GET ww12.tv0800.zip/favicon.ico
200 OK 0 B URL GET ww12.tv0800.zip/favicon.ico
IP
Requested by http://ww12.tv0800.zip/?usid=25&utid=10477097343
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.zip Domain
GET /favicon.ico HTTP/1.1
Host: ww12.tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww12.tv0800.zip/?usid=25&utid=10477097343
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Wed, 30 Apr 2025 03:56:10 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy, nginx
IP
Certificate IssuerLet's Encrypt
Subjecttv0800.zip
Fingerprint0D:E7:7C:9A:EA:E2:40:4D:7B:1A:17:EF:BF:EF:D0:09:EF:75:07:77
ValidityMon, 28 Apr 2025 00:12:46 GMT - Sun, 27 Jul 2025 00:12:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 30 Apr 2025 03:56:08 GMT
content-type: text/html
content-length: 0
location: http://ww12.tv0800.zip/?usid=25&utid=10477097343
cache-control: no-cache
pragma: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET ww12.tv0800.zip/?usid=25&utid=10477097343
200 OK 2.5 kB URL User Request GET ww12.tv0800.zip/?usid=25&utid=10477097343
IP
File type HTML document, ASCII text
Hash 3606b07b062a9572fd449e6749e781c3
9ea5768f9006ca124e6eacb66098a57c7adc626f
32eed1f457176eb69da1baedf51741531a829a27e3dfb3ff52729633bfea9c44
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.zip Domain
GET /?usid=25&utid=10477097343 HTTP/1.1
Host: ww12.tv0800.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Length: 992
Content-Type: text/html; charset=UTF-8
Date: Wed, 30 Apr 2025 03:56:09 GMT
Server: Caddy, nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_V7PUCHorrmxjlx5+OOnKO9MBYlQSqDCOfETtUzMJR4TQ/6W2M1gmGnH/oW2Z9Z1g7UaZkvFIoYYPyfgWeaHDHQ==
X-Buckets: bucket011
X-Domain: tv0800.zip
X-Language: norwegian
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Blix Solutions
X-Redirect: blank
X-Subdomain: ww12
X-Template: tpl_CleanPeppermintBlack_twoclick
GET parking3.parklogic.com/page/enhance.js?pcId=12&domain=tv0800.zip
200 OK 1.6 kB URL GET parking3.parklogic.com/page/enhance.js?pcId=12&domain=tv0800.zip
IP
ASN #63949 Akamai Connected Cloud
Requested by http://ww12.tv0800.zip/?usid=25&utid=10477097343
Certificate IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
File type JavaScript source, ASCII text
Hash f130d73d90cdfee3bb06db769478db7d
6180965c714b9aff107340c4ba985361ac664a2f
e3d0a1eb098231175060fbc598e788d5c4491e30334d2f39ed5f6b87aa5a9e78
GET /page/enhance.js?pcId=12&domain=tv0800.zip HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww12.tv0800.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Apr 2025 03:56:09 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET parking3.parklogic.com/page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null
200 OK 0 B URL GET parking3.parklogic.com/page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null
IP
ASN #63949 Akamai Connected Cloud
Requested by http://ww12.tv0800.zip/?usid=25&utid=10477097343
Certificate IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page/scribe.php?pcId=12&domain=tv0800.zip&aId=614&pId=2829&usid=25&utid=10477097343&query=null&domainJs=ww12.tv0800.zip&path=/&ss=true&lp=1&tzB=UTC&wd=false&gpu=null HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww12.tv0800.zip/
Origin: http://ww12.tv0800.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 30 Apr 2025 03:56:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
67.225.218.50