| www.googletagmanager.com/gtag/js?id=UA-146963760-1 | 142.250.74.168 | 200 OK | 74 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-146963760-1 IP142.250.74.168:443
Requested byhttp://52.198.103.254/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashed4abd1b4e8425377821ec52354f0451 4a6178ee0cd66623e5deb5348cb9cb6dc7e658c4 94cc67f2e9c53d6fc3717d613e3910cde657f984ad3cbce39a86e542fbd189b8
GET /gtag/js?id=UA-146963760-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 09:33:52 GMT
expires: Tue, 16 Apr 2024 09:33:52 GMT
cache-control: private, max-age=900
last-modified: Tue, 16 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73723
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| | 52.198.103.254 | 200 OK | 17 kB |
URL User Request GET HTTP/1.1IP52.198.103.254:80
File typeHTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators Hash707cddabbcd77ff4cfd9386e8ff74a4f c6bbf8e5c524be623a5032f4d1587ccc172d9d3c b0d1b39db0db2d4c56eaa07e440c65012eaaceccaeb790ca9c58905ba6ad4bce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
X-Powered-By: PHP/8.2.3
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires:
Cache-Control:
Pragma:
Set-Cookie: SSUser=cdltbemvbulqla29n1cg34jolc; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| 52.198.103.254/js/common.js?1713260032 | 52.198.103.254 | 200 OK | 8.2 kB |
URL GET HTTP/1.152.198.103.254/js/common.js?1713260032 IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeJavaScript source, Unicode text, UTF-8 text Hash3c9402120197a686fe255cf54c0bb90f bdcf99095deb3ac3dfaac910bc19108402793890 a5c58b3711aafdcadc71d8c59df452612a7322f2d5f73ff7b06914114aa4e926
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/common.js?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:02:58 GMT
ETag: "1fe2-60f09e1d804f2"
Accept-Ranges: bytes
Content-Length: 8162
Connection: close
Content-Type: application/javascript
|
|
| 52.198.103.254/js/jquery.js | 52.198.103.254 | 200 OK | 96 kB |
URL GET HTTP/1.152.198.103.254/js/jquery.js IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeJavaScript source, ASCII text, with very long lines (32038) Hash895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:24 GMT
ETag: "176d5-5652b061b3a00"
Accept-Ranges: bytes
Content-Length: 95957
Connection: close
Content-Type: application/javascript
|
|
| 52.198.103.254/css/fontawesome-all.min.css | 52.198.103.254 | 200 OK | 35 kB |
URL GET HTTP/1.152.198.103.254/css/fontawesome-all.min.css IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeASCII text, with very long lines (34556) Hash42eaa52604673b64d6b356c2fd7f87e3 6b59cb703b2d4a7a2691f13008062b46a6bc7fdb ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/fontawesome-all.min.css HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:11:52 GMT
ETag: "87ae-5652b0432f200"
Accept-Ranges: bytes
Content-Length: 34734
Connection: close
Content-Type: text/css
|
|
| 52.198.103.254/js/easing.js | 52.198.103.254 | 200 OK | 8.1 kB |
URL GET HTTP/1.152.198.103.254/js/easing.js IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
Hash9dedfbd1f22121a5e8c73e7efd956783 39e3b5ae656b1845fd615042ad7dedc11465f4ae c85028b4485f3b7e91508aa9891cfeb41a8884efd87672715de3fa1ae2173948
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/easing.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:23 GMT
ETag: "1fa2-5652b060bf7c0"
Accept-Ranges: bytes
Content-Length: 8098
Connection: close
Content-Type: application/javascript
|
|
| 52.198.103.254/js/jquery.cookie.js | 52.198.103.254 | 200 OK | 3.1 kB |
URL GET HTTP/1.152.198.103.254/js/jquery.cookie.js IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeJavaScript source, ASCII text Hash0f1f6cd6e0036897019b376d38593403 498b29de6e170fffc8535183b7d6550490f0a159 8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.cookie.js HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Mon, 08 Jul 2019 07:39:40 GMT
ETag: "c44-58d268bf64700"
Accept-Ranges: bytes
Content-Length: 3140
Connection: close
Content-Type: application/javascript
|
|
| 52.198.103.254/css/common.css?1713260032 | 52.198.103.254 | 200 OK | 54 kB |
URL GET HTTP/1.152.198.103.254/css/common.css?1713260032 IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeUnicode text, UTF-8 text, with very long lines (362) Hasha716f1add6792686708d3a5ca026cba2 f58093716ba6c1f73439fe311487e2fe733a7cd0 9232439d8d552b61425170b52d6246f9ec76e988c8839609c64e1b3494638592
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/common.css?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:52 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:32:22 GMT
ETag: "d467-60f0a4affa066"
Accept-Ranges: bytes
Content-Length: 54375
Connection: close
Content-Type: text/css
|
|
| 52.198.103.254/css/lower.css?1713260032 | 52.198.103.254 | 200 OK | 114 kB |
URL GET HTTP/1.152.198.103.254/css/lower.css?1713260032 IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
Size114 kB (114521 bytes) Hashcb2692e78fb13ec933b0c779cb343cfa 3a402dd67afb340e33e77468a861b3b5185c6b61 41c6e53aab20541908591865c333f36d733a2f1b02bb07bf09553e4b728be717
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/lower.css?1713260032 HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:53 GMT
Server: Apache
Last-Modified: Fri, 29 Sep 2023 14:42:36 GMT
ETag: "1bf59-606806f7f7309"
Accept-Ranges: bytes
Content-Length: 114521
Connection: close
Content-Type: text/css
|
|
| www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 89 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttp://52.198.103.254/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash391e2408ca2da096163966db43c00de0 773c030405f395923eb9da7d94766fddcc29984e 9ff1c94452b67cb97e7bd7ce6a9de34c654a18f207fbf4f5654a776fbf77b754
GET /gtag/js?id=G-RXGWKQ024D&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 09:33:55 GMT
expires: Tue, 16 Apr 2024 09:33:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88740
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 52.198.103.254/media/images/common/modal_close.png | 52.198.103.254 | 200 OK | 1.6 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/modal_close.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash66bb376e81ea206a06a0b782c24c9356 9e32a9966974f4113f2c108caa5425d425c217ed 4b8570a18b80e4ac3dda8d4df7c14c7151ba5afc24d54f04040936400eca4ca1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/modal_close.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Thu, 11 Jul 2019 05:04:24 GMT
ETag: "627-58d60ba358600"
Accept-Ranges: bytes
Content-Length: 1575
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/btn_close.png | 52.198.103.254 | 200 OK | 1.8 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/btn_close.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced Hash756ff830820a5ef4e7fed9fcdd2c6353 cd4120acaa22369d6f77566eeedd5a9708c03af4 b626e414c1f1bcfb2112a6fc38c3493e5b7e6368e99fc1dc27462d42e8bb9d15
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/btn_close.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Tue, 16 Jan 2024 06:08:20 GMT
ETag: "6dd-60f09f5087bb9"
Accept-Ranges: bytes
Content-Length: 1757
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/icon_tw.png | 52.198.103.254 | 200 OK | 2.1 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_tw.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced Hash059654af5f191228db8d183d3906158a 42c5cdafcebf26f7fda40131ad2682476ff64283 9f1789418ddfd85a9f4a7ff18de4f9a2e94bcabebb900f2e6ba2355d854b7c1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_tw.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "843-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 2115
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/hd_logo.png | 52.198.103.254 | 200 OK | 10 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/hd_logo.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 287 x 49, 8-bit/color RGB, non-interlaced Hash1b7e142bd58a9db35907844eacee019f dc715998fe3affb92c4962eacb37eacf59b2d11c 49e2e1e40523576ef6769c45496010fc0565c97ff5246bd7d7717bb065bff0ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/hd_logo.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Thu, 01 Aug 2019 06:24:08 GMT
ETag: "275a-58f084a067200"
Accept-Ranges: bytes
Content-Length: 10074
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/icon_fb.png | 52.198.103.254 | 200 OK | 1.5 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_fb.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced Hash0c99b87b3e4e38dc0d7bcd617b417d1a 724f179d04a1373e31b023b7c600f155347d4d06 1c9c1df70d273c0fd83cdeb0f1be3935976296b46a87c4b16f17fc6b10b867c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_fb.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:06 GMT
ETag: "609-5652b05089180"
Accept-Ranges: bytes
Content-Length: 1545
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/icon_x.png | 52.198.103.254 | 200 OK | 4.2 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_x.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 60 x 61, 8-bit/color RGBA, non-interlaced Hash7d2e8117c746e595936ece002092a0c3 cdbae9c299dd182a7f9ecf3c7298a0c643dbab83 55079d2a89e22a8ac9e69cf7cb37f00565978fb90e725479000fc28036c9840d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_x.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:55 GMT
Server: Apache
Last-Modified: Fri, 29 Sep 2023 11:02:10 GMT
ETag: "1050-6067d5b31c826"
Accept-Ranges: bytes
Content-Length: 4176
Connection: close
Content-Type: image/png
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-RXGWKQ024D>m=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-RXGWKQ024D>m=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787 IP216.239.32.36:443
Requested byhttp://52.198.103.254/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-RXGWKQ024D>m=45je44f0v9110441216za200&_p=1713260035218&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1168920935.1713260036&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1713260035&sct=1&seg=0&dl=http%3A%2F%2F52.198.103.254%2Flogin&dt=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%20%7C%20%E6%B5%B7%E4%BA%8B%E3%83%97%E3%83%AC%E3%82%B9ONLINE&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3787 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://52.198.103.254
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://52.198.103.254
date: Tue, 16 Apr 2024 09:33:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 52.198.103.254/media/images/common/icon_search.png | 52.198.103.254 | 200 OK | 1.8 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_search.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 34 x 36, 8-bit/color RGBA, non-interlaced Hash553da03d3d39062211dc263eaf1bb6b5 0c849141aa44d20851f836ec391e08ad937fe3ad ae37264ae338e115827f898ac283ad08803a3600204f22c7fd0bfaf44a956b77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_search.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "716-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1814
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/icon_line.png | 52.198.103.254 | 200 OK | 3.0 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_line.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced Hashe1e0077021a3710d10792b404f8fe282 93f7a0f98be1c0201ad03d3ea21acd2e68ab3662 c86853b206f8f16b3e2e609dfe2a9fab4e74ead7f2191256d8c3a5980db87614
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_line.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:06 GMT
ETag: "bb4-5652b05089180"
Accept-Ranges: bytes
Content-Length: 2996
Connection: close
Content-Type: image/png
|
|
| 52.198.103.254/media/images/common/icon_registration.gif | 52.198.103.254 | 200 OK | 1.5 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_registration.gif IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeGIF image data, version 89a, 23 x 19 Hash770ee0e63b71c64ae55c05222affad22 241bbca6aca2bee1d8eab3dd4c8e140056315a52 87f42e612f03e6f95ba0e3f339feb7b00dcc3dcd06c3ae01df926ac39c5745d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_registration.gif HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "5df-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1503
Connection: close
Content-Type: image/gif
|
|
| 52.198.103.254/media/images/common/icon_login.png | 52.198.103.254 | 200 OK | 1.5 kB |
URL GET HTTP/1.152.198.103.254/media/images/common/icon_login.png IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typePNG image data, 34 x 38, 8-bit/color RGBA, non-interlaced Hashcf200889b54be291baa1633c8dfb25ad eee7ead5338953b5500af50ee97882c96a3918d7 81e62723dbac096411cbc90c062cfa8c8f9acfd4e80eb05523f5aa9c20766253
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/images/common/icon_login.png HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/css/common.css?1713260032
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 12:12:07 GMT
ETag: "5ff-5652b0517d3c0"
Accept-Ranges: bytes
Content-Length: 1535
Connection: close
Content-Type: image/png
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036>m=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123 | 172.217.21.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036>m=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123 IP172.217.21.163:443
Requested byhttp://52.198.103.254/login CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint0E:DD:25:54:7B:C3:7F:EC:27:35:B1:EC:15:C4:B7:D2:09:71:3B:68 ValidityMon, 04 Mar 2024 07:26:33 GMT - Mon, 27 May 2024 07:26:32 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXGWKQ024D&cid=1168920935.1713260036>m=45je44f0v9110441216za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2108863123 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Apr 2024 09:33:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 52.198.103.254/favicon.ico | 52.198.103.254 | 200 OK | 9.5 kB |
URL GET HTTP/1.152.198.103.254/favicon.ico IP52.198.103.254:80
Requested byhttp://52.198.103.254/login
File typeMS Windows icon resource - 1 icon, 47x48, 32 bits/pixel Hash311c784611ef4e116937464fdac4861e 705e3ff2c6dcddfb4e6959463d1e5bc889a378a6 35886e799dabee7eff0d63dca373d96debd3c9cb82fc5c33a01bfac27370b95b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 52.198.103.254
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://52.198.103.254/login
Cookie: SSUser=cdltbemvbulqla29n1cg34jolc; _ga_RXGWKQ024D=GS1.1.1713260035.1.0.1713260035.60.0.0; _ga=GA1.1.1168920935.1713260036
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 09:33:56 GMT
Server: Apache
Last-Modified: Thu, 26 Sep 2019 09:57:22 GMT
ETag: "24fe-59371cbb86480"
Accept-Ranges: bytes
Content-Length: 9470
Connection: close
Content-Type: image/vnd.microsoft.icon
|
|