| ww12.tv0800.zip/favicon.ico |  13.248.148.254 | 200 OK | 0 B |
URL GET ww12.tv0800.zip/favicon.ico IP13.248.148.254:80
Requested byhttp://ww12.tv0800.zip/?usid=25&utid=10477097343
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /favicon.ico HTTP/1.1
Host: ww12.tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww12.tv0800.zip/?usid=25&utid=10477097343
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Wed, 30 Apr 2025 03:56:10 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy, nginx
|
IP67.225.218.50:443
CertificateIssuerLet's Encrypt Subjecttv0800.zip Fingerprint0D:E7:7C:9A:EA:E2:40:4D:7B:1A:17:EF:BF:EF:D0:09:EF:75:07:77 ValidityMon, 28 Apr 2025 00:12:46 GMT - Sun, 27 Jul 2025 00:12:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 30 Apr 2025 03:56:08 GMT
content-type: text/html
content-length: 0
location: http://ww12.tv0800.zip/?usid=25&utid=10477097343
cache-control: no-cache
pragma: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
| ww12.tv0800.zip/?usid=25&utid=10477097343 | 13.248.148.254 | 200 OK | 2.5 kB |
URL User Request GET ww12.tv0800.zip/?usid=25&utid=10477097343 IP13.248.148.254:80
File typeHTML document, ASCII text Hash3606b07b062a9572fd449e6749e781c3 9ea5768f9006ca124e6eacb66098a57c7adc626f 32eed1f457176eb69da1baedf51741531a829a27e3dfb3ff52729633bfea9c44
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /?usid=25&utid=10477097343 HTTP/1.1
Host: ww12.tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Length: 992
Content-Type: text/html; charset=UTF-8
Date: Wed, 30 Apr 2025 03:56:09 GMT
Server: Caddy, nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_V7PUCHorrmxjlx5+OOnKO9MBYlQSqDCOfETtUzMJR4TQ/6W2M1gmGnH/oW2Z9Z1g7UaZkvFIoYYPyfgWeaHDHQ==
X-Buckets: bucket011
X-Domain: tv0800.zip
X-Language: norwegian
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Blix Solutions
X-Redirect: blank
X-Subdomain: ww12
X-Template: tpl_CleanPeppermintBlack_twoclick
|
| parking3.parklogic.com/page/enhance.js?pcId=12&domain=tv0800.zip | 172.232.7.47 | 200 OK | 1.6 kB |
URL GET parking3.parklogic.com/page/enhance.js?pcId=12&domain=tv0800.zip IP172.232.7.47:443 ASN#63949 Akamai Connected Cloud
Requested byhttp://ww12.tv0800.zip/?usid=25&utid=10477097343 CertificateIssuerLet's Encrypt Subjectenhance-lb01.parklogic.com FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51 ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
File typeJavaScript source, ASCII text Hashf130d73d90cdfee3bb06db769478db7d 6180965c714b9aff107340c4ba985361ac664a2f e3d0a1eb098231175060fbc598e788d5c4491e30334d2f39ed5f6b87aa5a9e78
GET /page/enhance.js?pcId=12&domain=tv0800.zip HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww12.tv0800.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Apr 2025 03:56:09 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
| parking3.parklogic.com/page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null | 172.232.7.47 | 200 OK | 0 B |
URL GET parking3.parklogic.com/page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null IP172.232.7.47:443 ASN#63949 Akamai Connected Cloud
Requested byhttp://ww12.tv0800.zip/?usid=25&utid=10477097343 CertificateIssuerLet's Encrypt Subjectenhance-lb01.parklogic.com FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51 ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww12.tv0800.zip/
Origin: http://ww12.tv0800.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Apr 2025 03:56:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|