Report - ww38.itsmagic.ga/getBuild/index.php?at=

Report Overview

Visited public
2023-11-26 21:57:45
Tags
URL
ww38.itsmagic.ga/getBuild/index.php?at=
Finishing URL
ww38.itsmagic.ga/getBuild/index.php?at=
IP / ASN
76.223.26.96
#16509 AMAZON-02
Title
itsmagic.ga

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ifdnzact.com	unknown	2022-10-18	2022-10-27 15:15:07	2023-11-26 05:12:38	1.2 kB	37 kB	208.91.196.46
a.delivery.consentmanager.net	128991	2018-05-02	2021-07-25 18:26:32	2023-11-26 05:12:38	2.9 kB	18 kB	87.230.98.74
i2.cdn-image.com	120394	2011-02-18	2012-05-21 18:55:13	2023-11-25 14:12:12	2.0 kB	63 kB	208.91.196.253
cdn.consentmanager.net	29447	2018-05-02	2021-02-08 23:33:57	2023-11-26 05:12:39	1.8 kB	171 kB	185.76.9.21
ww38.itsmagic.ga	unknown	unknown	2023-07-26 05:04:01	2023-11-22 08:07:21	1.1 kB	6.9 kB	13.248.148.254
c.parkingcrew.net	70582	2011-01-24	2017-01-29 20:17:16	2023-11-26 05:25:24	343 B	1.0 kB	185.53.178.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-26 21:57:30	low	Client IP	Internal IP	ET INFO DNS Query for Suspicious .ga Domain
2023-11-26 21:57:33	medium	Client IP	13.248.148.254	ET INFO HTTP Request to a *.ga domain
2023-11-26 21:57:33	medium	Client IP	13.248.148.254	ET INFO HTTP Request to a *.ga domain
2023-11-26 21:57:34	medium	Client IP	13.248.148.254	ET INFO HTTP Request to a *.ga domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	9.8 kB	2023-09-26	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-26 13:40 Last Seen2025-05-10 20:51 Times Seen5274 Hash 9560adf5dc63298430192355356041d5 9821c3fb6d617b7059178ffa45f2262a9d0950df 622a8bc5f9ce711cd90042b20cd78387dc75dc9742838e78ef6c3024933a5b08 Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	8 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:51 Times Seen6493 Hash 883fa82f6169ed5ddd95e0c34cf36450 52fcfe1e375b542d4847a9c963bff266b98bfbc2 dca6253c1f2bdadb922b559c83bee52fbe1411e3a159adcb922ff3b45c623185 Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en	ScriptElement	969 B	2024-08-20	2024-08-20
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:48 Last Seen2024-08-20 17:48 Times Seen1 Hash 7fa66b16e56684bf7f06974400b28d20 70ff7d33d267e135ffd5e1b16943379d45d97e44 15534911b02fd24b40e2da9de6837888c686b999a052b474019a59f9c0e0a2ec Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&o=1701035855599	ScriptElement	969 B	2023-11-26	2023-11-26
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&o=1701035855599 IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-26 22:57 Last Seen2023-11-26 22:57 Times Seen1 Hash 874f71dc03b646f6f5f06adb0f09f981 95a90c9172e42ed2f43d08287d3e73ea4cc34b5b 9be75428c1280a49558abc786e3cf87d24ae09ed32873d263d7f5bc54afe05bc Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 07:33 Times Seen4651688 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	i2.cdn-image.com/__media__/js/min.js?v2.3	ScriptElement	8.4 kB	2023-03-07	2025-05-10
Pretty URL i2.cdn-image.com/__media__/js/min.js?v2.3 IP 208.91.196.253 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:51 Times Seen7907 Hash c16c3a4c0fad29106f34d00e89f6886e 6e11811ab8a98bb295b0916cdee68b302c33403d 097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	504 B	2024-08-20	2024-08-20
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:48 Last Seen2024-08-20 17:48 Times Seen1 Hash 70c8e55da9a429fa54849afed05a6d90 bded17e1cc16fe9842efbfc039592ece1ddc71af 505e6a486cd647c4293676351992a7174bd6bdc2b342b6525d81ff0ad554cf1e Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	37 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:51 Times Seen7263 Hash fcd7b94e73a1f9cc8807da94baec6354 088ae01bf28379b61fd5a322034c8c618d3f2b23 0361577e582e091d8656bc3ffeeafc27c0607530e2000d55772674122d703253 Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	227 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26 Last Seen2025-05-10 20:51 Times Seen7217 Hash 188f7666308742fb39f78319eeffac6b 30e2ed4b88881c18f5e93d6ab7bf1e581708260a 49203316dee4271f8246c461b34a6757e33008f09f85924ab5ac12235a9ef445 Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	42 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:51 Times Seen7200 Hash 4aa1cafcdca484710d10c7d6d1a6a273 4f2007c15b663111205ce137bdd263e5345104e5 9ce013c35c35b5f4007d40c0d4fa366530f064cbaa91de6c01b3edfe4471b7f8 Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	27 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:51 Times Seen7179 Hash 1a13337fc71dcb5b6fb8be5e40b05c66 8ca2b8e8b15ff416d1b6c557a767140c4c034243 e94f533b6c39b822e83695ecb11a193f5ba7a3a3f97c8136bd0bbef8436e48bf Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	950 B	2023-10-25	2024-08-21
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-25 20:17 Last Seen2024-08-21 03:25 Times Seen2358 Hash 04abf87bcd2e54fb9f318470fad4f9bd 052155077c248f93e568113bb6d4098a72bc677f 163e01880fa1b6efd56262f5c72b3b8e18ac07ad1df3086e66337517df6cceab Loading...

	cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js	ScriptElement	72 kB	2023-11-24	2024-08-20
Pretty URL cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js IP 185.76.9.21 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-24 14:43 Last Seen2024-08-20 18:03 Times Seen257 Hash b1443f606c44cd759486074830775d3c 11043f465a5fdcc1292f1127aa81d7302c62a651 41d942361f38b705c882957b1b4705363aac4889347a0f283de907786a79ee80 Loading...

	c.parkingcrew.net/scripts/sale_form.js	ScriptElement	761 B	2023-03-07	2025-05-10
Pretty URL c.parkingcrew.net/scripts/sale_form.js IP 185.53.178.30 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 22:55 Times Seen6515 Hash 64f809e06446647e192fce8d1ec34e09 5b7ced07da42e205067afa88615317a277a4a82c f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3 Loading...

	ifdnzact.com/px.js?ch=1	ScriptElement	346 B	2023-03-07	2025-05-10
Pretty URL ifdnzact.com/px.js?ch=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 09:32 Times Seen8319 Hash f84f931c0dd37448e03f0dabf4e4ca9f 9c2c50edcf576453ccc07bf65668bd23c76e8663 5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584 Loading...

	cdn.consentmanager.net/delivery/js/cmp_en.min.js	ScriptElement	410 kB	2023-11-22	2024-08-20
Pretty URL cdn.consentmanager.net/delivery/js/cmp_en.min.js IP 185.76.9.21 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 22:59 Last Seen2024-08-20 18:15 Times Seen113 Hash 4ba8552f7f498044a9ab489599c6d822 9cf005a6a0c17fcb48c79f7538a5d02ec91289b2 3940ccea0b72a7b44facf779acf1176179145314bb5f7f5a68e8b13048e4ed1c Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en	ScriptElement	969 B	2023-11-26	2023-11-26
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-26 22:57 Last Seen2023-11-26 22:57 Times Seen1 Hash 381ceb0a153f0738ac347e0e95d47856 2186df43e451c3be93217a6e402744bdea5c117d 6ff8364c98435ae0f86ca833233d8493b4659842b77809a52f425802b3a944ec Loading...

	a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=3&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en	ScriptElement	46 kB	2023-11-24	2023-11-30
Pretty URL a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=3&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en IP 87.230.98.74 ASN #61157 PlusServer GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-24 15:56 Last Seen2023-11-30 23:10 Times Seen18 Hash c5140c1ecf17e9f9cbb2db6586e72ea0 d16c5c25d43db5b03124935913aba1532a2bb0a4 944449045735e069eb4411dab51c665b56bb4f45f4d2e7fbbede75c364f28cf4 Loading...

	ww38.itsmagic.ga/getBuild/index.php?at=	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL ww38.itsmagic.ga/getBuild/index.php?at= IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 07:33 Times Seen4651688 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1	ScriptElement	864 B	2023-11-01	2025-05-10
Pretty URL ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 IP 208.91.196.46 ASN #40034 CONFLUENCE-NETWORK-INC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-01 09:56 Last Seen2025-05-10 20:51 Times Seen5951 Hash 03b604d3ca46b070c6102a9605a7d3a3 4530cad19c43a41b7053f90f4742f98ad6ef9af8 8450c00fdc1220bc175e99bae3548d48c2057de550e91860c1dfce3c29bd7aea Loading...

HTTP Transactions (21)

URL IP Response Size

ww38.itsmagic.ga/

13.248.148.254

2.5 kB

URL
ww38.itsmagic.ga/
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.5 kB (2549 bytes)
Hash
295995d4112f7dbd9c98433145d20e88
c42c4056d2538cf298b1a9b39c3f3f35b8cdc2da
0bcdea20128e1ffcd750c1b7259b7e6b41d042f94d4539c0bc6fb8265191e514

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET / HTTP/1.1
Host: ww38.itsmagic.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Fjrl8eiR2whUdRMv6hgdc3FEWoOdRxMA7MS+K387U/w8Ysr0SBwN3jlEfOaHCKTfXS8xOo6kfjk+I/zp6iaX/Q==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: itsmagic.ga
X-Subdomain: ww38
Content-Encoding: gzip

ww38.itsmagic.ga/getBuild/index.php?at=

13.248.148.254

2.5 kB

URL User Request GET
ww38.itsmagic.ga/getBuild/index.php?at=
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.5 kB (2549 bytes)
Hash
295995d4112f7dbd9c98433145d20e88
c42c4056d2538cf298b1a9b39c3f3f35b8cdc2da
0bcdea20128e1ffcd750c1b7259b7e6b41d042f94d4539c0bc6fb8265191e514

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /getBuild/index.php?at= HTTP/1.1
Host: ww38.itsmagic.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_oxnY6H12rLZVEDINK0Rox44dz4AYSXX2UMGX/bDbpD4oCymQOy0FnQF5azwiqI5OqWtBTmYV9Qm8hz7oASUcNw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: itsmagic.ga
X-Subdomain: ww38
Content-Encoding: gzip

c.parkingcrew.net/scripts/sale_form.js

185.53.178.30

200 OK

761 B

URL GET HTTP/1.1
c.parkingcrew.net/scripts/sale_form.js
IP
185.53.178.30:80
ASN
#19905 NEUSTAR-AS6

Requested by
http://ww38.itsmagic.ga/getBuild/index.php?at=

File type
ASCII text
Size
761 B (761 bytes)
Hash
64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3

HTTP Headers

GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.itsmagic.ga/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:30 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes

ww38.itsmagic.ga/favicon.ico

13.248.148.254

200 OK

0 B

URL GET HTTP/1.1
ww38.itsmagic.ga/favicon.ico
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww38.itsmagic.ga/getBuild/index.php?at=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.itsmagic.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.itsmagic.ga/getBuild/index.php?at=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:30 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

208.91.196.46

200 OK

36 kB

URL GET HTTP/1.1
ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
IP
208.91.196.46:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ww38.itsmagic.ga/getBuild/index.php?at=

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10734), with CRLF, LF line terminators
Size
36 kB (35480 bytes)
Hash
2de165ca1f9bb704c462e620d22ac8a2
0d41a606121c4d9c57816bf91b203a0ba3dbc1f3
87fd328e20e240058e22b67d7e59a848bd82e20c13dfb5fecb710733aab480a8

HTTP Headers

GET /?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1 HTTP/1.1
Host: ifdnzact.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.itsmagic.ga/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:30 GMT
Server: Apache
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_J2guPA7Yo4fBJG7Ebk2gi5bX5hRcAk+x5p1obT2iVNvcDTaTSZrJ1pF5nOZK6PfnaBVLIqrkejrKigUT8VLyJg==
Keep-Alive: timeout=5, max=127
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&o=1701035855599

87.230.98.74

200 OK

594 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&o=1701035855599
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with CRLF line terminators
Size
594 B (594 bytes)
Hash
874f71dc03b646f6f5f06adb0f09f981
95a90c9172e42ed2f43d08287d3e73ea4cc34b5b
9be75428c1280a49558abc786e3cf87d24ae09ed32873d263d7f5bc54afe05bc

HTTP Headers

GET /delivery/cmp.php?&cdid=21fdca2281833&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&o=1701035855599 HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:32 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Sun, 26 Nov 2023 21:57:32 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

ifdnzact.com/px.js?ch=1

208.91.196.46

200 OK

346 B

URL GET HTTP/1.1
ifdnzact.com/px.js?ch=1
IP
208.91.196.46:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

HTTP Headers

GET /px.js?ch=1 HTTP/1.1
Host: ifdnzact.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:32 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=113
Connection: Keep-Alive
Content-Type: application/javascript

ifdnzact.com/px.js?ch=2

208.91.196.46

200 OK

346 B

URL GET HTTP/1.1
ifdnzact.com/px.js?ch=2
IP
208.91.196.46:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
ASCII text, with very long lines (346), with no line terminators
Size
346 B (346 bytes)
Hash
f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

HTTP Headers

GET /px.js?ch=2 HTTP/1.1
Host: ifdnzact.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:32 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=125
Connection: Keep-Alive
Content-Type: application/javascript

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en

87.230.98.74

200 OK

596 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=1&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with CRLF line terminators
Size
596 B (596 bytes)
Hash
381ceb0a153f0738ac347e0e95d47856
2186df43e451c3be93217a6e402744bdea5c117d
6ff8364c98435ae0f86ca833233d8493b4659842b77809a52f425802b3a944ec

HTTP Headers

GET /delivery/cmp.php?__cmpcc=1&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:32 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Sun, 26 Nov 2023 21:57:32 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

i2.cdn-image.com/__media__/js/min.js?v2.3

208.91.196.253

200 OK

8.4 kB

URL GET HTTP/1.1
i2.cdn-image.com/__media__/js/min.js?v2.3
IP
208.91.196.253:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
ASCII text, with very long lines (8349), with CRLF line terminators
Size
8.4 kB (8435 bytes)
Hash
c16c3a4c0fad29106f34d00e89f6886e
6e11811ab8a98bb295b0916cdee68b302c33403d
097786d677a859b7bc87e285377b083b76d66a2fc2832a16bcd50b0e99df77ff

HTTP Headers

GET /__media__/js/min.js?v2.3 HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:32 GMT
Content-Type: application/javascript
Content-Length: 8435
Last-Modified: Thu, 16 Feb 2023 20:42:04 GMT
Connection: keep-alive
ETag: "63ee951c-20f3"
Expires: Sun, 10 Dec 2023 21:57:32 GMT
Cache-Control: max-age=1209600, public
Accept-Ranges: bytes

cdn.consentmanager.net/delivery/js/cmp_en.min.js

185.76.9.21

200 OK

89 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/js/cmp_en.min.js
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (89041 bytes)
Hash
b45c06c91e335b2fe137f3e9b8e63afa
ff866cb7ebb9be21a80c8faeb7b3bd981d56330a
3c0281f1131e71c670e15dc4bd5fa57457a8c1373768f228b5a61a9d214d9ec1

HTTP Headers

GET /delivery/js/cmp_en.min.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 26 Nov 2023 21:57:32 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 22 Nov 2023 17:42:52 GMT
etag: W/"64295-60ac13f959f00"
cache-control: max-age=86400
expires: Thu, 23 Nov 2023 17:54:51 GMT
edge-control: max-age=86400
x-77-nzt: EgwBuUwJFAH3xs8AAAwBuUwKCQH3AAAAAA
x-77-nzt-ray: af585630b6409e5f4cbf63655df3f70c
x-accel-expires: @1701069062
x-accel-date: 1700982662
x-77-cache: HIT
x-77-age: 53190
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 53190
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=3&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en

87.230.98.74

200 OK

14 kB

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=3&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with very long lines (45611), with CRLF, LF line terminators
Size
14 kB (14277 bytes)
Hash
c5140c1ecf17e9f9cbb2db6586e72ea0
d16c5c25d43db5b03124935913aba1532a2bb0a4
944449045735e069eb4411dab51c665b56bb4f45f4d2e7fbbede75c364f28cf4

HTTP Headers

GET /delivery/cmp.php?__cmpcc=3&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:33 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Sun, 26 Nov 2023 21:57:33 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

i2.cdn-image.com/__media__/pics/29590/bg1.png

208.91.196.253

200 OK

18 kB

URL GET HTTP/1.1
i2.cdn-image.com/__media__/pics/29590/bg1.png
IP
208.91.196.253:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
PNG image data, 1730 x 988, 4-bit colormap, non-interlaced\012- data
Size
18 kB (17986 bytes)
Hash
825ccd29ac102fcadaf92b2343d5917b
24472e766cfac5b82a73b219796556a0a3702bd6
0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd

HTTP Headers

GET /__media__/pics/29590/bg1.png HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:32 GMT
Content-Type: image/png
Content-Length: 17986
Last-Modified: Fri, 25 Nov 2022 12:16:35 GMT
Connection: keep-alive
ETag: "6380b223-4642"
Expires: Sun, 10 Dec 2023 21:57:32 GMT
Cache-Control: max-age=1209600, public
Accept-Ranges: bytes

i2.cdn-image.com/__media__/pics/28905/arrrow.png

208.91.196.253

200 OK

283 B

URL GET HTTP/1.1
i2.cdn-image.com/__media__/pics/28905/arrrow.png
IP
208.91.196.253:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
PNG image data, 17 x 27, 8-bit colormap, non-interlaced\012- data
Size
283 B (283 bytes)
Hash
80d42c82a6c37da90210fd60a2f36128
554ba7c84d2a27ecf3b1f29d03e62101936b54d8
a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10

HTTP Headers

GET /__media__/pics/28905/arrrow.png HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:33 GMT
Content-Type: image/png
Content-Length: 283
Last-Modified: Tue, 04 Jan 2022 14:44:27 GMT
Connection: keep-alive
ETag: "61d45d4b-11b"
Expires: Sun, 10 Dec 2023 21:57:33 GMT
Cache-Control: max-age=1209600, public
Accept-Ranges: bytes

i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff

208.91.196.253

200 OK

17 kB

URL GET HTTP/1.1
i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
IP
208.91.196.253:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
Web Open Font Format, TrueType, length 17264, version 2.1\012- data
Size
17 kB (17264 bytes)
Hash
a43b107861b42ce1335e41e43d4e4d00
99bdb1cec4a68ebe29249c46fefefb6880d009e5
a6542dc92d71eb412bac89d8fb06c70f15be74a64b1b4ef1633288b78f4f2ff2

HTTP Headers

GET /__media__/fonts/montserrat-regular/montserrat-regular.woff HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ifdnzact.com
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:33 GMT
Content-Type: application/font-woff
Content-Length: 17264
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
Connection: keep-alive
ETag: "600809b7-4370"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff

208.91.196.253

200 OK

17 kB

URL GET HTTP/1.1
i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
IP
208.91.196.253:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1

File type
Web Open Font Format, TrueType, length 17312, version 2.1\012- data
Size
17 kB (17312 bytes)
Hash
bebe201d813feaad85a3e66607d0da3a
28b049502afa8e9db5340c1a92400591b39870e8
58bb75322beb862803b0d156e1a1d01fb1e7fde82ee93c929b08bf5aea9fc55b

HTTP Headers

GET /__media__/fonts/montserrat-bold/montserrat-bold.woff HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ifdnzact.com
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Nov 2023 21:57:33 GMT
Content-Type: application/font-woff
Content-Length: 17312
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
Connection: keep-alive
ETag: "600809b7-43a0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=26415&t=pv.d_ncs.d_ancs.d_bncs.cp.d_ds.cf.cfx.d_dnsx&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&o=1701035857041&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&

87.230.98.74

200 OK

43 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/info/?id=68884&did=1&cfdid=26415&t=pv.d_ncs.d_ancs.d_bncs.cp.d_ds.cf.cfx.d_dnsx&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&o=1701035857041&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28&
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6f81c41597d3f5a336f458822cc0c32a
8cd77a54b38f1fb376b45af2eaab8f5982523b8d
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

HTTP Headers

GET /delivery/info/?id=68884&did=1&cfdid=26415&t=pv.d_ncs.d_ancs.d_bncs.cp.d_ds.cf.cfx.d_dnsx&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&o=1701035857041&l=EN&lv=0&d=1&ct=14&e=&e2=&e3=&i=&sv=16&dv=28& HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:33 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Sun, 26 Nov 2023 21:57:33 GMT
Content-Length: 43
Content-Type: image/gif

cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js

185.76.9.21

200 OK

72 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
ASCII text, with very long lines (41766)
Size
72 kB (71598 bytes)
Hash
b1443f606c44cd759486074830775d3c
11043f465a5fdcc1292f1127aa81d7302c62a651
41d942361f38b705c882957b1b4705363aac4889347a0f283de907786a79ee80

HTTP Headers

GET /delivery/customdata/bV8xLndfNjg4ODQucl9HRFBSLmxfZW4uZF8yNjQxNS54XzI4LnYucC50XzI2NDE1Lnh0XzI4.js HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 26 Nov 2023 21:57:33 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-xss-protection: 0
expires: Sun, 26 Nov 2023 22:08:34 GMT
cache-control: public, max-age=1800
edge-control: public, max-age=1800
last-modified: Sun, 26 Nov 2023 21:38:34 GMT
x-77-nzt: EwwBuUwJFAH3cwQAAAwBuUwKCQGzCgcAAAwB1GY4EQGzCgcAAA
x-77-nzt-ray: af585630b6409e5f4dbf636559bcd506
x-accel-expires: @1701036514
x-accel-date: 1701034714
x-77-cache: HIT
x-77-age: 4743
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: EXPIRED, HIT
x-age-lb: 1802, 1139
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

cdn.consentmanager.net/delivery/recall/logos/68884

185.76.9.21

301 Moved Permanently

4.2 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/recall/logos/68884
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type

Size
4.2 kB (4172 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /delivery/recall/logos/68884 HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 26 Nov 2023 21:57:33 GMT
content-type: text/javascript; charset=utf-8
expires: Mon, 27 Nov 2023 17:55:31 GMT
cache-control: public, max-age=86400
edge-control: public, max-age=86400
location: /delivery/whitelabel/cmplogo.svg
x-77-nzt: EwwBuUwJFAH3sjgAAAwBuUwKCQH3CAAAAAgB1GY4nAFB
x-77-nzt-ray: af585630b6409e5f4dbf6365baed1f17
x-77-cache: HIT
x-accel-expires: @1701107731
x-accel-date: 1701021339
x-77-age: 14522
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 8, 14514
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en

87.230.98.74

200 OK

969 B

URL GET HTTP/1.1
a.delivery.consentmanager.net/delivery/cmp.php?__cmpcc=2&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en
IP
87.230.98.74:443
ASN
#61157 PlusServer GmbH

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subjecta.delivery.consentmanager.net
Fingerprint44:49:A8:C0:AF:F7:D9:6E:D0:B5:35:77:3B:05:89:CC:80:9A:8D:50
ValidityWed, 15 Nov 2023 00:31:04 GMT - Tue, 13 Feb 2024 00:31:03 GMT

File type
ASCII text, with very long lines (1031), with no line terminators
Size
969 B (969 bytes)
Hash
25b6c1fb9c0115155260c43bdfdac6a4
097b862ce21d90557669e644dcae500fc52486c0
316d3e511e37c1fb74b778a6f293e8ed2d84663aa54e5bc19f105374f63c8765

HTTP Headers

GET /delivery/cmp.php?__cmpcc=2&id=68884&o=1701035852&h=http%3A%2F%2Fifdnzact.com%2F%3Fdn%3Ditsmagic.ga%26pid%3D9PO755G95%26_nozc_%3D1&&l=en&odw=0&dlt=1&l=en HTTP/1.1
Host: a.delivery.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ifdnzact.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 21:57:32 GMT
Cache-Control: no-store, no-cache, must-revalidate
Edge-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
X-XSS-Protection: 0
Last-Modified: Sun, 26 Nov 2023 21:57:32 GMT
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip

cdn.consentmanager.net/delivery/whitelabel/cmplogo.svg

185.76.9.21

200 OK

4.2 kB

URL GET HTTP/2
cdn.consentmanager.net/delivery/whitelabel/cmplogo.svg
IP
185.76.9.21:443
ASN
#60068 Datacamp Limited

Requested by
http://ifdnzact.com/?dn=itsmagic.ga&pid=9PO755G95&_nozc_=1
Certificate
IssuerLet's Encrypt
Subject1376624012.rsc.cdn77.org
Fingerprint40:27:9C:9D:30:35:40:79:7E:8D:6A:C2:06:C0:6F:B7:C6:8E:6A:2F
ValidityMon, 13 Nov 2023 17:00:32 GMT - Sun, 11 Feb 2024 17:00:31 GMT

File type
SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (4425), with no line terminators
Size
4.2 kB (4172 bytes)
Hash
46d40c431f8e14f71ab8f2f31eee942b
4f2140ab124f17c65f4a1d7998301b4747d1f87b
042c930c16842f0c1a14d5c16d23429d075c1ebdd16cad3ddd6f0d94ab0ae0ae

HTTP Headers

GET /delivery/whitelabel/cmplogo.svg HTTP/1.1
Host: cdn.consentmanager.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ifdnzact.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 26 Nov 2023 21:57:34 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Wed, 03 May 2023 16:01:17 GMT
etag: W/"104c-5facc2a822d40"
cache-control: max-age=31536000
expires: Thu, 21 Nov 2024 17:54:52 GMT
x-77-nzt: EgwBuUwJFAH34n4FAAwBuUwKAQH3AAAAAA
x-77-nzt-ray: af585630b6409e5f4ebf6365e9f0232d
x-accel-expires: @1732211692
x-accel-date: 1700675692
x-77-cache: HIT
x-77-age: 360162
content-encoding: gzip
server: CDN77-Turbo
x-cache-lb: HIT
x-age-lb: 360162
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash