Report - fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar

Report Overview

Visited public
2025-03-17 22:36:12
Tags
URL
fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Finishing URL
fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
IP / ASN
172.67.73.154
#13335 CLOUDFLARENET
Title
Fikper

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sapi.fikper.com	unknown	2022-01-28	2022-11-16	2025-03-13	1.5 kB	4.3 kB	104.26.9.220
wss	unknown	unknown	2025-03-02	2025-03-16	595 B	779 B	172.67.73.154
fikper.com	unknown	2022-01-28	2022-01-28	2025-03-09	7.7 kB	1.0 MB	104.26.9.220
questioningcomplimentarypotato.com	unknown	2024-08-28	2024-12-07	2025-03-09	922 B	1.2 kB	172.240.108.68
ansuksar.com	unknown	2024-10-28	2025-01-07	2025-03-13	417 B	1.5 kB	23.109.170.223
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-12	889 B	5.3 kB	142.250.74.10
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-12	431 B	358 kB	142.250.74.136
zz.medinaossal.com	unknown	2024-11-14	2025-01-07	2025-03-13	421 B	1.6 kB	23.109.170.153
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-12	554 B	20 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-17	medium	questioningcomplimentarypotato.com	Sinkholed
2025-03-17	medium	medinaossal.com	Sinkholed
2025-03-17	medium	ansuksar.com	Sinkholed
2025-03-17	medium	questioningcomplimentarypotato.com	Sinkholed
2025-03-17	medium	wss	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	fikper.com/static/js/688.832e25b8.chunk.js	ScriptElement	19 kB	2025-01-04	2025-05-14
Pretty URL fikper.com/static/js/688.832e25b8.chunk.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-04 18:48 Last Seen2025-05-14 06:12 Times Seen116 Hash 3172b98b30709e9e496df4c59582afbd 85159aacb24172c633078f05f320423d8effd6de 0f6d16d0154a11d1dddf9c6d82c9f86122752db31952f1bce823863117809048 Loading...

	fikper.com/static/js/121.2588d6c5.chunk.js	ScriptElement	55 kB	2025-01-04	2025-05-14
Pretty URL fikper.com/static/js/121.2588d6c5.chunk.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-04 18:48 Last Seen2025-05-14 06:12 Times Seen116 Hash c098b60a23007c68886ca2db63f0a114 e6ed8a20096a35194d81ebbf0ef869a9aadaa415 8114b5a6a65c9c565091eb373da2ede899a7ad01ef57040c5a2da4c1aa898ab9 Loading...

	fikper.com/static/js/401.45bba9e5.chunk.js	ScriptElement	123 kB	2025-01-04	2025-05-14
Pretty URL fikper.com/static/js/401.45bba9e5.chunk.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-04 18:48 Last Seen2025-05-14 06:12 Times Seen116 Hash 8a1a336ee249f58f74c90f81a9611aa2 99933134a5376aefc6c45e936beb1e8f6d5b04eb 70ab31ce950dc33560b3014f78d29acf3ff9e6e1dd54c2ab1e840b8c115d0036 Loading...

	ansuksar.com/gcMNbLmIOYguTo/114416	ScriptElement	6 B	2023-03-07	2025-06-03
Pretty URL ansuksar.com/gcMNbLmIOYguTo/114416 IP 23.109.170.223 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-03 15:24 Times Seen8354 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	fikper.com/static/js/main.84097885.js	ScriptElement	752 kB	2025-02-12	2025-04-01
Pretty URL fikper.com/static/js/main.84097885.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-12 22:03 Last Seen2025-04-01 22:10 Times Seen51 Hash 2f3420cfdc7224b3cbee2a48b73a21eb 25b9b94038ebd760b748a2bf419367809faca11d 5f88d12c04bf4a2b95211ea3acf8a98812820af31d7e1abff5f3e29cd929a922 Loading...

	fikper.com/static/js/449.ba886c61.chunk.js	ScriptElement	26 kB	2025-01-20	2025-05-14
Pretty URL fikper.com/static/js/449.ba886c61.chunk.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-20 21:09 Last Seen2025-05-14 06:12 Times Seen99 Hash 9a211aa9f371d249aab8dc10b2c0b877 ecdd84ccbf5d6706a282e1e8395f28ba372dee59 7e5523f7d9a2753967b98f4ed19d39181a51a3ed9eb7218a9c3c419503237b90 Loading...

	www.googletagmanager.com/gtag/js?id=G-0FTK342ZZ1	ScriptElement	357 kB	2025-03-17	2025-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=G-0FTK342ZZ1 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-17 22:36 Last Seen2025-03-17 22:36 Times Seen1 Hash 309291d163ec8ca9fd97017e412e8746 5a69480b88f3b2b8bafd08b5b883e948a957ceee a277171bfd46be7575abda757b3baac53e0e49dec8242df67d7ba67c44f42e44 Loading...

	zz.medinaossal.com/fa2Y0gFuftYt/114415	ScriptElement	6 B	2023-03-07	2025-06-03
Pretty URL zz.medinaossal.com/fa2Y0gFuftYt/114415 IP 23.109.170.153 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-03 15:24 Times Seen8354 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	fikper.com/static/js/226.f096ef2d.chunk.js	ScriptElement	26 kB	2025-02-12	2025-04-01
Pretty URL fikper.com/static/js/226.f096ef2d.chunk.js IP 104.26.9.220 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-12 22:03 Last Seen2025-04-01 22:10 Times Seen49 Hash 915ac4c77c151becb98ba3a45d24c410 a44858e2ce16ef5b1c46948d37c4f931271b6813 4d5b44af83a5e4c8240fc11365f4a148685787d2dbcdd74bb91aeb5cd9c56ad5 Loading...

HTTP Transactions (28)

URL IP Response Size

fikper.com/static/js/688.832e25b8.chunk.js

104.26.9.220

200 OK

19 kB

URL GET
fikper.com/static/js/688.832e25b8.chunk.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (19254), with no line terminators
Size
19 kB (19254 bytes)
Hash
3172b98b30709e9e496df4c59582afbd
85159aacb24172c633078f05f320423d8effd6de
0f6d16d0154a11d1dddf9c6d82c9f86122752db31952f1bce823863117809048

HTTP Headers

GET /static/js/688.832e25b8.chunk.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-4b36"
expires: Fri, 04 Apr 2025 08:26:20 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 1087770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KV6gbd0Jb5pRHvJTaVZjkEGjbowSps1lqAJYYYGrhjUOYndlb%2BLBxBeO2TnmVLmo%2BFaRyOCjDJMciYirSUIvf%2FgFOtuSP6PnbRXDQikGylooKrCRFPc0hLcQnaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735c8e056a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=692&min_rtt=423&rtt_var=151&sent=237&recv=138&lost=0&retrans=0&sent_bytes=297059&recv_bytes=2182&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=965&x=0"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-0FTK342ZZ1

142.250.74.136

200 OK

357 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-0FTK342ZZ1
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
357 kB (356881 bytes)
Hash
309291d163ec8ca9fd97017e412e8746
5a69480b88f3b2b8bafd08b5b883e948a957ceee
a277171bfd46be7575abda757b3baac53e0e49dec8242df67d7ba67c44f42e44

HTTP Headers

GET /gtag/js?id=G-0FTK342ZZ1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 17 Mar 2025 22:35:50 GMT
expires: Mon, 17 Mar 2025 22:35:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 119467
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

questioningcomplimentarypotato.com/3e/19/1c/3e191cb89769cd8cd2c2f0d929e26919.js

172.240.108.68

403 Forbidden

0 B

URL GET
questioningcomplimentarypotato.com/3e/19/1c/3e191cb89769cd8cd2c2f0d929e26919.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerLet's Encrypt
Subjectquestioningcomplimentarypotato.com
Fingerprint99:B2:3F:2D:64:38:39:7B:3B:42:43:64:EA:76:9F:F1:A4:D3:CC:CC
ValidityTue, 25 Feb 2025 21:49:56 GMT - Mon, 26 May 2025 21:49:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /3e/19/1c/3e191cb89769cd8cd2c2f0d929e26919.js HTTP/1.1
Host: questioningcomplimentarypotato.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Mon, 17 Mar 2025 22:35:51 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 0
Host: questioningcomplimentarypotato.com

zz.medinaossal.com/fa2Y0gFuftYt/114415

23.109.170.153

200 OK

6 B

URL GET
zz.medinaossal.com/fa2Y0gFuftYt/114415
IP
23.109.170.153:443
ASN
#7979 SERVERS-COM

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerLet's Encrypt
Subjectzz.medinaossal.com
FingerprintF9:04:D3:F3:62:29:C3:CA:C7:61:91:4E:98:06:B9:45:DB:71:5A:4F
ValiditySun, 19 Jan 2025 04:03:32 GMT - Sat, 19 Apr 2025 04:03:31 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fa2Y0gFuftYt/114415 HTTP/1.1
Host: zz.medinaossal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Mar 2025 22:35:50 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Origin
Access-Control-Expose-Headers: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Megageocheckolololo, X-Forwarded-For, X-Requested-With, Cache-Control, Pragma, Expires
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS
Set-Cookie: GGI10=G/YAAMSwOZVtTpfw3ZDjC4Aj6+dntuOB6sMGG+0WpO08yFaOUWDZLTOalHTRkdF/ewP/D8LTiCsQGAJr8KwssoIig0bolyA4X0SeDNfnpBA/yma0n6BRaYKAF42BZZb6TRv1bYoed095bv+/IU6pwW9S0IjbunWexRP1KLN+s4DPwu9M0gMEC1rJLR9H3cyqKacnyFmI0yCBtprZlQuIQKOt7Nz8XGEhb7RBSy/ayKXev18=; max-age=3600000; path=/; secure; SameSite=None
GUI4=G9kDAMRQnU1rdNODldiBgqv9J4LR4ZIpRP//vdPfGiAhh/bGvK81pv6iBLaFAYf/eEDZX79sWlES23jH+ZnyC+h/BfcJugQcr2a+Spl4kUudh1pyfvtxGHXpyfm/6l14csbpWPecBaFLH52XIrsbrw2DlBknEdqjUJCtRLH8CRyMHXaHMPIPNMwOiZ+mh90uoml0oMyPyjICQTQG4AssrYMjjlUQfJtTBUeItkBwbYRr+RbFh1BcDk3R9gfOzTdwgECZvJCvansmZmiKWl9FJ0o0tR7RxpKbqSssCJHIVSOPXozMBcX7RmAaOTRuJ+OS7oiHZeWjuObgDENbRRhprx44SQdVi1x8coQULb+KJJ+cg8YxSJfe2lt5pbe17j1KUAAe5e08pTanGtSQH0hQzmwxlVQWvOOf0RqLdTeC7NL5yqNz7YU9l5kbLmS5vodMb6hJTYSEJFraaKuNkmSsCzVtpYasataQshbbfhA7mt1FZBkjR1aKvqhnvC4B8R8QjEMeHmg1RWyNShIFiNqVuHpJ1PLMsq6ivmeuWhIsnYWrr5ZepTS7mSz9Z5CkaE2cpSs7KVG7B500yYXKCt02; max-age=3600000; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

fikper.com/static/js/449.ba886c61.chunk.js

104.26.9.220

200 OK

26 kB

URL GET
fikper.com/static/js/449.ba886c61.chunk.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (26322), with no line terminators
Size
26 kB (26322 bytes)
Hash
9a211aa9f371d249aab8dc10b2c0b877
ecdd84ccbf5d6706a282e1e8395f28ba372dee59
7e5523f7d9a2753967b98f4ed19d39181a51a3ed9eb7218a9c3c419503237b90

HTTP Headers

GET /static/js/449.ba886c61.chunk.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-66d2"
expires: Fri, 21 Mar 2025 19:23:57 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 2257913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8kXuZ0gKVVh1wTRKpLIMNDksJSIRWs%2BJTAQhxTrguxXR4yZyCZpgDrSaFuMhX3O12gZcczj2x9LnkQi%2F2V8ITS79gUZd%2Br1STm4SdecK4shCMe%2BWyDAcar3QwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735b8d956a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=672&min_rtt=423&rtt_var=121&sent=244&recv=140&lost=0&retrans=0&sent_bytes=304165&recv_bytes=2182&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=966&x=0"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

142.250.74.35

200 OK

19 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18792, version 1.0
Size
19 kB (18792 bytes)
Hash
74795056a2358804684c7e9d0479f484
7030f4f33183b8de843e82eedb9cb6a6cdd107c3
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fikper.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18792
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:26:58 GMT
expires: Fri, 13 Mar 2026 09:26:58 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
age: 392932
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fikper.com/apple-touch-icon.png

104.26.9.220

200 OK

5.5 kB

URL GET
fikper.com/apple-touch-icon.png
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
5.5 kB (5451 bytes)
Hash
9f08a813e331ac114f64ef3640479b48
c88ddfc0a92d024e4b926a6f0d67c2e3dd47f79f
f10d34271a5edeffc3806da2de881e5bac89e554e0e2e9ed78440acac087165a

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Cookie: hash=NzlRuKIdB1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: image/png
content-length: 5451
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=7798
etag: "67961948-1e76"
expires: Tue, 01 Apr 2025 15:01:43 GMT
last-modified: Sun, 26 Jan 2025 11:15:20 GMT
pragma: public
cf-cache-status: HIT
age: 1323247
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDEgy0nFu86EG5FbyP8jjCYaugU2wpH2srjyLtRhVloGLbJZICocq81l9dhze5rGC1OBXh59W1XKD2fN7AqIT0ThUhb7XpFpG2k6wkBeD%2BCwgQiJqfYMF1tbBZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff738fc7756a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1167&min_rtt=423&rtt_var=830&sent=283&recv=158&lost=0&retrans=0&sent_bytes=327479&recv_bytes=3110&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1484&x=0"
X-Firefox-Spdy: h2

fikper.com/img/download.png

104.26.9.220

200 OK

15 kB

URL GET
fikper.com/img/download.png
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
PNG image data, 492 x 98, 8-bit/color RGB, non-interlaced
Size
15 kB (14965 bytes)
Hash
47bb79fbb6e7fef4cb4c43faf8c75a90
0a511dc8af9f070b0388248b4bf628906cd10850
54a5527d9ec16810be48d1410fa20b9976689cbeeb2d0b4643e313c6718a777a

HTTP Headers

GET /img/download.png HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Cookie: hash=NzlRuKIdB1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: image/png
content-length: 14965
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15395
etag: "67961948-3c23"
expires: Fri, 11 Apr 2025 01:54:33 GMT
last-modified: Sun, 26 Jan 2025 11:15:20 GMT
pragma: public
cf-cache-status: HIT
age: 506477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bgD36SpD0YWLkhBnQ8ammCKddmtccT7vrYoQYZorJDVprGqGr0QOhaSC92jsxJNY%2BSMvYaX5tn7WcwsGsATlEK2n3D9GfQQGOqdUQ%2FmJhtIK%2Ftqt3ur%2FnlJUbo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff739ad1256a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1155&min_rtt=423&rtt_var=646&sent=289&recv=160&lost=0&retrans=0&sent_bytes=333475&recv_bytes=3204&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1592&x=0"
X-Firefox-Spdy: h2

fikper.com/static/js/main.84097885.js

104.26.9.220

200 OK

752 kB

URL GET
fikper.com/static/js/main.84097885.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
752 kB (752421 bytes)
Hash
2f3420cfdc7224b3cbee2a48b73a21eb
25b9b94038ebd760b748a2bf419367809faca11d
5f88d12c04bf4a2b95211ea3acf8a98812820af31d7e1abff5f3e29cd929a922

HTTP Headers

GET /static/js/main.84097885.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:49 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-b7b25"
expires: Sun, 13 Apr 2025 19:08:56 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 271613
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROetD9JzUbiZYScRVnMrcAhScOixBTDXRSRPq829F5kzoogwM7cJ71Hh85J5uVfXBe07VZXIS2AfqpjmUCpGmcSu2JyXcrsWLiVoP6mb%2Fr3xoa%2BTdtU0Gx2Tllg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff732cd3556a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=3571&min_rtt=423&rtt_var=6199&sent=14&recv=17&lost=0&retrans=0&sent_bytes=5105&recv_bytes=1544&delivery_rate=7451114&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=505&x=0"
X-Firefox-Spdy: h2

fikper.com/static/js/401.45bba9e5.chunk.js

104.26.9.220

200 OK

123 kB

URL GET
fikper.com/static/js/401.45bba9e5.chunk.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
123 kB (123359 bytes)
Hash
8a1a336ee249f58f74c90f81a9611aa2
99933134a5376aefc6c45e936beb1e8f6d5b04eb
70ab31ce950dc33560b3014f78d29acf3ff9e6e1dd54c2ab1e840b8c115d0036

HTTP Headers

GET /static/js/401.45bba9e5.chunk.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-1e1df"
expires: Fri, 04 Apr 2025 08:26:20 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 1087770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xKxW4dxQnSml6vUBd0bUIyfTrl%2FFBT03tFz2pxdPK6d2Ixum79iujw0BjaSCLCc0CYlBeysEPuAPR3iCHqkFv4ixmvv0bGSbkuC2dlX5d4bNRbBKeV9vubfqNks%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735b8dc56a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=679&min_rtt=423&rtt_var=114&sent=208&recv=136&lost=0&retrans=0&sent_bytes=259393&recv_bytes=2182&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=963&x=0"
X-Firefox-Spdy: h2

fikper.com/locales/en/site.json

104.26.9.220

200 OK

66 B

URL GET
fikper.com/locales/en/site.json
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
ASCII text, with no line terminators
Size
66 B (66 bytes)
Hash
32275ace0911c33993ecbc6be2df345d
e572cfdcb9d3b7410d7422a8a2cd9d32e16a4e4c
47e232f06856cb543c02f129dc0f4d831d7d80df4a0b48e7221a97e810a42317

HTTP Headers

GET /locales/en/site.json HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/json
last-modified: Monday, 17-Mar-2025 22:35:50 GMT
cache-control: no-store, no-cache
x-cnt: NO
access-control-expose-headers: X-Cnt
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yNI%2BfDivRl3fadDnfC208uoOfhrK1QLshaAr%2FOmWVePTf0L1eCgd0u6da5u94rlsJaUsN2Lt18U4qLPEETopzCPQD5W4US%2FrA4DRLxn8e6eSwpIjzGAueWOGhc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff736098256a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=699&min_rtt=423&rtt_var=124&sent=268&recv=149&lost=0&retrans=0&sent_bytes=323415&recv_bytes=2472&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1139&x=0"
X-Firefox-Spdy: h2

fikper.com/static/css/main.66597b7d.css

104.26.9.220

200 OK

246 B

URL GET
fikper.com/static/css/main.66597b7d.css
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
ASCII text, with no line terminators
Size
246 B (246 bytes)
Hash
394d1d9d5959623f7588a8ead02b8615
d8975104f94c57db964bb1b5c58114d87ec916dd
e545c41f748832fe4e72b0b59070121fedd30e68e5dc4c21c5c7672056943d17

HTTP Headers

GET /static/css/main.66597b7d.css HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:49 GMT
content-type: text/css
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-f6"
expires: Thu, 27 Mar 2025 05:56:30 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 1787959
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZxAi3bd5ktb3A0L6vcEF67igbqxvYxEIowhpkSX0ZuUb9VzFLFByf%2BOEyiLmBzIe6zyT2ivg4seL4dwy0AAbkMs62Le1r9wuNLaniXKgX%2Bz4jVD6BIHaeyhDIwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff732cd3656a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4510&min_rtt=423&rtt_var=8129&sent=12&recv=15&lost=0&retrans=0&sent_bytes=4369&recv_bytes=1544&delivery_rate=7451114&cwnd=256&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=491&x=0"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Lalezar&display=swap

142.250.74.10

200 OK

2.1 kB

URL GET
fonts.googleapis.com/css2?family=Lalezar&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (2135), with no line terminators
Size
2.1 kB (2099 bytes)
Hash
562cd5b6db5922724bb6c02d87b6c77d
c4153994e1ae0b6a1544e8a9a6e1a6ef00421b80
91f9ce2d3c7d26e92dbc8eb66d30414ecfea9f0b945a72ec56de6b0d60a75729

HTTP Headers

GET /css2?family=Lalezar&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 17 Mar 2025 22:35:49 GMT
date: Mon, 17 Mar 2025 22:35:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fikper.com/static/js/121.2588d6c5.chunk.js

104.26.9.220

200 OK

55 kB

URL GET
fikper.com/static/js/121.2588d6c5.chunk.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (54573), with no line terminators
Size
55 kB (54573 bytes)
Hash
c098b60a23007c68886ca2db63f0a114
e6ed8a20096a35194d81ebbf0ef869a9aadaa415
8114b5a6a65c9c565091eb373da2ede899a7ad01ef57040c5a2da4c1aa898ab9

HTTP Headers

GET /static/js/121.2588d6c5.chunk.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-d52d"
expires: Fri, 04 Apr 2025 08:26:20 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 1087770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G7qBK8T7bfnugiEks1r7xbV2CX1T%2Fsf1R3LYg47iSbn3gFh%2B9eSzQnQDC5cHgiWvSJFM6UNxSLCn71yCVjnKs5CO6FgY4p0ipmu9Y5tcmOdiUSmG4C3nQ%2F9gNnA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735a8c456a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=921&min_rtt=423&rtt_var=125&sent=193&recv=124&lost=0&retrans=0&sent_bytes=242914&recv_bytes=1914&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=954&x=0"
X-Firefox-Spdy: h2

fikper.com/static/css/226.cc3f0f88.chunk.css

104.26.9.220

200 OK

138 B

URL GET
fikper.com/static/css/226.cc3f0f88.chunk.css
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
ASCII text, with no line terminators
Size
138 B (138 bytes)
Hash
823c1c0e2d6eb07c9654586bc644920f
e96a4c0f8b7427797204f52cd8a4ccf2a95a639e
c696ba9be771da31d54ee9482c016c1e0da98c0b63bc69af15d68d82f0611175

HTTP Headers

GET /static/css/226.cc3f0f88.chunk.css HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: text/css
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-8a"
expires: Fri, 04 Apr 2025 08:26:20 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 1087770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql%2B%2FLcxPtf0cX7%2BCNR3Wuis8atjSU6I3Q00xX0PZTP4HmoRlTtzSJdooGxOiAdsv1bPUoKSi%2BDT50OGsnEBHS0aCLldZu1oKJYOQEyh8WfGsaOkhe8%2Bu%2BhlDSj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735c8e656a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=656&min_rtt=423&rtt_var=96&sent=253&recv=142&lost=0&retrans=0&sent_bytes=314224&recv_bytes=2182&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=968&x=0"
X-Firefox-Spdy: h2

fikper.com/locales/en/translation.json

104.26.9.220

200 OK

747 B

URL GET
fikper.com/locales/en/translation.json
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
ASCII text, with very long lines (829), with no line terminators
Size
747 B (747 bytes)
Hash
1bac98cd0436f73a3da8bb154365e333
936a4e220c4299f2f5576b597ce4f0f00bc40b7a
181cce519a8f8de6bcc4173e7d8580569eb86a347bb412e7db23e4dc7247041d

HTTP Headers

GET /locales/en/translation.json HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/json
last-modified: Monday, 17-Mar-2025 22:35:50 GMT
cache-control: no-store, no-cache
x-cnt: NO
access-control-expose-headers: X-Cnt
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0RFTmsLmoQdT3IXpn4XFjhGiECMONSto7qZsiw4zGSO46MQwy6UBufEgieKkRrcEmYdjCjcCslLUR6YLm%2F9A7SsPS3hVFG8uxYhAT%2BdNpLreMQ8hlWSJBhNYk2g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff736098056a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=655&min_rtt=423&rtt_var=94&sent=264&recv=147&lost=0&retrans=0&sent_bytes=321970&recv_bytes=2472&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1137&x=0"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Montserrat

142.250.74.10

200 OK

1.9 kB

URL GET
fonts.googleapis.com/css?family=Montserrat
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (1906), with no line terminators
Size
1.9 kB (1866 bytes)
Hash
f5ec513c09f9bc9d33600746b92585a3
6f145e5d20f222485c705d213a761db377a5ba9e
6c70f2579aaa62453e1492c49507fb9f4dd71b09b27af99e270bb1cba14e1c4f

HTTP Headers

GET /css?family=Montserrat HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 17 Mar 2025 22:35:49 GMT
date: Mon, 17 Mar 2025 22:35:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ansuksar.com/gcMNbLmIOYguTo/114416

23.109.170.223

200 OK

6 B

URL GET
ansuksar.com/gcMNbLmIOYguTo/114416
IP
23.109.170.223:443
ASN
#7979 SERVERS-COM

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerLet's Encrypt
Subjectansuksar.com
Fingerprint29:A2:1C:4D:2A:C7:B3:D6:97:8E:DF:73:F7:09:7D:07:75:74:F9:50
ValiditySun, 09 Mar 2025 11:35:32 GMT - Sat, 07 Jun 2025 11:35:31 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gcMNbLmIOYguTo/114416 HTTP/1.1
Host: ansuksar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Mar 2025 22:35:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://fikper.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Tue, 18-Mar-2025 22:35:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVxD0OgjAYBuB%2B30A0EpM3cgBOgEBwYPRncDA4cALERhualrSAejN3L6YOzyOE4CgEqx5hmSVlmhR5km0K0A1cncGtQVBZ92heIAdOc7AzmG076fx99KAWi%2BPnPakunqTrQArLnVbPuLZ6HJQ1Hvwz3zcXLdeH%2BgTqAwIP9r%2B%2FRgI0BasvLJUgIw%3D%3D; expires=Tue, 18-Mar-2025 22:35:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

questioningcomplimentarypotato.com/c36f8a09e177bd3f293e468a0a4d1f6e/invoke.js

172.240.108.68

403 Forbidden

0 B

URL GET
questioningcomplimentarypotato.com/c36f8a09e177bd3f293e468a0a4d1f6e/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerLet's Encrypt
Subjectquestioningcomplimentarypotato.com
Fingerprint99:B2:3F:2D:64:38:39:7B:3B:42:43:64:EA:76:9F:F1:A4:D3:CC:CC
ValidityTue, 25 Feb 2025 21:49:56 GMT - Mon, 26 May 2025 21:49:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c36f8a09e177bd3f293e468a0a4d1f6e/invoke.js HTTP/1.1
Host: questioningcomplimentarypotato.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Mon, 17 Mar 2025 22:35:51 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 1
Host: questioningcomplimentarypotato.com

fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar

104.26.9.220

200 OK

843 B

URL User Request GET
fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
HTML document, ASCII text, with very long lines (897), with no line terminators
Size
843 B (843 bytes)
Hash
88aabf478d96d6d878da1c662d2db9eb
fe8bfd1688e3d1269d4b30de32feaef3319f9709
8845bfda2f622cce0e7388c02878b09c3ff2e9d945217d17ddc70aed335e66de

HTTP Headers

GET /NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:49 GMT
content-type: text/html
last-modified: Monday, 17-Mar-2025 22:35:49 GMT
cache-control: no-store, no-cache
x-cnt: NO
access-control-expose-headers: X-Cnt
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHqgncI5pfe8KaOG6AI363prg3e0TrHNPQsWk022lwrYGz3xrxdv7DSer8wE73jqgwYtBBrcXAE3iEryme9Hg114SJ1DTcTV6Gih475AYoWDYfTyaiy4%2Ffsn5lk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff72ff9e356a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5755&min_rtt=453&rtt_var=10611&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1276&delivery_rate=7451114&cwnd=254&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=165&x=0"
X-Firefox-Spdy: h2

fikper.com/locales/en/messages.json

104.26.9.220

200 OK

4 B

URL GET
fikper.com/locales/en/messages.json
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
70b6da5beb15955484d90899ffd99e13
33c68ee6aad57ce22bc5d715902ebecfbcb65f02
0e97699b642fa7e5f65823f24afc99927dec7592ea23a43be23c55d3be89c97b

HTTP Headers

GET /locales/en/messages.json HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/json
content-length: 4
last-modified: Monday, 17-Mar-2025 22:35:50 GMT
cache-control: no-store, no-cache
x-cnt: NO
access-control-expose-headers: X-Cnt
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73zwKZCDhHxzFN1yU74q66v%2FPTWbJM0eHcHlgW2LAh7oZoohzNxzTUoX6T%2BtVjAe9OeoaX8TARN32cerCsp88tSWmoR9IkLKxYbO%2Bo%2BSEr24jiR8LVBsL0c1NCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff736198456a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=655&min_rtt=423&rtt_var=94&sent=266&recv=147&lost=0&retrans=0&sent_bytes=322923&recv_bytes=2472&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1138&x=0"
X-Firefox-Spdy: h2

sapi.fikper.com/

104.26.9.220

201 Created

366 B

URL POST
sapi.fikper.com/
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (390), with no line terminators
Size
366 B (366 bytes)
Hash
420e30156a7ca72addcf02fb244f538e
db43165d610a467f7d56b1b019230bdae0f76ed4
230ab2c9fc73ada575f6cf0a5ba310bea4c8a3d06c6ce3df3bc5b1ade7ed77fd

HTTP Headers

POST / HTTP/1.1
Host: sapi.fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 29
Origin: https://fikper.com
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 201 Created
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/json; charset=utf-8
content-length: 366
access-control-allow-origin: https://fikper.com
vary: Origin
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
etag: W/"16e-GzH1XvSaI+pdknYpLeOwij1uTrc"
x-cnt: NO
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1N92dRWTNRh9AD5URAewS38xeoTDwiBJMRswWfbMHyI8Copr3VgiwUmB56ark2dhT5RMJF11EekpTn6e%2BNlgqaflM0uRWWr5ZLgT1I49r8Zr9ajlyOwSUnG2kY%2Bm8tAkgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff7389c0856a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1197&min_rtt=423&rtt_var=1026&sent=277&recv=155&lost=0&retrans=0&sent_bytes=325627&recv_bytes=2923&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1462&x=0"
X-Firefox-Spdy: h2

fikper.com/favicon16.png

104.26.9.220

200 OK

295 B

URL GET
fikper.com/favicon16.png
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
295 B (295 bytes)
Hash
d049f6ab05392f4ea14ee9661d6219cd
b516c449cd33a565c57cb7c76456c47bac79ebf4
1a90c77c9024bff9624a95edc21de9b90cd24e0183905b7261411c7008c02fd0

HTTP Headers

GET /favicon16.png HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Cookie: hash=NzlRuKIdB1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: image/png
content-length: 295
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=378
etag: "67961948-17a"
expires: Tue, 01 Apr 2025 15:14:07 GMT
last-modified: Sun, 26 Jan 2025 11:15:20 GMT
pragma: public
cf-cache-status: HIT
age: 1322503
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eG7e3jjjEvH89U7ItyvYQcQWpR%2FM8cNHRGYezRkvX1fIK1YFWQxpe8DwBckJW%2BkMY5R%2FNcWbh7a%2BvpA6SjMHKlJnCe4YAOcmQ1T0a%2Fz4hlieclsnTNOSy33gkiE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff738fc7a56a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1167&min_rtt=423&rtt_var=830&sent=281&recv=158&lost=0&retrans=0&sent_bytes=326527&recv_bytes=3110&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1483&x=0"
X-Firefox-Spdy: h2

sapi.fikper.com/user/get-blog/NzlRuKIdB1

104.26.9.220

401 Unauthorized

37 B

URL GET
sapi.fikper.com/user/get-blog/NzlRuKIdB1
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
37 B (37 bytes)
Hash
f41a2fae0fca2bb9013e875933579c58
70be993c718b865b58b176d6acd7c7422b7a509e
f465215a8c067be6ba248bcc201f25565316fb5f3541bd3ecb764839333883c6

HTTP Headers

GET /user/get-blog/NzlRuKIdB1 HTTP/1.1
Host: sapi.fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fikper.com
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 401 Unauthorized
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/json; charset=utf-8
content-length: 37
access-control-allow-origin: https://fikper.com
vary: Origin
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
etag: W/"25-Y/9DhNk+fkg6hkvizDVGX7cBV4I"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2FHOTA%2B2sXFrYThuRG6ehkaqJ5ulgLoMxAWWHRyLm8Vj8JpqDoXqkue%2BYS%2BeTH%2FkI6ELrYkgmpOQwoiJPhDWHGPS8WdJvq3BHPt9G%2BcXimrZu%2FiK95zeerrI96NJvTp37g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff737ab0c56a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=695&min_rtt=423&rtt_var=101&sent=272&recv=152&lost=0&retrans=0&sent_bytes=323955&recv_bytes=2778&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1398&x=0"
X-Firefox-Spdy: h2

fikper.com/img/logo.png

104.26.9.220

200 OK

1.3 kB

URL GET
fikper.com/img/logo.png
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
PNG image data, 200 x 63, 8-bit gray+alpha, non-interlaced
Size
1.3 kB (1333 bytes)
Hash
d1a041ac0c7bd9fb72389afad55f10af
be64d57285234a2a2defaac049adf63f2e5f5299
b1239723d25593774b84e244ec29506046b64d1cf03651fd0df958f1abbde9ae

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:49 GMT
content-type: image/png
content-length: 1333
cache-control: public, max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2482
etag: "64da51eb-9b2"
expires: Mon, 14 Apr 2025 01:31:36 GMT
last-modified: Mon, 14 Aug 2023 16:10:19 GMT
pragma: public
cf-cache-status: HIT
age: 248653
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rYSLsCwvJa%2BOWUE5Oizd9NkOZHFck2xAgYzaar0%2F04r%2BdWIW%2FXQWJbfXbNcFQrn1%2B6U76O7S5CClY2amkSUvN0KwJg0HS%2FblzR4PU3KJpA0kG3TLDI8xnpiEGMk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735587e56a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1129&min_rtt=423&rtt_var=83&sent=189&recv=118&lost=0&retrans=0&sent_bytes=240971&recv_bytes=1647&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=900&x=0"
X-Firefox-Spdy: h2

sapi.fikper.com/

104.26.9.220

204 No Content

0 B

URL OPTIONS
sapi.fikper.com/
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: sapi.fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fikper.com/
Origin: https://fikper.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Mon, 17 Mar 2025 22:35:50 GMT
access-control-allow-origin: https://fikper.com
vary: Origin, Access-Control-Request-Headers
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
x-cnt: NO
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FusI3Suep557y6nHvSxrDdGo8e6tlPxIzLcP4F0s6OaM154h0fliLJNMU8Swwq1Kiag0Vzt%2FuX6w7zwtQ5A7SHfjrFmBnd9pchUPHEVl%2Bd7hUhgrw1HMuw0WSMwxk9ZVBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ff737bb1756a4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=765&min_rtt=423&rtt_var=216&sent=274&recv=153&lost=0&retrans=0&sent_bytes=324982&recv_bytes=2778&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=1400&x=0"
X-Firefox-Spdy: h2

wss://sapi.fikper.com/socket.io/?token=null&EIO=4&transport=websocket

172.67.73.154

101 Switching Protocols

0 B

URL GET
wss://sapi.fikper.com/socket.io/?token=null&EIO=4&transport=websocket
IP
172.67.73.154:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /socket.io/?token=null&EIO=4&transport=websocket HTTP/1.1
Host: sapi.fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://fikper.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GylWzuQIZz+YQWEhVmRp7Q==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 17 Mar 2025 22:35:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8iCjCjyoV+F90puNcU/FAgSUkEM=
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Jr7Gbdi0Lh4zbQFuRzj9tC4LA%2FY2MxBaWh80qSuRnsHZf4G1DKFMOMxs1rg6k1ZLB%2FUcZfW6STiuKCpF8IrEvEKsPw8A7sTHLfsKez2LIFp4e8XsRGX9f59ba9vxLFgUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 921ff7357ab0b500-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=459&min_rtt=426&rtt_var=144&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3108&recv_bytes=1198&delivery_rate=7912568&cwnd=252&unsent_bytes=0&cid=eaf0a85446726a0a&ts=151&x=0"

fikper.com/static/js/226.f096ef2d.chunk.js

104.26.9.220

200 OK

26 kB

URL GET
fikper.com/static/js/226.f096ef2d.chunk.js
IP
104.26.9.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Certificate
IssuerGoogle Trust Services
Subjectfikper.com
Fingerprint1E:C2:92:79:BB:54:C6:8B:1F:14:CE:04:95:A0:A3:AC:C5:A8:BD:98
ValiditySat, 25 Jan 2025 15:36:45 GMT - Fri, 25 Apr 2025 16:36:40 GMT

File type
JavaScript source, ASCII text, with very long lines (25813), with no line terminators
Size
26 kB (25813 bytes)
Hash
915ac4c77c151becb98ba3a45d24c410
a44858e2ce16ef5b1c46948d37c4f931271b6813
4d5b44af83a5e4c8240fc11365f4a148685787d2dbcdd74bb91aeb5cd9c56ad5

HTTP Headers

GET /static/js/226.f096ef2d.chunk.js HTTP/1.1
Host: fikper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fikper.com/NzlRuKIdB1/FFTotal.2025.03.MAC.MORiA.rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 22:35:50 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 18:36:13 GMT
etag: W/"67acea1d-64d5"
expires: Fri, 11 Apr 2025 23:57:03 GMT
cache-control: public, max-age=2592000
pragma: public
cf-cache-status: HIT
age: 427127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rJYD2os0LqGPnjPuP9FlOxyW7rC8VUkWOLfWvV1RPllQZ2QvKbBHKWmljn3REMGM0j360qFKwkpIxp3W5vtYR9OXa5MBTJQpzkTptH84ylAVtU7ob4d0kRNrJqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921ff735c8e756a4-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=656&min_rtt=423&rtt_var=96&sent=255&recv=142&lost=0&retrans=0&sent_bytes=314812&recv_bytes=2182&delivery_rate=65980295&cwnd=257&unsent_bytes=0&cid=e55f0fe451b1b67c&ts=968&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (28)

URL GET

IP

ASN

Requested by