| tmpfiles.org/dl/4984049/node.ps1 | 104.21.21.16 | 200 OK | 1.3 MB |
URL User Request GET HTTP/2tmpfiles.org/dl/4984049/node.ps1 IP104.21.21.16:443
CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size1.3 MB (1325167 bytes) Hashdbb0c4025756fab0a16f90bb677a20ab d36e6e6729e027336e28ea06c2bb75c514cbb1aa c4b48c91e4daf33a1f0085e6263497cb390f1d7486628afc115c803000352816
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dl/4984049/node.ps1 HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 11:36:15 GMT
content-type: text/plain; charset=UTF-8
content-disposition: inline; filename=node.ps1
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlRzTHgyOVUvVnEzZDJ6TnY2N1Q0dlE9PSIsInZhbHVlIjoic3Y2SjQ3UjBxRERTcTU0ZG95clJJT0cva0JGUVQwRDQwN1dJRkovZmNzZ0JBcHQyZnU3OFJDa29rMWtHNEVpbW90VDVMVlJTdWE5WWtuUUV3aUQ1UnJaTGRUYjdSVmlydDlUUGs0RlN3MWxKTXcvQ3FHRnhaSFJySFJtQTBXeG4iLCJtYWMiOiJhN2FhNTZmM2I3YjA3NTgxMWNhZjFlMzQxYTRlZTNlMTUzZTQzZDg5ZTI5Y2I5MTViZmVmMDliMzZkNjFkODI5In0%3D; expires=Wed, 17-Apr-2024 13:36:15 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6InMxU0FkbUlBcVpOL2p4NGZwenBrSFE9PSIsInZhbHVlIjoiQUhFZlBINmllcHU4d3R0cTNaMlZWajdnd2Z2RTFTRlhXMHdxSDlXMElaNzhlcXEzaEpFTTN6RHhZdkpJNVlEYWx4cm10VzdJSzFSc0tkNzFDZWhVRXBoTVBJVlZFRks3VXlKS0NqL0ZQaFdQaWNoSHBmSXNjdnYybXpmd3JMUGkiLCJtYWMiOiIxZTdjOTQ4YTk0ZWY0NTNjYTVmNDRiYTY5NGFkNzQyOTI5MTU0YmQ3MjRkMGM3YjcwZGQ0YjU1MWNhY2ZiNTQ2In0%3D; expires=Wed, 17-Apr-2024 13:36:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npNhmAt5kuLCg%2FV7hvPdkAGyeiDCV9Az4i76gIZliA1KSbp3dYHfZZ4mpF0Y%2B%2Fa6IAFXKxJaP%2FD3MJAp5MF0TyyiZaCgA60YH%2BZLHvS4g25FGYIaGn6pB5OPkht7pN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875c1dc76e12abce-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
IP104.21.21.16:443
Requested byhttps://tmpfiles.org/dl/4984049/node.ps1 CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash641276e2d4d0995c8262223f1fdda3d2 4f3f8f324f842e21d6921fffef2be2370cba9c49 5c039a5032f66daf0ad7ccaf04589686dfcc0b580113c1c6a9cff06ed4ce676d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/dl/4984049/node.ps1
Cookie: XSRF-TOKEN=eyJpdiI6IlRzTHgyOVUvVnEzZDJ6TnY2N1Q0dlE9PSIsInZhbHVlIjoic3Y2SjQ3UjBxRERTcTU0ZG95clJJT0cva0JGUVQwRDQwN1dJRkovZmNzZ0JBcHQyZnU3OFJDa29rMWtHNEVpbW90VDVMVlJTdWE5WWtuUUV3aUQ1UnJaTGRUYjdSVmlydDlUUGs0RlN3MWxKTXcvQ3FHRnhaSFJySFJtQTBXeG4iLCJtYWMiOiJhN2FhNTZmM2I3YjA3NTgxMWNhZjFlMzQxYTRlZTNlMTUzZTQzZDg5ZTI5Y2I5MTViZmVmMDliMzZkNjFkODI5In0%3D; tmpfiles_session=eyJpdiI6InMxU0FkbUlBcVpOL2p4NGZwenBrSFE9PSIsInZhbHVlIjoiQUhFZlBINmllcHU4d3R0cTNaMlZWajdnd2Z2RTFTRlhXMHdxSDlXMElaNzhlcXEzaEpFTTN6RHhZdkpJNVlEYWx4cm10VzdJSzFSc0tkNzFDZWhVRXBoTVBJVlZFRks3VXlKS0NqL0ZQaFdQaWNoSHBmSXNjdnYybXpmd3JMUGkiLCJtYWMiOiIxZTdjOTQ4YTk0ZWY0NTNjYTVmNDRiYTY5NGFkNzQyOTI5MTU0YmQ3MjRkMGM3YjcwZGQ0YjU1MWNhY2ZiNTQ2In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 11:36:15 GMT
content-type: image/x-icon
last-modified: Fri, 10 Feb 2017 21:01:32 GMT
etag: W/"589e2a2c-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2522
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8jArGNNGYNASLBnGxSlb8gbe4NvGYOvW8XK1HjF6kpUmA%2BmzerxnJE4kyOhDWz5wmmrrHBnEFlR6jNeFCQH3%2Fkd1bK%2Bim%2BYY%2FaqGCYDhXOxvK%2FyWcGHtRwadeuVLnYA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875c1dcac88babe1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|