195.20.49.214/
624 B IP
ASN #31624 Verotel International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a6d7de1820b7324b3224d6036c530ea7
c88bce8e98d66120a28e73135cccd310b0799413
e91a99c81035d3fccf0b00c05e9f44336c0d4b4b64b82dead5a1ea2ccc86e7e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 195.20.49.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 203
Server: nginx
Date: Sun, 10 Sep 2023 06:17:21 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 624
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Server: ip-172-31-36-223
Set-Cookie: JSESSIONID=978D2C68149A19BBA4723FFA288D97FB; Path=/; HttpOnly
195.20.49.214/smmgr_setup_1.6.6.0.exe
624 B URL 195.20.49.214/smmgr_setup_1.6.6.0.exe
IP
ASN #31624 Verotel International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0771f0bac9697de58ca1e4dde5521c6c
676118d9b34172c4c121e2786ea683c28c7a9fca
9174a5ae1e53f6b11b93811bf55bdd19ac75a9bc90ebed5b6ecb9c99d64d5f7f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO Executable Download from dotted-quad Host
GET /smmgr_setup_1.6.6.0.exe HTTP/1.1
Host: 195.20.49.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 203
Server: nginx
Date: Sun, 10 Sep 2023 06:17:21 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 624
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Server: ip-172-31-32-49
Set-Cookie: JSESSIONID=CD2BE9D82ACA6603221F476254EF2229; Path=/; HttpOnly
domain.dot.tk/p/?d=49.214&i=91.90.42.154&c=47&ro=0&ref=unknown&_=1694326641275
281 B URL User Request GET domain.dot.tk/p/?d=49.214&i=91.90.42.154&c=47&ro=0&ref=unknown&_=1694326641275
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b4853f783c9578c64b4737bf1110a0ae
935553351149b243dc0b1b5e5ec2bee1645a6d9c
4f7f3c1fe8f1f66f84142ade994c7b053e7bf59dee609672374d346f281ad410
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /p/?d=49.214&i=91.90.42.154&c=47&ro=0&ref=unknown&_=1694326641275 HTTP/1.1
Host: domain.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://195.20.49.214/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 302 Found
Date: Sun, 10 Sep 2023 06:15:16 GMT
Server: nginx/1.18.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Location: http://www.dot.tk/
Connection: close
www.dot.tk/
302 Found 0 B IP
Requested by http://www.dot.tk/en/index.html?lang=en
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
suricata medium ET POLICY HTTP Request to a *.tk domain
GET / HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://195.20.49.214/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.17.8
Transfer-Encoding: chunked
Set-Cookie: mydottk_languagenr=0; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:22 GMT
dottyLn=en; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:22 GMT
wwwLn=en; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:22 GMT
Date: Sun, 10 Sep 2023 06:17:22 GMT
Location: http://www.dot.tk/en/index.html?lang=en
Via: 1.1 google
www.dot.tk/en/index.html?lang=en
200 OK 25 kB URL GET HTTP/1.1 www.dot.tk/en/index.html?lang=en
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (461), with CRLF line terminators
Hash e30a239230e3e62ad63df3176102af9f
ad07bd7c0a2ff5ea796fdbcebabd6b7e26f69260
81c36643abab220e867da2649c87591d94b8832dff772fd2cf4ff4f97fedc416
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
suricata medium ET POLICY HTTP Request to a *.tk domain
GET /en/index.html?lang=en HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://195.20.49.214/
DNT: 1
Connection: keep-alive
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 25126
X-GUploader-UploadID: ADPycds94yHqhr-HbGG9xUQZNGC5PT8irw-3yBk2Adn3-XpSe-Vbooel2hJnfdcVCLQ7saxzE4cAMl1N_hhsPDqvQN7b6jFFcCHT
x-goog-generation: 1672672451334279
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 25126
Content-Language: en
x-goog-hash: crc32c=4oOb/Q==, md5=4wojkjDj5irWPfMXYQKvnw==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:11:43 GMT
Last-Modified: Mon, 02 Jan 2023 15:14:11 GMT
ETag: "e30a239230e3e62ad63df3176102af9f"
Content-Type: text/html
Age: 339
Cache-Control: max-age=600,public
ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js
200 OK 29 kB URL GET HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type ASCII text, with very long lines (32023)
Hash ccd0edd113b78697e04fb5c1b519a5cd
a6eedf84389e1bc9f757bc2d19538f8c8d1cae9d
a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25
GET /ajax/libs/jquery/2.0.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 29440
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 09 Sep 2023 15:53:37 GMT
Expires: Sun, 08 Sep 2024 15:53:37 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 51825
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
www.dot.tk/css/style.css
200 OK 20 kB IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type assembler source, ASCII text, with CRLF line terminators
Hash 1a4bc294c01009244e93bc9981945932
01a125067639cb5966291b33a5a77f2c38b4be33
14b25cff57af5967c41fd02971a342972037a5096f7c665b505e4b2e488ac333
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /css/style.css HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 20287
X-GUploader-UploadID: ADPycdsNQvWI2aRo9KJ9weWvFIKtPg0xKUXHCZwSAyAMPrH_4G_FADbw0rK4KCY0NPCIHsU2Icl0nd07mjI6mbwn6Sf_Uw
x-goog-generation: 1486570374566291
x-goog-metageneration: 6
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 20287
Content-Language: en
x-goog-hash: crc32c=QtS1mQ==, md5=GkvClMAQCSROk7yZgZRZMg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:09:27 GMT
Last-Modified: Wed, 08 Feb 2017 16:12:54 GMT
ETag: "1a4bc294c01009244e93bc9981945932"
Content-Type: text/css
Age: 475
Cache-Control: max-age=600,public
www.dot.tk/css/reset.css
200 OK 3.9 kB IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type ASCII text, with very long lines (405)
Hash 8219336bd4c8c7266d6ee6d8cbbc57fd
bfbd30e06fe1a5f4fcd84b3f77327d4bc32e4c0b
a3216d8151c1701c2bb64a7c24f19e05a2e73eef994f3bfb54cc85d4fd093ef0
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /css/reset.css HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 3924
X-GUploader-UploadID: ADPycdulCJ9OXRq1i9t6uPx-9uy30EjUdgcdeR713dFFxZOVvZq3Ome6z8w1NG9_vZtK-rIAoojYJgniMgqPyZYe1fVxmCatIaqk
x-goog-generation: 1465472196758000
x-goog-metageneration: 8
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3924
Content-Language: en
x-goog-hash: crc32c=Dlg3aQ==, md5=ghkza9TIxyZtbubYy7xX/Q==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:17:22 GMT
Last-Modified: Thu, 09 Jun 2016 11:36:36 GMT
ETag: "8219336bd4c8c7266d6ee6d8cbbc57fd"
Content-Type: text/css
Age: 0
Cache-Control: max-age=600,public
www.dot.tk/js/rotatingbg.js
200 OK 1.8 kB URL GET HTTP/1.1 www.dot.tk/js/rotatingbg.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type ASCII text, with CRLF line terminators
Hash 313c0f5d884c7f780d69abc422ea0e44
a662cc07beded0473e46739737ce322f28442c19
0d0529bb9ba7a196880355c2f59828de90a09733065e08c98cd8e4f6f3758ffd
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /js/rotatingbg.js HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 1751
X-GUploader-UploadID: ADPycds0ISpcbySOWqIP2ndTWrRg20L5tbfJPwivw6XSAaxiU_Hk8zUL1qfcaP9lYca9VuwVnl9ueCQMhAV4DQ-FQa7v-aOZiIZt
x-goog-generation: 1486570374978085
x-goog-metageneration: 6
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1751
Content-Language: en
x-goog-hash: crc32c=qQ23fg==, md5=MTwPXYhMf3gNaavEIuoORA==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:17:22 GMT
Last-Modified: Wed, 08 Feb 2017 16:12:54 GMT
ETag: "313c0f5d884c7f780d69abc422ea0e44"
Content-Type: application/javascript
Age: 0
Cache-Control: max-age=600,public
ocsp.pki.goog/gts1c3
471 B IP
Hash 14bee7661a70e20720ccfc970f1da1df
685187fc334995bb7d51766d5af831667d544c0b
71d72c05430a03aea95e674c232e5b1a93612b0325d1092ba180d8880afceeab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.dot.tk/css/availability.css
200 OK 22 kB URL GET HTTP/1.1 www.dot.tk/css/availability.css
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type ASCII text, with CRLF line terminators
Hash 86d246c9551d66a032950723f08ac7e1
3f1a791aaa19aa0e898c1a7aa74694f579d09a24
176859b8b2c7587c8f2f59fd68a1842641ca4bc3be58e2e15b88d162d1bdfada
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /css/availability.css HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 22354
X-GUploader-UploadID: ADPycdv9_jFeA2QOXxHaWsI09AH2t9XxHfxBjHM3k89renst2F1jXnFw4xwI05XGdDDGeJegbZiQ3UseFuJNOQ98Y9fiJQ
x-goog-generation: 1465472197621000
x-goog-metageneration: 8
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 22354
Content-Language: en
x-goog-hash: crc32c=RNiRqw==, md5=htJGyVUdZqAylQcj8IrH4Q==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:17:22 GMT
Last-Modified: Thu, 09 Jun 2016 11:36:37 GMT
ETag: "86d246c9551d66a032950723f08ac7e1"
Content-Type: text/css
Age: 0
Cache-Control: max-age=600,public
code.jquery.com/ui/1.11.2/jquery-ui.js
200 OK 114 kB URL GET HTTP/1.1 code.jquery.com/ui/1.11.2/jquery-ui.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type ASCII text, with very long lines (547)
Size 114 kB (113672 bytes)
Hash b5f3656496ccb995aacdccc0e91437c2
4e6a74f1dd52f0b7aa4d9777426adecf8d9377fd
26e1b509ca17a756db87864840e31a1a7caa2ce9164aa2fff2c61284c582c0c2
GET /ui/1.11.2/jquery-ui.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 06:17:22 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 113672
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
Accept-Ranges: bytes
Server: nginx
ETag: W/"28feccc0-7296c"
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1694326642.dop222.sk1.t,1694326642.cds213.sk1.c
ocsp.pki.goog/gts1c3
471 B IP
Hash 14bee7661a70e20720ccfc970f1da1df
685187fc334995bb7d51766d5af831667d544c0b
71d72c05430a03aea95e674c232e5b1a93612b0325d1092ba180d8880afceeab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js
200 OK 32 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32769)
Hash 219073097031d9c1a95a1291d66f3a10
2b7996b01d90b7f424f2a2e6063947461db4b2b2
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef
GET /ajax/libs/jquery/1.6.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32222
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 09 Sep 2023 15:35:32 GMT
expires: Sun, 08 Sep 2024 15:35:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 52910
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 14bee7661a70e20720ccfc970f1da1df
685187fc334995bb7d51766d5af831667d544c0b
71d72c05430a03aea95e674c232e5b1a93612b0325d1092ba180d8880afceeab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash 14bee7661a70e20720ccfc970f1da1df
685187fc334995bb7d51766d5af831667d544c0b
71d72c05430a03aea95e674c232e5b1a93612b0325d1092ba180d8880afceeab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
471 B IP
Hash 75f049c0671b29b155399649bab190e9
f9ba2361b6f0c712c5ffcfa07186f1f0798104b7
77a165e958fc4db947e4945d2685c31bb23e5d93ecb13b1964378e29f1b4ac81
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 06:17:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 09 Sep 2023 16:49:18 GMT
Expires: Sat, 16 Sep 2023 16:49:17 GMT
Etag: "f9ba2361b6f0c712c5ffcfa07186f1f0798104b7"
Cache-Control: max-age=555713,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80458c2ddbcd0b4d-OSL
ocsp.sectigo.com/
471 B IP
Hash 75f049c0671b29b155399649bab190e9
f9ba2361b6f0c712c5ffcfa07186f1f0798104b7
77a165e958fc4db947e4945d2685c31bb23e5d93ecb13b1964378e29f1b4ac81
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 10 Sep 2023 06:17:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 09 Sep 2023 16:49:18 GMT
Expires: Sat, 16 Sep 2023 16:49:17 GMT
Etag: "f9ba2361b6f0c712c5ffcfa07186f1f0798104b7"
Cache-Control: max-age=555713,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80458c2dd8bc569f-OSL
my.freenom.com/external/jsrender.min.js
200 OK 7.8 kB URL GET HTTP/2 my.freenom.com/external/jsrender.min.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerSectigo Limited
Subjectmy.freenom.com
Fingerprint54:29:B5:A8:99:9A:29:02:86:63:05:E6:99:F8:88:A4:CC:59:73:EA
ValiditySat, 29 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (15889)
Hash 36e17e14ff43dfd5349677522b3821a3
1eef675b40347067eefb8fd55e9b899fa9cd4216
5bf5e6b88eefc8f7ef5f4c00f9496657f3be732fd74c10a895d9a24c9a753e48
GET /external/jsrender.min.js HTTP/1.1
Host: my.freenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Sep 2023 06:17:23 GMT
content-type: application/javascript
content-length: 7817
server: Apache/2.4.10 (Debian)
last-modified: Wed, 06 Apr 2016 12:34:13 GMT
etag: "3ec5-52fd02de15b40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
my.freenom.com/includes/domains/fn-available.js
200 OK 3.3 kB URL GET HTTP/2 my.freenom.com/includes/domains/fn-available.js
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerSectigo Limited
Subjectmy.freenom.com
Fingerprint54:29:B5:A8:99:9A:29:02:86:63:05:E6:99:F8:88:A4:CC:59:73:EA
ValiditySat, 29 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT
Hash 9f31aa0493ad44ce80b4ede212467d23
10c8c5f3cc47a7ce536569eb6a421db8d93934d5
bba618cfb0c83019c4132a9988ba895138f4ebd375a4dc8076d3d5052ed6688f
GET /includes/domains/fn-available.js HTTP/1.1
Host: my.freenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Sep 2023 06:17:23 GMT
content-type: application/javascript
content-length: 3302
server: Apache/2.4.10 (Debian)
last-modified: Thu, 08 Nov 2018 09:35:07 GMT
etag: "4a9a-57a23f3480678-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.dot.tk/images.v2/logo.png
200 OK 9.3 kB URL GET HTTP/1.1 www.dot.tk/images.v2/logo.png
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type PNG image data, 300 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash cf869c0a6dbfa71c1981c35d85fd8053
b47d8e7d26cf0fc2989e79ada637ecf4a3df4328
8e03bc9d923ade686eb09696983c7a6961f75595178fda35681f5f561b03c5d1
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /images.v2/logo.png HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 9309
X-GUploader-UploadID: ADPycdtBMesOIK4slaoI2KRW7UDiZNGlasxYGvneuEluJmEhW3v-ud0CPcv6G4ZQU3Pzpj7ctSUPE2Q-iTZ5RDvMutn_xA
x-goog-generation: 1465472206459000
x-goog-metageneration: 8
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9309
Content-Language: en
x-goog-hash: crc32c=i689kw==, md5=z4acCm2/pxwZgcNdhf2AUw==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:09:28 GMT
Last-Modified: Thu, 09 Jun 2016 11:36:46 GMT
ETag: "cf869c0a6dbfa71c1981c35d85fd8053"
Content-Type: image/png
Age: 475
Cache-Control: max-age=600,public
ocsp.pki.goog/gts1c3
472 B IP
Hash 2060521e966a6a20a0bf1ababc2286c0
763ffc1aa1a10115e4a0526c747e9202dd085f16
9532f54419572a700481f1d886fe5e95a277ad19ccd7b2df29b1d30f154f00f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/fontawesome-webfont.woff?v=4.0.3
200 OK 44 kB URL GET HTTP/3 netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/fontawesome-webfont.woff?v=4.0.3
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type Web Open Font Format, TrueType, length 44432, version 1.0\012- data
Hash 3293616ec0c605c7c2db25829a0a509e
04c3bf56d87a0828935bd6b4aee859995f321693
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
GET /font-awesome/4.0.3/fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.dot.tk
DNT: 1
Connection: keep-alive
Referer: https://netdna.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 10 Sep 2023 06:17:23 GMT
content-type: font/woff
content-length: 44432
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "3293616ec0c605c7c2db25829a0a509e"
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-cachedat: 01/04/2023 08:53:03
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1076
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 497734726afd2e376b2cc16876d14f6a
cdn-cache: HIT
cf-cache-status: HIT
age: 919252
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80458c304e83568a-OSL
alt-svc: h3=":443"; ma=86400
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2
200 OK 23 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Hash 716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
GET /s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.dot.tk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Sep 2023 04:54:49 GMT
expires: Fri, 06 Sep 2024 04:54:49 GMT
cache-control: public, max-age=31536000
age: 264154
last-modified: Tue, 02 May 2023 15:08:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 2060521e966a6a20a0bf1ababc2286c0
763ffc1aa1a10115e4a0526c747e9202dd085f16
9532f54419572a700481f1d886fe5e95a277ad19ccd7b2df29b1d30f154f00f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 2060521e966a6a20a0bf1ababc2286c0
763ffc1aa1a10115e4a0526c747e9202dd085f16
9532f54419572a700481f1d886fe5e95a277ad19ccd7b2df29b1d30f154f00f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.dot.tk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Sep 2023 15:16:10 GMT
expires: Fri, 06 Sep 2024 15:16:10 GMT
cache-control: public, max-age=31536000
age: 226873
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
200 OK 23 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.dot.tk
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Sep 2023 15:25:37 GMT
expires: Fri, 06 Sep 2024 15:25:37 GMT
cache-control: public, max-age=31536000
age: 226306
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 2060521e966a6a20a0bf1ababc2286c0
763ffc1aa1a10115e4a0526c747e9202dd085f16
9532f54419572a700481f1d886fe5e95a277ad19ccd7b2df29b1d30f154f00f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 06:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.dot.tk/images.v2/handle.png
200 OK 1.7 kB URL GET HTTP/1.1 www.dot.tk/images.v2/handle.png
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 83c23b93631544258f7bc9b3a3375886
1ca5585b0b0e5d960444e4413cdf4d746d54c189
57b97d422db894294fdb781f3f81ddd290aa891d677fc12ebc6812f40284f18d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /images.v2/handle.png HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/css/availability.css
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 1745
X-GUploader-UploadID: ADPycdsudubS8cXkvW9jlLmXZDoUO_gdDXbCiBFNrjUVtKfDKL5m_6mX8PVqY2AzWWUJZuDROaWID0xW0EyTuIT9qDtYfrkL3Jtw
x-goog-generation: 1465472206208000
x-goog-metageneration: 8
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1745
Content-Language: en
x-goog-hash: crc32c=g8t+QQ==, md5=g8I7k2MVRCWPe8mzozdYhg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:13:03 GMT
Last-Modified: Thu, 09 Jun 2016 11:36:46 GMT
ETag: "83c23b93631544258f7bc9b3a3375886"
Content-Type: image/png
Age: 260
Cache-Control: max-age=600,public
www.dot.tk/images.v2/007.jpg
200 OK 278 kB URL GET HTTP/1.1 www.dot.tk/images.v2/007.jpg
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x1341, components 3\012- data
Size 278 kB (277529 bytes)
Hash 049389ec8ace3b67d1a5e1efc7b76de5
716916d3488932270a518b54ad814a6e4d9eec95
ebc1153bd6710c7bbe5ffa63e1bb5a99c2c6468d28c1739df7e5823e3907f8b1
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /images.v2/007.jpg HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 277529
X-GUploader-UploadID: ADPycduoWTPk1tR8q0EgrMlyppK7VMGcr3_zNBu7l2gEB81we4Ud8eB6uNxnrCQjUzm8ncMaJolusmEND97vRQ_Xj9XhL5mHI5_6
x-goog-generation: 1465472202731000
x-goog-metageneration: 8
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 277529
Content-Language: en
x-goog-hash: crc32c=w+PVrA==, md5=BJOJ7IrOO2fRpeHvx7dt5Q==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:17:23 GMT
Last-Modified: Thu, 09 Jun 2016 11:36:42 GMT
ETag: "049389ec8ace3b67d1a5e1efc7b76de5"
Content-Type: image/jpeg
Age: 0
Cache-Control: max-age=600,public
www.dot.tk/favicon.ico
301 Moved Permanently 169 B IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4e81ccade4a7771ffb16cf8f89017ce6
e04bba6bea00860e86dcbb3bfe5eeeba8188c041
820d63c7b59d8b137e19605c71f075bedbafc9cf460a0eeba3c34bd976281bd0
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /favicon.ico HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/en/index.html?lang=en
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx/1.17.8
Date: Sun, 10 Sep 2023 06:17:23 GMT
Content-Type: text/html
Content-Length: 169
Location: http://www.dot.tk/
Via: 1.1 google
www.dot.tk/
302 Found 0 B IP
Requested by http://www.dot.tk/en/index.html?lang=en
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
suricata medium ET POLICY HTTP Request to a *.tk domain
GET / HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.dot.tk/en/index.html?lang=en
DNT: 1
Connection: keep-alive
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.17.8
Transfer-Encoding: chunked
Set-Cookie: mydottk_languagenr=0; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:23 GMT
dottyLn=en; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:23 GMT
wwwLn=en; domain=.dot.tk; path=/; expires=Mon, 11-Sep-2023 06:17:23 GMT
Date: Sun, 10 Sep 2023 06:17:23 GMT
Location: http://www.dot.tk/en/index.html?lang=en
Via: 1.1 google
www.dot.tk/en/index.html?lang=en
200 OK 25 kB URL GET HTTP/1.1 www.dot.tk/en/index.html?lang=en
IP
Requested by http://www.dot.tk/en/index.html?lang=en
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (461), with CRLF line terminators
Hash e30a239230e3e62ad63df3176102af9f
ad07bd7c0a2ff5ea796fdbcebabd6b7e26f69260
81c36643abab220e867da2649c87591d94b8832dff772fd2cf4ff4f97fedc416
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
suricata medium ET POLICY HTTP Request to a *.tk domain
GET /en/index.html?lang=en HTTP/1.1
Host: www.dot.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.dot.tk/en/index.html?lang=en
DNT: 1
Connection: keep-alive
Cookie: mydottk_languagenr=0; dottyLn=en; wwwLn=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.8
Content-Length: 25126
X-GUploader-UploadID: ADPycds94yHqhr-HbGG9xUQZNGC5PT8irw-3yBk2Adn3-XpSe-Vbooel2hJnfdcVCLQ7saxzE4cAMl1N_hhsPDqvQN7b6jFFcCHT
x-goog-generation: 1672672451334279
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 25126
Content-Language: en
x-goog-hash: crc32c=4oOb/Q==, md5=4wojkjDj5irWPfMXYQKvnw==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Via: 1.1 google
Date: Sun, 10 Sep 2023 06:11:43 GMT
Age: 340
Last-Modified: Mon, 02 Jan 2023 15:14:11 GMT
ETag: "e30a239230e3e62ad63df3176102af9f"
Content-Type: text/html
Cache-Control: max-age=600,public
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
200 OK 22 kB URL GET HTTP/2 netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (305)
Hash 1f9e9d1a5a1d347d945ef4b7727f2ea0
2a8eccf4ac288eb99979b62dcc1cc1036d8ff8fa
3083e8d3b21ddc3f0e6d65ec3580aa6edfaadca5d9737d9caa27e6a233e1ccf3
GET /font-awesome/4.0.3/css/font-awesome.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Sep 2023 06:17:22 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 601, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-cachedat: 2021-08-03 04:14:00
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6358afe6e12aefed963ad27f3935d6d1
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 8237322
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80458c2c4eb91c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,300,100,700
200 OK 2.9 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Lato:400,300,100,700
IP
Requested by http://www.dot.tk/en/index.html?lang=en
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT
File type ASCII text, with very long lines (2953), with no line terminators
Hash 78e176fc4db0d1fed74c8df682c9c1a0
5f3d28a9d2970cb075eeb934743930ce0a9d5310
80038751fc7ec473f4eeb040133d6baec8e411949c3bc38ee9fa00fa53ae06b1
GET /css?family=Lato:400,300,100,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.dot.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 10 Sep 2023 06:17:22 GMT
date: Sun, 10 Sep 2023 06:17:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
195.20.49.214
142.250.74.106
52.19.35.25
88.198.252.121
104.18.15.101
0.0.0.0