| | 146.190.111.112 | | 2.7 kB |
IP146.190.111.112:0 ASN#14061 DIGITALOCEAN-ASN
File typeHTML document, Unicode text, UTF-8 text Hashfd89aa42b44ce6e77f640dc8c9f51b40 53e70dbe5d39106da0def94ed9d1d10ba9f2aa9e 66d6643859e8d3042b09eb15d3c7ce611b5e8cbe673b791d6dd12ec1bfa8a8ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 146.190.111.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 03:13:53 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2739
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| code.jquery.com/jquery.js | 151.101.194.137 | 200 OK | 84 kB |
URL GET HTTP/1.1code.jquery.com/jquery.js IP151.101.194.137:80
File typeJavaScript source, ASCII text Hash3d93b072d14f2bd1ede58f4847f537fd 73e5d044bd153dd912930e8be433059454ce19cd 3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
GET /jquery.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 83875
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-4508e"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 08 May 2024 03:13:54 GMT
Age: 20335835
X-Served-By: cache-lga13621-LGA, cache-hel1410020-HEL
X-Cache: HIT, HIT
X-Cache-Hits: 23, 7960
X-Timer: S1715138034.168207,VS0,VE0
Vary: Accept-Encoding
|
|
| www.googletagmanager.com/gtag/js?id=G-X4X5FSSYR7 | 142.250.74.168 | 200 OK | 98 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-X4X5FSSYR7 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hashea12139d0b8c7df0def0bfaa46a16ea0 c653c9bc691d751b19b2820b38132dcd2d96f93f 2fa410220ff73d26d66a2aa03656d5c0001eb45a8a24623c9dcc82fdfdd715a0
GET /gtag/js?id=G-X4X5FSSYR7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 03:13:54 GMT
expires: Wed, 08 May 2024 03:13:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 97987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 146.190.111.112/assets/index.css | 146.190.111.112 | 200 OK | 818 B |
URL GET HTTP/1.1146.190.111.112/assets/index.css IP146.190.111.112:80 ASN#14061 DIGITALOCEAN-ASN
Hash7b24d5acbb6d4e0915bb0b9547ba1553 ab7c81a38d67c6041a1a537433f513c1ae5aded1 9443774f6d3e730fc5151d9c8acf0c24f74b3071596ff417d1137c6a3ea32ace
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/index.css HTTP/1.1
Host: 146.190.111.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 03:13:54 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 16 Feb 2023 00:49:02 GMT
ETag: "93d-5f4c6901bdb80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 818
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 146.190.111.112/assets/unvisibility.png | 146.190.111.112 | 200 OK | 498 B |
URL GET HTTP/1.1146.190.111.112/assets/unvisibility.png IP146.190.111.112:80 ASN#14061 DIGITALOCEAN-ASN
File typePNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced Hashde7da7d061b07e15b993ee85c9d180b5 3a59cc262b9b884c8d91490add6caece85315609 1ddb24c756e9a8e8b405f56530d230441b6775ac0e19a3f2c9a07455506ddb21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/unvisibility.png HTTP/1.1
Host: 146.190.111.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 03:13:54 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 16 Feb 2023 00:49:03 GMT
ETag: "1f2-5f4c6902b1dc0"
Accept-Ranges: bytes
Content-Length: 498
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| 146.190.111.112/assets/5.svg | 146.190.111.112 | 200 OK | 2.4 kB |
URL GET HTTP/1.1146.190.111.112/assets/5.svg IP146.190.111.112:80 ASN#14061 DIGITALOCEAN-ASN
File typeSVG Scalable Vector Graphics image Hashebd8798bc32c86494851a07770e04e63 b5461dc8f5f5f848033441d506ee05d48742438b 9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/5.svg HTTP/1.1
Host: 146.190.111.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 03:13:54 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 16 Feb 2023 00:49:03 GMT
ETag: "951-5f4c6902b1dc0"
Accept-Ranges: bytes
Content-Length: 2385
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
|
|
| static.xx.fbcdn.net/rsrc.php/yD/r/d4ZIVX-5C-b.ico | 31.13.72.12 | 404 Not Found | 0 B |
URL GET HTTP/2static.xx.fbcdn.net/rsrc.php/yD/r/d4ZIVX-5C-b.ico IP31.13.72.12:443
CertificateIssuerDigiCert Inc Subject*.facebook.com FingerprintA8:DE:E8:08:F6:7A:12:95:AD:A8:6D:C6:05:99:F8:25:1F:6D:1E:1A ValidityThu, 15 Feb 2024 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rsrc.php/yD/r/d4ZIVX-5C-b.ico HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
x-fatal-request: static.xx.fbcdn.net
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
timing-allow-origin: *
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy-report-only: default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src data: blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: gb7nZs0Z90NfynDe9KY2iS/Fhoe23T+1CPB0oTo0OKY9LtlCT989cjb/4Puwsf5Z2/IhUSVeauzM73lg3TU7cQ==
content-length: 0
proxy-status: http_request_error; e_fb_configversion="AcKFjUidQ608Z_lZNZyhokcUeZpaI9uG9vpU8NLST3haVkCv5BpBdTFQLchYVA"; e_clientaddr="AcLxVpnt6wIuFVt6H2x0Z6VihdfrDreMadhvZTYqGV7EhjgfsChSX_iAVPgCAnN-K7wUfgYhaGUDKqHrKIroKGQzpWPFd7UCn1wW2qiV9fwO4dysSw"; e_fb_vipport="AcJKmJ51miLI8fa7Fb9FbUiaxJJG6H5xdCInsih670EGHjaZ6Rzt8vWQUBWb"; e_upip="AcJV3oXypreG4qXRqS0GGHAOHJ1E6-LWY6N7-aiphncXfhnxSNFIQ4bodpdTIJqySX1b1y56YgABt1gxQHTipVHSdkDKaycXubU"; e_fb_requestsequencenumber="AcIvNLLgN2XSr5_VEq7aIRjYR2DUWUIflSE4GUsAE7E6ujUcScE2WX_GjYY"; e_fb_hostheader="AcKKJQSZrJWYozDA6DXw6a2GWYD0myOJHTyHKK7y0bu-GWCaCmPstDMH8TQTEge1eyb51qm1GrV5Jpxtyg"; e_fb_vipaddr="AcI5b0xr_crZ_mKRUrbZkd65su2DQiBolBv7dpBrWsoUpiK__lFm0Yc2sqRiY6jmKL6fp-VRWO0ZyovPymWlsyTNQqA_HyQsmw"; e_fb_requesthandler="AcJ90Ysepe2w3VQa1lUhcA0eD5IL5_C3ODjikPie27SGbD6Makr1Ww5SC_VJivFjENKYr8R8lw8"; e_fb_requesttime="AcIP5-dEW2rwcmklsu287kjRe9D6uXJHzy783aHsLCsdOfMCgN4eJFN5tJqvm59uWKQrcwsfSA"; e_fb_builduser="AcJZJwrYILDuoOiWsHxU_vsazQ2gngHXJxmMnE8C4ovg79AdNh9ktfzNIV9FghX_yWU"; e_fb_httpversion="AcKbMPKn3fc_ySLJpQ8O-RkIySPBvf4Fd2hfAlV6m09iFQe_ht1Z2Sncqqbw"; e_fb_binaryversion="AcJwZyyVnOeBHtUVBxT3vYCWFcakD0gNdFXZxm7siYoTQnB-Rw6qSPYA8L56SdsTLnKC6J8GxnzRns7SzzrRB_o_yr8lrmpW61w"; e_proxy="AcJ8dZABlO61npRk8DDA-OTF7bDHbon3weV5yJ_SDvIgAkPkbvyNjKxaLndetMiCYZneyJH7cTEXfvPYGS6j", http_request_error; e_fb_configversion="AcIbnTfPLb_rHBX83gkvBaGevIe5S78tY8wooaDVtpICtUgHHRM5MHjfyuf-qw"; e_clientaddr="AcKr_QaDjA10v0RZzU1LnryP0I3FgStW7NFDmit6sdsobYFI9A_w7Op0lPybHFVFzDZ6gETRDDraeSJP"; e_fb_vipport="AcKNpfJsrDCk2I7kQK5l2kmGP81mwhs9CDet0UIiXDZ_3Wif3DVJwVmgX1mg"; e_fb_requestsequencenumber="AcJgH0tTneXuXLopxjxVEN75F1_lFnIZHl4V3ywMa2fJavPMxiON7X6E9A"; e_fb_hostheader="AcK9ZeCBO5bAZBGw78foYQMiZrUm4K4OLFkRpXr62cZ3n93Gp2ugc-J6Ye6VQzbB_2WMZewSOHHlwWcBhQ"; e_fb_vipaddr="AcKkqLaP2TQNZAhtBgMaASOzrzmbCib93k7_BLw5ep0qgiqhTEUXrnqvXNeTXCZl4c-PW54"; e_fb_requesthandler="AcKN5lfGlrIR6TV86ZnmxxIuKLmIHesGZ2q_TOHxYYnahatbkAgfL3cr-jxGGrn5pxzm9gsqPhSdfg"; e_fb_requesttime="AcLqTFjUSdjQJTu8J_-1iZVj3ox9qnUDBZcrxzkNa2bhBfuCahZDCwEUINKIFBDwLPLZxKnW8g"; e_fb_builduser="AcI-ou1iwszi9czZe9eJSIGVEc5mv0XXXO-6dLml2bdIEuPxc9EKE38svX3abWLBW7I"; e_fb_httpversion="AcLNSBAbeA29j0vzQOZ8Og1hLLz_INMo6RDZBkaeEh1-ZuxKjkuzqOG5Q1H5"; e_fb_binaryversion="AcIWWVGAxDVwk54bqA5lumSe7y8vHKieFhk-TNQtLDObwpQtectF_YViHaFup5Z2sLwvWO_3bH8YmmhkpD2X5rkjg1vUgh5HoBg"; e_proxy="AcIiAr-7uYGGNLN2xdR_jE69HPtJ7yxc_ITBG_4YCHxCMZAmb7XlPFlhzlbfJ4546jnTF076JVfSr8-9"
date: Wed, 08 May 2024 03:13:54 GMT
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=13, mss=1380, tbw=3459, tp=-1, tpl=-1, uplat=0, ullat=-1
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-X4X5FSSYR7&cid=1324485211.1715138034>m=45je4510v888792335za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2146808426 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-X4X5FSSYR7&cid=1324485211.1715138034>m=45je4510v888792335za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2146808426 IP142.250.74.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-X4X5FSSYR7&cid=1324485211.1715138034>m=45je4510v888792335za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2146808426 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 May 2024 03:13:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-X4X5FSSYR7>m=45je4510v888792335za200&_p=1715138034430&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1324485211.1715138034&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715138034&sct=1&seg=0&dl=http%3A%2F%2F146.190.111.112%2F&dt=Are%20you%20over%2018%3F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1168 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-X4X5FSSYR7>m=45je4510v888792335za200&_p=1715138034430&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1324485211.1715138034&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715138034&sct=1&seg=0&dl=http%3A%2F%2F146.190.111.112%2F&dt=Are%20you%20over%2018%3F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1168 IP216.239.34.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-X4X5FSSYR7>m=45je4510v888792335za200&_p=1715138034430&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1324485211.1715138034&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715138034&sct=1&seg=0&dl=http%3A%2F%2F146.190.111.112%2F&dt=Are%20you%20over%2018%3F&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1168 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://146.190.111.112
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://146.190.111.112
date: Wed, 08 May 2024 03:13:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 146.190.111.112/assets/video/video.mp4 | 146.190.111.112 | 206 Partial Content | 193 kB |
URL GET HTTP/1.1146.190.111.112/assets/video/video.mp4 IP146.190.111.112:80 ASN#14061 DIGITALOCEAN-ASN
File typeISO Media, MP4 v2 [ISO 14496-14] Size193 kB (192567 bytes) Hash6270944bafc29519556de5ea09afdf45 ca2e0d99803cdee3c70a31b5c129f8b500e7deea 853a6515ea2463cc21f6a899b21e7d26976a1bd249a8dff08314dc02febb968d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/video/video.mp4 HTTP/1.1
Host: 146.190.111.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Cookie: _ga_X4X5FSSYR7=GS1.1.1715138034.1.0.1715138034.60.0.0; _ga=GA1.1.1324485211.1715138034
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Date: Wed, 08 May 2024 03:13:54 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sat, 20 May 2023 19:40:15 GMT
ETag: "8de257-5fc2534e585c0"
Accept-Ranges: bytes
Content-Length: 9298519
Content-Range: bytes 0-9298518/9298519
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: video/mp4
|
|
| cloudflare.com/cdn-cgi/trace | 104.16.132.229 | 200 OK | 258 B |
URL GET HTTP/2cloudflare.com/cdn-cgi/trace IP104.16.132.229:443
CertificateIssuerCloudflare, Inc. Subjectcloudflare.com FingerprintB3:31:52:6A:09:49:F8:8C:E2:18:55:5E:DF:10:60:C4:A0:2D:E5:A2 ValidityTue, 30 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash1d7b539ab5dc27798a2748b29ed47408 a20062dbeef1b9f18b92604640675717b74ffb3b 517b30a1d2c4f666c052258fae5a1f354b38e21a004405c6ce28371be58647fe
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://146.190.111.112
DNT: 1
Connection: keep-alive
Referer: http://146.190.111.112/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 03:13:54 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 880646cbdd7bb4f7-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|