Report - allcos.s3.eu-north-1.amazonaws.com/control_dugxmoni.html?login=info@glueck-raum.de&pcnt=3&no_redrct=no_redrct&request_type=load&use_cdtimr=use

Report Overview

Submitted URL
allcos.s3.eu-north-1.amazonaws.com/control_dugxmoni.html?login=info@glueck-raum.de&pcnt=3&no_redrct=no_redrct&request_type=load&use_cdtimr=use_cdtimr
IP
16.12.11.14
ASN
#16509 AMAZON-02
Submitted
2024-05-08 13:57:49
Access
public
Website Title
GLUECK-RAUM VALIDATION SERVER
Final URL
amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Tags
phishing microsoft outlook suspicious
urlquery detections
Phishing - Microsoft Outlook
Suspicious - Anti-debugging code

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wakandos.top	unknown	2024-01-12	2024-01-12	2024-04-12	510 B	0 B	0.0.0.0
allcos.s3.eu-north-1.amazonaws.com	unknown	unknown	No data	No data	603 B	3.8 kB	3.5.216.50
amasalom.top	unknown	unknown	No data	No data	4.1 kB	150 kB	104.21.56.191
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-07	3.7 kB	312 kB	104.17.3.184
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-08	852 B	322 kB	142.250.74.170
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	880 B	1.7 kB	142.250.74.132
t1.gstatic.com	unknown	2008-02-11	2013-05-07	2024-05-08	3.0 kB	6.1 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	amasalom.top	Sinkholed
2024-05-08	medium	amasalom.top	Sinkholed
2024-05-08	medium	amasalom.top	Sinkholed
2024-05-08	medium	amasalom.top	Sinkholed
2024-05-08	medium	amasalom.top	Sinkholed
2024-05-08	medium	amasalom.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	unknown	286 B	2023-11-23	2024-05-14
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-11-23 20:51:09 Last Seen2024-05-14 22:13:47 Times Seen46 Hash 19f117322afd1c16df419c8e2b3fecbe c2b3516d2d479fc5fd6d85225628392f7693e2e5 904336137915b56c184b3e411b0e3bd715129ca453ca07c453d8d2fc94682f12 Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	768 B	2024-05-08	2024-05-08
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash 81e5245c21566c1bdec22fb55e1927d5 9b82c3be51b5ab8472ad6be79159bfc02594c20b 924c1fb7c8f40e9bcf5135a55ee8716dcdb6fcee11a4069afab87c39ce2ee3e2 Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	4.6 kB	2024-05-08	2024-05-08
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash d297d001eead22f00413adc1e065e3b5 1051bbbd8ca57344c917b1c88bffa6c57d4cc2ee 1d65ec66d39032d3529e218276209920ace276629c33171eaa836b55b74aa32d Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	3.3 kB	2023-11-27	2024-05-15
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-27 12:26:41 Last Seen2024-05-15 00:01:13 Times Seen72 Hash 610e169f49420d6ecd4a5d01a0fa0067 b54ab7b4308e9871a26780aabd7f55a063ea5247 00795e94566047ee75ea7bf8b47ae8c31cd69acd630257d2d779d82826325095 Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	801 B	2023-11-30	2024-05-15
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-30 14:59:27 Last Seen2024-05-15 00:01:13 Times Seen67 Hash 6c271dfc7e3137a7723aae64b1b329ef 6a9a54bd0392eef3ace7b62369af871e6423d2b3 76887040e2867d2a6b677f57fd36f0ecf85954911ddc0a584ca549dd153d9b2b Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	3.6 kB	2024-02-12	2024-05-15
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-12 08:59:27 Last Seen2024-05-15 00:01:13 Times Seen45 Hash 551cf70b40dbcf27fde509c02fdbd20d c93a4f8ee53042b94d2eb5c97d503bbd95a30c38 b977154685e009ce68b497f4f18c0aa3715ce6893f5f57dacd4b2a1e0ae15ae3 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js	289 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:59 Last Seen2024-05-19 15:05:05 Times Seen5961 Hash 2849239b95f5a9a2aea3f6ed9420bb88 af32f706407ab08f800c5e697cce92466e735847 1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239 Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	164 B	2023-09-21	2024-05-15
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-21 04:40:49 Last Seen2024-05-15 00:01:13 Times Seen107 Hash 96b36f7056f826a9c56b58f55209e794 7527670b480831c52ac5e937b947165c068af7b8 d117e0f32484b25a090d43594ea2b402631eb26a9b54644b8370aa53ecf47af3 Loading...

	amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr	505 B	2023-09-21	2024-05-15
Pretty URL amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP 104.21.56.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-21 04:40:49 Last Seen2024-05-15 00:01:13 Times Seen107 Hash d448320e57b792a64d70313976f5289d 3bcc06ab5e68132d2f23f7a987e62da38678737d aed1faff5be5d21a70535423e23cff580204c8ffaec4b6d584d9b112b5f5b0f2 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9b27c10c385d6d22add645e1f8025be3	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash 9b27c10c385d6d22add645e1f8025be3 7472ff57c98056b8ebd8d609fc5aaec411e275d3 da7e7f2cb85f89d61f0f21543b37952d80a33d682a037260281ef6c1df2cfafc Loading...

	#2 Eval - a47d41e1a96a5104a53a0e13bd1c17c4	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash a47d41e1a96a5104a53a0e13bd1c17c4 18dca0ac2a7f564160870390c87b71e5f86e9eb4 3b468701aef3689ec2b9000bd38d40a6e6575c76518d32810d602e0b0c69f691 Loading...

	#3 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-20 02:02:57 Times Seen353148 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#4 Eval - 28873b521569faa91361786563cd85a0	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash 28873b521569faa91361786563cd85a0 770abdcebc02fbe9cdb73b5fe7bcd4f085007146 e1db36e3f429cf7cd2a8eaf59f4b5491887e1dbd85928f64a102f7345ddc6086 Loading...

	#5 Eval - a72652c01578f007884c443986250581	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash a72652c01578f007884c443986250581 d0df5dc3ffee5718accbe99096c27a85de0313a6 6cd8fd06c19b7bc66f35e15692d0c981b8e6a0a3cbf779961b399a28091fea1c Loading...

	#6 Eval - 44ce9c2b5dbdc0f28d7037c070550b74	62 B	2024-05-03	2024-05-09
Pretty Observations First Seen2024-05-03 14:37:29 Last Seen2024-05-09 15:26:38 Times Seen386 Hash 44ce9c2b5dbdc0f28d7037c070550b74 a9d8ff605c113bef81e606ea0bb2d8b0d65bd13e b87899b17160a1ab0138f3ff2eacc0c7c9107f22f6ab3ad6e9d9973b98deb26d Loading...

	#7 Eval - 6c724c549bce4ee1ec2a6c096faa94f2	2.8 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash 6c724c549bce4ee1ec2a6c096faa94f2 a8fd7d23c440a8cb9b36342a65c3b715bd3adaf0 49bc999d36ca1fa9a5b7accb30d1e77d60816a4b4b8ebc17c0fca3e0caab6cd7 Loading...

	#8 Eval - bd09f49e91d43b6bf1cea31b4b290b16	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:57:55 Last Seen2024-05-08 15:57:55 Times Seen1 Hash bd09f49e91d43b6bf1cea31b4b290b16 3bec818274f21d3447046cb131da656d440d563e ff62d7cfc177c48b59efed575642bf999bc05cae1acd4e391cffc501e3b6c62e Loading...

HTTP Transactions (24)

URL IP Response Size

allcos.s3.eu-north-1.amazonaws.com/control_dugxmoni.html?login=info@glueck-raum.de&pcnt=3&no_redrct=no_redrct&request_type=load&use_cdtimr=use_cdtimr

3.5.216.50

3.4 kB

URL
allcos.s3.eu-north-1.amazonaws.com/control_dugxmoni.html?login=info@glueck-raum.de&pcnt=3&no_redrct=no_redrct&request_type=load&use_cdtimr=use_cdtimr
IP
3.5.216.50:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
3.4 kB (3406 bytes)
Hash
d292fe5d6a05cfc291e8a34a85d64030
81cac6b17388119e9884028d51fe2326ca6d8820
e77a9a75fbc84a5eca928c1c788732afad08c1e0f27d8ea1d37b1b6c82620aed

HTTP Headers

GET /control_dugxmoni.html?login=info@glueck-raum.de&pcnt=3&no_redrct=no_redrct&request_type=load&use_cdtimr=use_cdtimr HTTP/1.1
Host: allcos.s3.eu-north-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TjULD4+PUgT5tnhAfbN5hiSQf0bmv4dpZy96BzDglme5zd7VvT02O/pO0FPkK+FYfFv14vwnpj6bZn4p1tr1sWESaBRIYNMg
x-amz-request-id: MZ1ZFJ97W4XNEXKC
Date: Wed, 08 May 2024 13:57:24 GMT
Last-Modified: Thu, 02 May 2024 05:22:25 GMT
ETag: "d292fe5d6a05cfc291e8a34a85d64030"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 3406

amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr

104.21.56.191

200 OK

10 kB

URL User Request GET HTTP/3
amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
IP
104.21.56.191:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type
HTML document, ASCII text, with very long lines (1847), with no line terminators
Size
10 kB (10544 bytes)
Hash
72067992c8fdbaaf21df187118699367
08dbc2920c3811a6b630ee45555e41ea9e75225e
66709cc39dfca392aa0682384815be2a583b6c892aa117460569192782787edd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
urlquery	suspicious	Suspicious - Anti-debugging code
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sunbar.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Wed, 08 May 2024 13:57:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bnnjZxyJsOv0koyRLNYabBs8B5BDKh4zl7lXIzZt0kpVcEtHAbULnP7iV13lDm55TPZHPfLz54CQuuITcX0S4%2BFEd0UNLom0cYABFnIyQB99abu0C5Ax0u8iafVuv8g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809f56cf9eeb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 13:57:25 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
access-control-allow-origin: *
location: /turnstile/v0/b/ce7818f50e39/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809f56f9d0c56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:01:09 GMT
expires: Fri, 02 May 2025 02:01:09 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 561376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

amasalom.top/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.56.191

0 B

URL
amasalom.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.56.191:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 13:57:25 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBE5RxYyZVp8%2BpzddCnLLBY5lSh91oi%2FeDyQGm%2BZZwv1aFCG3A7%2BLdzFnjsmzOX9FoxH715Slpsnrf0dIu50yRtyGSDxJ1p4o313846BMgpPbF7Zv9DJd4%2BiVeYDEkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809f570efd10b55-OSL
alt-svc: h3=":443"; ma=86400

amasalom.top/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

104.21.56.191

3.7 kB

URL
amasalom.top/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
104.21.56.191:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type
JavaScript source, ASCII text, with very long lines (7942), with no line terminators
Size
3.7 kB (3730 bytes)
Hash
0cadb41bcddbc41bc5dcad3b325464c2
cd138496240157bfe9280711d13357a6631a91ac
bd32f1e09c8d8f17c00a1b57da05a49e0222d5645f0717e5908798d743180c3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:25 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwJQoMO5UidjGiq1g7m9l73o07m2pESXLBIeKVnj53m1bUePS7bWc6RoctQCkYj%2F1U%2BYfPHXG3BdzpOlH%2BCPi9dNQVVipZ3tPBjl7bPaZE%2B6IukKH8GgWZ67qg1v3F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809f5710ff10b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js

104.17.3.184

14 kB

URL
challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42565)
Size
14 kB (14270 bytes)
Hash
a5b92920e25651d2058f4982a108347b
caeeadd68d38fdb681c52006c68880abc2e8a1a6
49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5

HTTP Headers

GET /turnstile/v0/b/ce7818f50e39/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 13:57:25 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809f56fbd3456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8809f571093f56be/1715176645758/ITNXuDqvnmXSowg

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8809f571093f56be/1715176645758/ITNXuDqvnmXSowg
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 81 x 68, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
47b0da4c81c4a52c8e44e12384cfaa47
539c7bacddfa6c40e7ab477f02e5cdeda2d7b10d
a83d1cb158e9a3a51b77ffea5dc7881f4fec240dc310987ab75ca85ee4576a25

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/8809f571093f56be/1715176645758/ITNXuDqvnmXSowg HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/iw1wt/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:26 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8809f578291556be-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8809f571093f56be

104.17.3.184

173 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8809f571093f56be
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
173 kB (172939 bytes)
Hash
70b68831f057b1880cac22def267e97c
0358d7c6c34a1954163b809b058ad26a6facf67b
a1131033e0db76c2bf3836c66281201de9cdd566fc02d64603df8678d0da2298

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8809f571093f56be HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/iw1wt/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:25 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 8809f571da0a56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amasalom.top/cdn-cgi/challenge-platform/h/b/rc/8809f571093f56be

104.21.56.191

21 B

URL
amasalom.top/cdn-cgi/challenge-platform/h/b/rc/8809f571093f56be
IP
104.21.56.191:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type
JSON text data
Size
21 B (21 bytes)
Hash
018598ff9794435b440d1bbf293cc10f
9129b0ca1a4febdf97636946a1fe7be8abf11890
898a24300baa285e173627eb7801c18db52748bb2119f56a71dcce0a5f8c8063

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/rc/8809f571093f56be HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Content-Type: application/json
Content-Length: 596
Origin: https://amasalom.top
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=1EyADtTbFWvM70.bvAjYO3j1Ga1Q0KWpiqpXAKRQuHo-1715176645-1.0.1.1-fbimB67ROO_x_ADeBI1uin.RcUnRkaIEPkCxds9SANpo4GuanhOoKJ5aECrhA8QtaNzl8YuVGf3V5v686cb9ww
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:28 GMT
content-type: application/json
content-length: 21
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: cf_clearance=3V3V1HFHCaD9J0Yxgg0CQOIYDXekwDbF2xDNNVXw6JM-1715176648-1.0.1.1-CG5BvGE51dQHWWaagxcPBo6dWxmBZKxvVSUEkEQFp_SQPKuFwTuD9jgRiybc4mNUjhUzvRDvgvcPy4yb0psuDg; Path=/; Expires=Thu, 08-May-25 13:57:28 GMT; Domain=.amasalom.top; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9yhY6ZXqNRiaKrzLWCbBZyTcqVYapSmNDfOwZqb7opXIE%2Fh3y%2Fi1w3iGKqcAuSNe7DNpkGJSnj8wxoFY6Q6h22AW9lYadwisiRVTK4cDqxeUXY%2FDikbfZFHakm3vvFo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809f58418960b55-OSL
alt-svc: h3=":443"; ma=86400

amasalom.top/_bluewhale_delta/validate.php

104.21.56.191

85 kB

URL
amasalom.top/_bluewhale_delta/validate.php
IP
104.21.56.191:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type
data
Size
85 kB (85111 bytes)
Hash
e1c950acaf996ddafa6c42b4d0392485
c44cb50fb6c0952636308ff1d0a9b3aa4a7455d2
2191d321c07516d5a1aaeb9864d18d3cac650f725edb78840d08ebf244c6057d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_bluewhale_delta/validate.php HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://amasalom.top
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=3V3V1HFHCaD9J0Yxgg0CQOIYDXekwDbF2xDNNVXw6JM-1715176648-1.0.1.1-CG5BvGE51dQHWWaagxcPBo6dWxmBZKxvVSUEkEQFp_SQPKuFwTuD9jgRiybc4mNUjhUzvRDvgvcPy4yb0psuDg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
access-control-allow-origin: *
set-cookie: captcha=1; expires=Wed, 08-May-2024 14:27:28 GMT; Max-Age=1800; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cacbpmYZ10QN9UM86bdHB%2BAupqT7C0K7f28MRMJ%2FLjfY79Jgb9%2BVx%2BmSgz2gIAPafzQA9HGThoZvHTLxI73rFyTOKGDAZU0JVeSaoHWhM0rYTclEs%2BjziLTfvI7lNzQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8809f58448c40b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a

104.17.3.184

4.5 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4400), with no line terminators
Size
4.5 kB (4546 bytes)
Hash
e518052fee893a923c1434029ec3ce41
54b3daee8fe8ade97ecdbda3fac38ee2f7a12b70
ef9f117627b0179deac11ccdeba1bb1064ca45a0303a9975163c9561cc8ffc6e

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/iw1wt/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9da57cf2c99e81a
Content-Length: 28908
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:28 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: LCsUXFFIraXnvLx32XjH9g==$XHCa+1w4Tw/DpbQYErhGNg==
cf-chl-out: fxwHyGkDfX7IQCmz9AIuCrpmx1eCHGjFa0zEA3mWN1L5djtqnwlkBnUFxxnD7BV4Jq1Pu5RRgG5dh6XT+LgIUQCUo6N1ObiHQHwRsls2ILSMZRSfar5JSWzUMSPd4kWk$wdeC4D6PQXxinM0/AeLjeQ==
vary: accept-encoding
server: cloudflare
cf-ray: 8809f5838f8456be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.google.com/s2/favicons?domain=glueck-raum.de

142.250.74.132

301 Moved Permanently

334 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=glueck-raum.de
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
334 B (334 bytes)
Hash
596e251cfad372457c9d1d7e584a494b
29c023bc70dc859373d2fd193bf45862eadd1366
daa20739053bfbf373d1950c40f8dfb88a6ead7055be3e50411a91253ce1ddf6

HTTP Headers

GET /s2/favicons?domain=glueck-raum.de HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Wed, 08 May 2024 13:57:29 GMT
expires: Wed, 08 May 2024 14:27:29 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=glueck-raum.de

142.250.74.132

301 Moved Permanently

334 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=glueck-raum.de
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
334 B (334 bytes)
Hash
596e251cfad372457c9d1d7e584a494b
29c023bc70dc859373d2fd193bf45862eadd1366
daa20739053bfbf373d1950c40f8dfb88a6ead7055be3e50411a91253ce1ddf6

HTTP Headers

GET /s2/favicons?domain=glueck-raum.de HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Wed, 08 May 2024 13:57:29 GMT
expires: Wed, 08 May 2024 14:27:29 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

726 B

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

amasalom.top/_bluewhale_delta/functions/spinner.gif

104.21.56.191

200 OK

46 kB

URL GET HTTP/3
amasalom.top/_bluewhale_delta/functions/spinner.gif
IP
104.21.56.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subjectamasalom.top
FingerprintD8:97:0F:D8:D2:00:01:7B:4C:75:80:55:3C:F3:AA:E3:14:67:C3:AA
ValidityThu, 18 Apr 2024 20:57:15 GMT - Wed, 17 Jul 2024 20:57:14 GMT

File type
GIF image data, version 89a, 48 x 48
Size
46 kB (46341 bytes)
Hash
bab0ad7ce20e911217791c00bcd4e35b
0822ac44951def4349090998b9ecb153128f03d5
bd750f550a5db2901c0bd52ec564da6adfbad55562b862b1f125d96d9d62b026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_bluewhale_delta/functions/spinner.gif HTTP/1.1
Host: amasalom.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=3V3V1HFHCaD9J0Yxgg0CQOIYDXekwDbF2xDNNVXw6JM-1715176648-1.0.1.1-CG5BvGE51dQHWWaagxcPBo6dWxmBZKxvVSUEkEQFp_SQPKuFwTuD9jgRiybc4mNUjhUzvRDvgvcPy4yb0psuDg; captcha=1; PHPSESSID=djr4sfqlba6a21lgaoqmanugs0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:29 GMT
content-type: image/gif
content-length: 46341
last-modified: Wed, 07 Oct 2020 21:45:56 GMT
etag: "b505-5b11ba3eced00"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjpBRH%2B69zZ%2FKr7r8Z22k87adjrECgbEvZ5grQKAiuMH%2FcE%2F4m8h1ZR2%2FjFmpwFOoOfDiJFgemZ%2BKQ9gsj8HZyLvj1prz%2BoPvqatOzZfhWyLxpalyl80y2gXy3O0GgQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809f5887ceb0b55-OSL
alt-svc: h3=":443"; ma=86400

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

726 B

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

726 B

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a

104.17.3.184

118 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
118 kB (118307 bytes)
Hash
99e97fef118f92e72fd7f465b4467205
20b4b124cd2516146b18577b23c314232d579b9d
ce63d6ef56848f6d5d5abc78e2a6a4af246733fffe46c56997480452af9af0ab

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1598702249:1715175076:RD0vMgqBY6YYkalP99_d-9BnWkrRdHaNB5tQ4Y86wL0/8809f571093f56be/9da57cf2c99e81a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/iw1wt/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9da57cf2c99e81a
Content-Length: 2798
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:57:25 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: EbLaYWa3UByASFVjEzmABbaXe1F+SxOV/wWqla3JbU497wnFR3SZwCQ+q6LDDJnyMvP0sRq2Y6cXFqK81F9egAhd2jVpmYaEIVvZxNXASi6TgFNH/ZCl6u/ulwgWfIk0HkBDuGPjnvFhNUaj7vGwvSeozUHlbUW25bbAYOD7vx5vls8A2tAHevyLDpw+X7p5Uk0VDyAHuKUixkTulpDaNYQQg6OVHljosP5xbAKXZxmoEQaoilBMwJ/ghLwYUvc+BmPCmC09AT9pFNKY8AgcGBB5M5W37W4EpWQnVNEA90ZqxulWhj91DlSPOvCA0XUViBWf5A0l5o4i9VgwbB6vaObOwvLc35IjMke1vm7NTCn4Q2IZaO0zxprBGen+e0c2E5tuvAHr288lSCs7kRQoPT0iRsYPAUMYZsZC/7imH/btVWjLNKcmC4XX+28buMu2sheYstB9G4/n50We8dlidQ==$yFj5C8rv+4bPgLarX0+G5g==
vary: accept-encoding
server: cloudflare
cf-ray: 8809f573ec2056be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js

142.250.74.170

200 OK

289 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text
Size
289 kB (288580 bytes)
Hash
2849239b95f5a9a2aea3f6ed9420bb88
af32f706407ab08f800c5e697cce92466e735847
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 85110
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 05:06:55 GMT
expires: Sat, 03 May 2025 05:06:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 463834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

wakandos.top/usp_Enigma_premium_users/admin/kfud_loader.php?login=info@glueck-raum.de&page=null&hide_email=true

0.0.0.0

0 B

URL GET
wakandos.top/usp_Enigma_premium_users/admin/kfud_loader.php?login=info@glueck-raum.de&page=null&hide_email=true
IP
0.0.0.0:0
ASN
#0

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /usp_Enigma_premium_users/admin/kfud_loader.php?login=info@glueck-raum.de&page=null&hide_email=true HTTP/1.1
Host: wakandos.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://amasalom.top
DNT: 1
Connection: keep-alive
Referer: https://amasalom.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16

142.250.74.164

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://amasalom.top/_bluewhale_delta/?login=info@glueck-raum.de&page=null&request_type=load&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://glueck-raum.de&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amasalom.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Wed, 08 May 2024 13:57:29 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL