| hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email |  172.67.220.154 | 403 Forbidden | 6.5 kB |
URL User Request GET hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email IP172.67.220.154:443
CertificateIssuerGoogle Trust Services Subjecthubdrive.fit Fingerprint34:AB:7C:58:29:F7:D3:47:DC:C1:B4:4A:81:89:1E:EE:B0:2C:90:A5 ValiditySat, 26 Apr 2025 22:02:46 GMT - Fri, 25 Jul 2025 23:01:09 GMT
File typeHTML document, ASCII text, with very long lines (508) Hash6fd8736dc8f0508c516be0a22ed983d1 3ad2e3b9cf38b9f4e20150b7783d51c26e28f48d 1e838719b3df8f3e4d67819707e37e5d12950d1f75e7fa2a5a929cf788c0a802
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.fit Domain |
GET /gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email HTTP/1.1
Host: hubdrive.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 08 May 2025 21:12:13 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pSu%2FSc7cO%2B%2B%2F12GDd0QMerJXEEgXGrdYI38wOusDvTEDnXRy0o9QJ7poJJmqN7eAzjnIaV7DD8gf4jwF5k7BTw5BUEki6FdYbzYQNnD2O6BJJv5RRtboIi8rqr%2F198A%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 93cbf43c898e0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email | 172.67.220.154 | 403 Forbidden | 5.4 kB |
URL User Request GET hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email IP172.67.220.154:80
File typeHTML document, ASCII text, with very long lines (501) Hashed493251ddb5612d3493245d03d328e9 f6147af3ef5333bbdf11c308365e0230c4dd2921 ca21943899ad6154e9694afc528017bfd783698c8983272e1f5c2355c1896efb
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.fit Domain |
GET /gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email HTTP/1.1
Host: hubdrive.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 08 May 2025 21:12:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8MldQpc4MNg6mxGRCnoAJDEXmXhrO%2BpWu4qNnV47HKctV2iu2mxnE2IT6mq4L%2BbGNPdifyxwIdYq34SXCYA85P0SuANzOZvlkmpMZ5P7MxNEc4JT9G7QXmq4%2FcgnPY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93cbf43e4ded568f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=481&min_rtt=481&rtt_var=240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=576&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| performance.radar.cloudflare.com/beacon.js | 104.18.31.78 | 403 Forbidden | 0 B |
URL GET performance.radar.cloudflare.com/beacon.js IP104.18.31.78:443
Requested byhttp://hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email CertificateIssuerGoogle Trust Services Subjectradar.cloudflare.com Fingerprint5B:1E:A5:CE:2E:DD:59:C6:10:BD:7A:4D:D4:F7:39:92:56:3F:1A:2E ValidityMon, 21 Apr 2025 20:03:54 GMT - Sun, 20 Jul 2025 21:03:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon.js HTTP/1.1
Host: performance.radar.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 08 May 2025 21:12:14 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="93cbf43fee825693"
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=0ggTTuo4QjQDgJ2mu51sBIvvjYdzDwdmullY_3gkrPg-1746738734-1.0.1.1-pWEYt22DJuY0fjPxcOLeqJ0wp1ZXT2Ek9Mwuk5_5eqgH_F30N.lnOoSJbXB6mOPBcut4RenDPSPBVJ_BbyCGNvMWuVW86wr4HQe28MVPko0; path=/; expires=Thu, 08-May-25 21:42:14 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 93cbf43fee825693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| hubdrive.fit/cdn-cgi/styles/main.css | 172.67.220.154 | 200 OK | 8.0 kB |
URL GET hubdrive.fit/cdn-cgi/styles/main.css IP172.67.220.154:80
Requested byhttp://hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email
File typeASCII text, with very long lines (8012) Hashff26f59e28a5fe6ea4ab23586415696b 4182675484d175e363cd34b43041b7b1af93d0cd d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.fit Domain |
GET /cdn-cgi/styles/main.css HTTP/1.1
Host: hubdrive.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 May 2025 21:12:14 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2025 09:55:49 GMT
ETag: W/"6819dca5-1f4d"
Server: cloudflare
CF-RAY: 93cbf43fa991568f-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 08 May 2025 23:12:14 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
|
IP172.67.220.154:80
Requested byhttp://hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email
File typeHTML document, ASCII text, with very long lines (501) Hashc2983aa258206def6b4362310efed316 552d5a2cbe9cf05e2653000cb6dc1c731cb040da 0f7a930969072f61e8428a0f2475a66e88be087f0b416d6e46d1c8b0480b6792
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.fit Domain |
GET /favicon.ico HTTP/1.1
Host: hubdrive.fit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hubdrive.fit/gsign.php?authuser=0&code=4/0aanrrrsicogh7tlpm01ad47uibn6enlppiyjkfld4z_3drrky0jms9qgcqoicjhgqxhuvw&prompt=consent&scope=email+openid+https:/www.googleapis.com/auth/userinfo.email
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 08 May 2025 21:12:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3VtcQtI7FLXVNKppRg5nwVMvaddt0%2BvTCQiRcnjbXu%2FAGXgGzGZb%2FNllc6OKhLzsLgF6AR%2Fwjpz%2F8ltHn0e6HiC38VLBRL3WyJtVnh0tguBKWKPlyAQ4WXf0VhPOvs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93cbf440ab26568f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=580&min_rtt=481&rtt_var=96&sent=8&recv=12&lost=0&retrans=0&sent_bytes=5656&recv_bytes=1637&delivery_rate=7891008&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|