URL User Request GET HTTP/1.1IP 131.153.42.226:443
CertificateIssuerLet's Encrypt Subjectprpops.com Fingerprint84:2F:1F:62:92:AE:00:FE:76:FB:A6:8E:41:15:44:66:74:ED:0D:6A ValidityTue, 19 Nov 2024 09:10:32 GMT - Mon, 17 Feb 2025 09:10:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: prpops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 13 Dec 2024 08:56:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate, no-transform
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Location: http://www.pornwave.com/
Access-Control-Allow-Origin: *
|
URL User Request GET HTTP/1.1IP192.64.119.254:80
File typeHTML document, ASCII text Hasha5a406f64fc276a7aff4b17c85cb9d8e 0a21a922249fba26e4f867dcc27768bc44eb0a2d ed788a0a9c31d8b66936715ca596c3930bcee8274b74ef7c72cdb5be5fd4f4f3
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO Namecheap URL Forward |
GET / HTTP/1.1
Host: www.pornwave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 13 Dec 2024 08:56:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 66
Connection: keep-alive
Location: http://www.watchmygirlfriend.to/?tracker=pw
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
| www.watchmygirlfriend.to/?tracker=pw | 108.170.27.42 | 302 Moved Temporarily | 0 B |
URL User Request GET HTTP/1.1www.watchmygirlfriend.to/?tracker=pw IP108.170.27.42:80
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?tracker=pw HTTP/1.1
Host: www.watchmygirlfriend.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 13 Dec 2024 08:56:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Location: https://www._/?tracker=pw
|
IP 0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?tracker=pw HTTP/1.1
Host: www._
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
0.0.0.0