET HTTP/2ardschatota.com/qrcode.js IP139.45.197.161:443
Requested byhttps://ardschatota.com/?t=0&ymid=807499947204153344 CertificateIssuerLet's Encrypt Subjectardschatota.com FingerprintA8:51:69:A5:01:4A:8C:EB:05:F1:E9:82:CC:E2:21:39:72:C0:F4:87 ValidityMon, 15 Apr 2024 18:57:20 GMT - Sun, 14 Jul 2024 18:57:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /qrcode.js HTTP/1.1
Host: ardschatota.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ardschatota.com/?t=0&ymid=807499947204153344
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:22:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0
last-modified: Wed, 22 Nov 2023 11:37:16 GMT
etag: W/"80f0-18bf6d1f1e0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|