Report - www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

Report Overview

Visited public
2023-11-20 16:08:22
Tags
URL
www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Finishing URL
208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
IP / ASN
209.182.198.166
#54641 IMH-IAD
Title

Detections

urlquery

Network Intrusion Detection

111

Threat Detection Systems

102

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
machinetext.org	unknown	2023-09-01	2023-09-12 03:35:04	2023-11-19 18:07:33	406 B	0 B	0.0.0.0
www.jerkos-welt.com	unknown	2017-02-06	2017-07-22 21:20:00	2023-11-11 08:42:53	13 kB	1.3 MB	209.182.198.166
translate.google.com	1156	1997-09-15	2012-05-30 03:30:32	2023-11-19 19:52:31	455 B	62 kB	216.58.211.14
climedballon.org	unknown	2023-09-01	2023-10-13 06:50:30	2023-11-19 18:07:33	1.7 kB	2.8 kB	95.214.26.19
windowlight.org	unknown	2023-06-01	2019-07-27 08:17:01	2023-11-19 08:07:24	406 B	0 B	0.0.0.0
slurpslimes.org	unknown	2023-06-27	2023-07-13 20:59:18	2023-07-26 06:54:18	1.2 kB	0 B	0.0.0.0
linedgreen.org	unknown	2023-06-01	2023-06-15 00:42:27	2023-11-19 20:52:40	405 B	0 B	0.0.0.0
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-11-19 18:23:00	571 B	239 B	192.0.76.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-20 03:42:02	2.1 kB	132 kB	216.58.207.227
backendjs.org	unknown	2023-04-11	2019-05-21 19:47:57	2023-11-19 23:32:00	808 B	0 B	0.0.0.0
draggedline.org	unknown	2023-08-26	2023-09-04 03:49:19	2023-11-19 17:20:03	406 B	0 B	0.0.0.0
sarcoma.space	unknown	2022-10-20	2022-10-20 14:42:36	2023-09-26 16:51:14	820 B	0 B	0.0.0.0
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-11-19 18:12:10	449 B	24 kB	151.101.129.229
treegreeny.org	unknown	2023-11-01	2023-11-19 08:10:22	2023-11-19 20:46:22	1.2 kB	0 B	0.0.0.0
bigbricks.org	unknown	2023-10-20	2023-10-29 18:59:40	2023-11-19 19:16:10	808 B	0 B	0.0.0.0
stats.wp.com	2711	1997-03-28	2017-01-30 06:06:59	2023-11-19 20:13:19	404 B	36 kB	192.0.76.3
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-20 03:45:34	525 B	1.5 kB	142.250.74.42
greatbonushere.top	unknown	2023-10-14	2023-10-14 07:53:33	2023-11-19 23:32:01	1.1 kB	35 kB	185.155.184.184
208.cryshopwear.live	unknown	unknown	No data	No data	4.0 kB	90 kB	185.155.184.79
bluegaslamp.org	unknown	2023-07-30	2023-08-09 02:51:37	2023-11-19 06:59:01	406 B	0 B	0.0.0.0
s.w.org	748	1993-12-01	2017-01-30 05:56:16	2023-11-19 18:51:15	449 B	0 B	0.0.0.0
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-11-19 22:34:10	1.4 kB	24 kB	192.0.77.37
surelytheme.org	unknown	2023-07-11	2023-07-31 08:35:30	2023-11-19 06:59:01	808 B	1.3 kB	95.214.26.19
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-20 04:04:32	437 B	32 kB	142.250.74.74
drilledgas.org	unknown	2023-07-11	2023-07-20 06:06:34	2023-11-19 20:52:40	1.6 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (draggedline .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (draggedline .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ThreatFox FAKEUPDATES payload delivery (ip:port - confidence level: 100%)
2023-11-20 16:08:18	medium	95.214.26.19	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 8
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	medium	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (backendjs .org)
2023-11-20 16:08:18	medium	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (backendjs .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedgreen .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedgreen .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (windowlight .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (windowlight .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (draggedline .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:18	medium	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (backendjs .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedgreen .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (windowlight .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (draggedline .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	medium	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (backendjs .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedgreen .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (windowlight .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (drilledgas .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (draggedline .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:18	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS in TLS SNI (surelytheme .org)
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org
2023-11-20 16:08:18	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org)
2023-11-20 16:08:19	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org)
2023-11-20 16:08:19	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:19	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (draggedline .org)
2023-11-20 16:08:19	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org)
2023-11-20 16:08:19	high	Client IP	Internal IP	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org)
2023-11-20 16:08:20	high	Client IP	95.214.26.19	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org)
2023-11-20 16:08:20	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	surelytheme.org	Sinkholed
2023-11-20	medium	surelytheme.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	backendjs.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	backendjs.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	windowlight.org	Sinkholed
2023-11-20	medium	draggedline.org	Sinkholed
2023-11-20	medium	bigbricks.org	Sinkholed
2023-11-20	medium	bluegaslamp.org	Sinkholed
2023-11-20	medium	machinetext.org	Sinkholed
2023-11-20	medium	linedgreen.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	bigbricks.org	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	surelytheme.org	Sinkholed
2023-11-20	medium	surelytheme.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	climedballon.org	Sinkholed
2023-11-20	medium	greatbonushere.top	Sinkholed
2023-11-20	medium	greatbonushere.top	Sinkholed
2023-11-20	medium	backendjs.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	backendjs.org	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	slurpslimes.org	Sinkholed
2023-11-20	medium	windowlight.org	Sinkholed
2023-11-20	medium	draggedline.org	Sinkholed
2023-11-20	medium	slurpslimes.org	Sinkholed
2023-11-20	medium	sarcoma.space	Sinkholed
2023-11-20	medium	bigbricks.org	Sinkholed
2023-11-20	medium	bluegaslamp.org	Sinkholed
2023-11-20	medium	machinetext.org	Sinkholed
2023-11-20	medium	linedgreen.org	Sinkholed
2023-11-20	medium	slurpslimes.org	Sinkholed
2023-11-20	medium	sarcoma.space	Sinkholed
2023-11-20	medium	drilledgas.org	Sinkholed
2023-11-20	medium	bigbricks.org	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-10-31	medium	climedballon.org	FAKEUPDATES
2023-10-31	medium	climedballon.org	FAKEUPDATES
2023-10-31	medium	climedballon.org	FAKEUPDATES
2023-10-31	medium	climedballon.org	FAKEUPDATES
2023-10-31	medium	bigbricks.org	FAKEUPDATES
2023-10-31	medium	bigbricks.org	FAKEUPDATES

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb	ScriptElement	164 B	2024-08-20	2024-08-20
Pretty URL greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb IP 185.155.184.184 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:38 Last Seen2024-08-20 18:38 Times Seen1 Hash 97a18e0c22c3e19fb9f5b8021ece7212 c0ee911c3dea1683533401738659277d756de64c 37388fa79969bcd803f57c5245882004b634e8cf9ca38d298778ecacb66d1459 Loading...

HTTP Transactions (74)

URL IP Response Size

www.jerkos-welt.com/

209.182.198.166

288 B

URL
www.jerkos-welt.com/
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
288 B (288 bytes)
Hash
ef220a553813acc9ede80405df3b7fd7
382fcf28d5b5ace81e818fa5a2f9c6d54eec179b
d3cffe9f37702e95b3702696987f93ab39922a033e06610275a82a7aae14c96a

HTTP Headers

GET / HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 508 Loop Detected
Server: nginx/1.23.4
Date: Mon, 20 Nov 2023 16:08:07 GMT
Content-Type: text/html
Content-Length: 288
Connection: keep-alive
Retry-After: 14400
X-Error-Origin: fcgi

c0.wp.com/c/6.1.4/wp-includes/css/classic-themes.min.css

192.0.77.37

217 B

URL
c0.wp.com/c/6.1.4/wp-includes/css/classic-themes.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text
Size
217 B (217 bytes)
Hash
95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

HTTP Headers

GET /c/6.1.4/wp-includes/css/classic-themes.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
content-length: 217
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
expires: Tue, 19 Nov 2024 16:08:15 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.1.0

209.182.198.166

4.1 kB

URL
www.jerkos-welt.com/wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.1.0
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
ASCII text, with very long lines (29023)
Size
4.1 kB (4114 bytes)
Hash
466b947144f07b90d6543776d110f56a
faf3ab380e4204773e05f40212d7c4c3fe42ff52
6ea59307eb7a3ce53297fa0c0e12120e44fb2223057c31391e9cc57749044ac6

HTTP Headers

GET /wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.1.0 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Thu, 23 Mar 2023 08:39:38 GMT
vary: Accept-Encoding
etag: W/"641c104a-7160"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2023/02/cropped-logo-borik-bar.jpg

209.182.198.166

200 OK

30 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/uploads/2023/02/cropped-logo-borik-bar.jpg
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 789x200, components 3\012- data
Size
30 kB (29539 bytes)
Hash
28ab307a5e54e08fdd47c914da93cc84
b873c43b365d94c98932e1bdb2fbd6a25036ec54
b1cac3664c857c6186259e71f0fc68867b3965b35327a07f5875eb5464241f9e

HTTP Headers

GET /wp-content/uploads/2023/02/cropped-logo-borik-bar.jpg HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: image/jpeg
content-length: 29539
last-modified: Thu, 09 Feb 2023 11:05:20 GMT
etag: "63e4d370-7363"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wp-lightbox-2/styles/lightbox.min.css?ver=1.3.4

209.182.198.166

200 OK

1.6 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/wp-lightbox-2/styles/lightbox.min.css?ver=1.3.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1594 bytes)
Hash
7bd94c40c8e3bd2ad0405720f3c4fa90
14382f9ede29e4f3cf5845de9ba010ad976ab06a
9f306ee99cf71e58ec7a4d8b1c7a14ce792d0f1489d022ff69c40488d11fe648

HTTP Headers

GET /wp-content/plugins/wp-lightbox-2/styles/lightbox.min.css?ver=1.3.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Mon, 04 Jan 2021 07:26:46 GMT
vary: Accept-Encoding
etag: W/"5ff2c336-c2b"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2018/09/leben-ohne-frau.jpg

209.182.198.166

107 kB

URL
www.jerkos-welt.com/wp-content/uploads/2018/09/leben-ohne-frau.jpg
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 817x324, components 3\012- data
Size
107 kB (106695 bytes)
Hash
5a04c17f7efac1e7197c4cf7d87014bc
a00999c59995c770461e3083cb37d42ed9bf24c8
6c4740c2bb0630137038e5e98a6f35713be29da3c25e77794439c7fec09106c1

HTTP Headers

GET /wp-content/uploads/2018/09/leben-ohne-frau.jpg HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: image/jpeg
content-length: 106695
last-modified: Fri, 31 Aug 2018 19:31:30 GMT
etag: "5b899792-1a0c7"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2020/04/krocur-1.gif

209.182.198.166

1.2 kB

URL
www.jerkos-welt.com/wp-content/uploads/2020/04/krocur-1.gif
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
GIF image data, version 89a, 32 x 32\012- data
Size
1.2 kB (1226 bytes)
Hash
863e886ed7501d2c6f87b22dbfb04fce
98d7a830cc28a3cfc5ba4635f2f32aeca0c7229b
9c16fb530d4a32eb285ef440b4fba7499d328b160b73d239a87208604223470a

HTTP Headers

GET /wp-content/uploads/2020/04/krocur-1.gif HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: image/gif
content-length: 1226
last-modified: Sun, 05 Apr 2020 20:37:22 GMT
etag: "5e8a4182-4ca"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2

209.182.198.166

200 OK

14 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13584, version 331.524\012- data
Size
14 kB (13584 bytes)
Hash
c20b5b7362d8d7bb7eddf94344ace33e
260bb01acd44d88dcb7f501a238ab968f86bef9e
6a8c8e9e1e7f692c21af1956de163f3d026778e6449fe93a09a671847ca1ae65

HTTP Headers

GET /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: font/woff2
content-length: 13584
last-modified: Tue, 21 Feb 2023 00:48:09 GMT
etag: "63f414c9-3510"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2

209.182.198.166

79 kB

URL
www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
Web Open Font Format (Version 2), TrueType, length 79444, version 331.524\012- data
Size
79 kB (79444 bytes)
Hash
b15db15f746f29ffa02638cb455b8ec0
75a88815c47a249eadb5f0edc1675957f860cca7
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

HTTP Headers

GET /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: font/woff2
content-length: 79444
last-modified: Tue, 21 Feb 2023 00:48:09 GMT
etag: "63f414c9-13654"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/themes/activello120921/assets/fonts/fontawesome-webfont.woff2?v=4.6.3

209.182.198.166

72 kB

URL
www.jerkos-welt.com/wp-content/themes/activello120921/assets/fonts/fontawesome-webfont.woff2?v=4.6.3
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393\012- data
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

HTTP Headers

GET /wp-content/themes/activello120921/assets/fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/wp-content/themes/activello120921/assets/css/font-awesome.min.css?ver=6.1.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: font/woff2
content-length: 71896
last-modified: Mon, 05 Oct 2020 13:23:34 GMT
etag: "5f7b1e56-118d8"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2020/04/deutsche-idioten.jpg

209.182.198.166

104 kB

URL
www.jerkos-welt.com/wp-content/uploads/2020/04/deutsche-idioten.jpg
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 799x302, components 3\012- data
Size
104 kB (104526 bytes)
Hash
38b846798cc277181d0607710932755b
7c4032fa7281e0d097aed602e6f5b3cdecf638f0
2ce409a7a83ab4e001946b86567266a29be351cf220b3793af19ab0454444292

HTTP Headers

GET /wp-content/uploads/2020/04/deutsche-idioten.jpg HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: image/jpeg
content-length: 104526
last-modified: Fri, 24 Apr 2020 14:10:34 GMT
etag: "5ea2f35a-1984e"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2017/08/nerezine.jpg

209.182.198.166

103 kB

URL
www.jerkos-welt.com/wp-content/uploads/2017/08/nerezine.jpg
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 916x355, components 3\012- data
Size
103 kB (102886 bytes)
Hash
b46ee0e774890a29f783dfbd28a5fedb
e83f159c2822aacf42a4b339cddf05238bb08469
179801bd84b66a233bf26c363c166c42d35d47a057be0699887c3a89c46fab8a

HTTP Headers

GET /wp-content/uploads/2017/08/nerezine.jpg HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: image/jpeg
content-length: 102886
last-modified: Tue, 08 Aug 2017 13:49:11 GMT
etag: "5989c157-191e6"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/uploads/2016/06/lachen.jpg

209.182.198.166

200 OK

65 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/uploads/2016/06/lachen.jpg
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 797x270, components 3\012- data
Size
65 kB (65133 bytes)
Hash
1d085d16f5384db370a306ea5b9b62e4
7fb2fcc86803ad07ab36ee0d5b99d99e0c1bdb7e
013d5c974ec7d5719dee79450701104fea459c7ba4813c0513c26ce38179db33

HTTP Headers

GET /wp-content/uploads/2016/06/lachen.jpg HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:16 GMT
content-type: image/jpeg
content-length: 65133
last-modified: Thu, 23 Jun 2016 11:06:33 GMT
etag: "576bc2b9-fe6d"
expires: Mon, 27 Nov 2023 16:08:16 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwT7I-NP.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwT7I-NP.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17516, version 1.0\012- data
Size
18 kB (17516 bytes)
Hash
100631f3cca13871160dd637f8a756c8
cefb06fd764e7ad52727f4736ea844abe7d74c0f
93a84102f67f6d945842c2a47214f58ee719d4ecaa60117215322ec0ab443bfe

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwT7I-NP.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.jerkos-welt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 04:55:38 GMT
expires: Fri, 15 Nov 2024 04:55:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:46:00 GMT
content-type: font/woff2
age: 385959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?v=ext&blog=101210444&post=43585&tz=1&srv=www.jerkos-welt.com&j=1%3A11.9.1&host=www.jerkos-welt.com&ref=&fcp=11973&rand=0.8227304339412703

192.0.76.3

50 B

URL
pixel.wp.com/g.gif?v=ext&blog=101210444&post=43585&tz=1&srv=www.jerkos-welt.com&j=1%3A11.9.1&host=www.jerkos-welt.com&ref=&fcp=11973&rand=0.8227304339412703
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=101210444&post=43585&tz=1&srv=www.jerkos-welt.com&j=1%3A11.9.1&host=www.jerkos-welt.com&ref=&fcp=11973&rand=0.8227304339412703 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 16:08:17 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

216.58.207.227

36 kB

URL
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.jerkos-welt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 23:21:56 GMT
expires: Fri, 15 Nov 2024 23:21:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 319581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

209.182.198.166

55 kB

URL
www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (17193), with CRLF, LF line terminators
Size
55 kB (55440 bytes)
Hash
8b99d517f45ae55f2cc5c4fbb6042264
bf208977e9babb6eedd50790e1cce8b1769e140c
3997098e3f8bce5c6daeb198af37516884de561292717b886f47649945318088

HTTP Headers

GET /klein-jerkos-bericht-zur-lage/lifestyle/ HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-pingback: https://www.jerkos-welt.com/xmlrpc.php
link: <https://www.jerkos-welt.com/wp-json/>; rel="https://api.w.org/", <https://www.jerkos-welt.com/wp-json/wp/v2/posts/43585>; rel="alternate"; type="application/json", <https://www.jerkos-welt.com/?p=43585>; rel=shortlink
x-proxy-cache: DISABLED
content-encoding: br
X-Firefox-Spdy: h2

surelytheme.org/ZcqVjVQ1

95.214.26.19

200 OK

0 B

URL GET HTTP/1.1
surelytheme.org/ZcqVjVQ1
IP
95.214.26.19:443
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerLet's Encrypt
Subjectsurelytheme.org
Fingerprint1C:D7:EF:C3:AC:9E:ED:89:BE:30:23:50:E7:33:50:F2:B4:0F:D6:8D
ValidityFri, 29 Sep 2023 02:33:28 GMT - Thu, 28 Dec 2023 02:33:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ZcqVjVQ1 HTTP/1.1
Host: surelytheme.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:17 GMT
Set-Cookie: _subid=1sisi1ac28hbp; expires=Thu, 21 Dec 2023 16:08:17 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQ4OFwiOjE3MDA0OTY0OTd9LFwiY2FtcGFpZ25zXCI6e1wiNzVcIjoxNzAwNDk2NDk3fSxcInRpbWVcIjoxNzAwNDk2NDk3fSJ9.Sa93cOIgFb_UwmyL9fIGDXW0BloYoLsvkO4i_LVpUrA; expires=Sat, 16 Oct 2077 08:16:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

stats.wp.com/e-202347.js

192.0.76.3

36 kB

URL
stats.wp.com/e-202347.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (6931), with no line terminators
Size
36 kB (35606 bytes)
Hash
2567b82fc5b4900c78be291e6a957e99
114ec9e929313111ec06f33e342205c52cce5b11
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

HTTP Headers

GET /e-202347.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/13576-1684464982353.1523
content-encoding: br
expires: Mon, 18 Nov 2024 16:22:26 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

216.58.207.227

36 kB

URL
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.jerkos-welt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 23:21:56 GMT
expires: Fri, 15 Nov 2024 23:21:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 319581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/google-language-translator/images/flags.png

209.182.198.166

55 kB

URL
www.jerkos-welt.com/wp-content/plugins/google-language-translator/images/flags.png
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
PNG image data, 169 x 520, 8-bit/color RGBA, non-interlaced\012- data
Size
55 kB (54996 bytes)
Hash
89c95031b56b90591fd4ef80558f8c25
9599f52c93b38f3e68686f299b3184be0a9de63a
d64c12a76a61096f3a14aa795d12c3fc0de8e5781ef2e1af3b66517e65d7f00e

HTTP Headers

GET /wp-content/plugins/google-language-translator/images/flags.png HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/wp-content/plugins/google-language-translator/css/style.css?ver=6.0.19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:17 GMT
content-type: image/png
content-length: 54996
last-modified: Sat, 18 Mar 2023 08:05:22 GMT
etag: "641570c2-d6d4"
expires: Mon, 27 Nov 2023 16:08:17 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
accept-ranges: bytes
X-Firefox-Spdy: h2

surelytheme.org/ZcqVjVQ1

95.214.26.19

200 OK

0 B

URL GET HTTP/1.1
surelytheme.org/ZcqVjVQ1
IP
95.214.26.19:443
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerLet's Encrypt
Subjectsurelytheme.org
Fingerprint1C:D7:EF:C3:AC:9E:ED:89:BE:30:23:50:E7:33:50:F2:B4:0F:D6:8D
ValidityFri, 29 Sep 2023 02:33:28 GMT - Thu, 28 Dec 2023 02:33:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ZcqVjVQ1 HTTP/1.1
Host: surelytheme.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:17 GMT
Set-Cookie: _subid=1sisi1ac28hc0; expires=Thu, 21 Dec 2023 16:08:17 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQ4OFwiOjE3MDA0OTY0OTd9LFwiY2FtcGFpZ25zXCI6e1wiNzVcIjoxNzAwNDk2NDk3fSxcInRpbWVcIjoxNzAwNDk2NDk3fSJ9.Sa93cOIgFb_UwmyL9fIGDXW0BloYoLsvkO4i_LVpUrA; expires=Sat, 16 Oct 2077 08:16:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

fonts.gstatic.com/s/lora/v32/0QIhMX1D_JOuMw_LIftL.woff2

216.58.207.227

39 kB

URL
fonts.gstatic.com/s/lora/v32/0QIhMX1D_JOuMw_LIftL.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39208, version 1.0\012- data
Size
39 kB (39208 bytes)
Hash
c08b0ab8f163c9b8563e7b99b5de737f
0b04989a5aa89d9437780e3b163240b9e717a0da
5d55ce9c3ac7a5f37a38813a2deed310abde9e63d0d36912e2e5e59751ca66c7

HTTP Headers

GET /s/lora/v32/0QIhMX1D_JOuMw_LIftL.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.jerkos-welt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 23:22:43 GMT
expires: Fri, 15 Nov 2024 23:22:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:46:05 GMT
content-type: font/woff2
age: 319534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/themes/activello120921/assets/js/vendor/bootstrap.min.js?ver=6.1.4

209.182.198.166

200 OK

43 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/themes/activello120921/assets/js/vendor/bootstrap.min.js?ver=6.1.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type
ASCII text, with very long lines (32033)
Size
43 kB (43341 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /wp-content/themes/activello120921/assets/js/vendor/bootstrap.min.js?ver=6.1.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
last-modified: Mon, 05 Oct 2020 13:23:34 GMT
vary: Accept-Encoding
etag: W/"5f7b1e56-90b5"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.1.0

209.182.198.166

21 kB

URL
www.jerkos-welt.com/wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.1.0
IP
209.182.198.166:0
ASN
#54641 IMH-IAD

File type
ASCII text, with very long lines (31976), with CRLF, LF line terminators
Size
21 kB (20633 bytes)
Hash
90376f0cd21adaece13ac321df70e316
7f5a688f725ced3f0ade8a50a51488a10aa09662
e18007a11545d5ec27e78834a0b704b49c16b23322a8ff1af3ea393350803498

HTTP Headers

GET /wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.1.0 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
last-modified: Mon, 20 Nov 2023 12:31:17 GMT
vary: Accept-Encoding
etag: W/"655b5195-f849"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/themes/activello120921/assets/css/bootstrap.min.css?ver=6.1.4

209.182.198.166

200 OK

20 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/themes/activello120921/assets/css/bootstrap.min.css?ver=6.1.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
20 kB (20237 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /wp-content/themes/activello120921/assets/css/bootstrap.min.css?ver=6.1.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Mon, 05 Oct 2020 13:23:34 GMT
vary: Accept-Encoding
etag: W/"5f7b1e56-1d970"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit

216.58.211.14

62 kB

URL
translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit
IP
216.58.211.14:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2462)
Size
62 kB (61826 bytes)
Hash
ac5e73d3ce393c6feb8782d01c7e31d9
20339445cff56e8d85d6c5a4a575fd3c253a8fba
881b0438cc0eb5025ac68a14610f7bc085aed95b0cd63f1b38a7736afb579c98

HTTP Headers

GET /translate_a/element.js?cb=GoogleLanguageTranslatorInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 20 Nov 2023 16:08:16 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+896; expires=Wed, 19-Nov-2025 16:08:16 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

climedballon.org/ytW8d9XY

95.214.26.19

0 B

URL GET
climedballon.org/ytW8d9XY
IP
95.214.26.19:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerLet's Encrypt
Subjectclimedballon.org
Fingerprint20:68:C1:C8:16:A8:73:F7:A7:A7:2A:E6:F0:03:34:1F:BC:BC:37:FC
ValidityFri, 13 Oct 2023 03:49:08 GMT - Thu, 11 Jan 2024 03:49:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ytW8d9XY HTTP/1.1
Host: climedballon.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:17 GMT
Set-Cookie: _subid=1sisi1ac28hcl; expires=Thu, 21 Dec 2023 16:08:17 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjU3NFwiOjE3MDA0OTY0OTd9LFwiY2FtcGFpZ25zXCI6e1wiOTFcIjoxNzAwNDk2NDk3fSxcInRpbWVcIjoxNzAwNDk2NDk3fSJ9.hnKdS2LvYKI3QMJjnF6oX-xqrZhaIQifCqe8MFccOI0; expires=Sat, 16 Oct 2077 08:16:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

climedballon.org/ytW8d9XY

95.214.26.19

0 B

URL GET
climedballon.org/ytW8d9XY
IP
95.214.26.19:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerLet's Encrypt
Subjectclimedballon.org
Fingerprint20:68:C1:C8:16:A8:73:F7:A7:A7:2A:E6:F0:03:34:1F:BC:BC:37:FC
ValidityFri, 13 Oct 2023 03:49:08 GMT - Thu, 11 Jan 2024 03:49:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ytW8d9XY HTTP/1.1
Host: climedballon.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:17 GMT
Set-Cookie: _subid=1sisi1ac28hco; expires=Thu, 21 Dec 2023 16:08:17 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjU3NFwiOjE3MDA0OTY0OTd9LFwiY2FtcGFpZ25zXCI6e1wiOTFcIjoxNzAwNDk2NDk3fSxcInRpbWVcIjoxNzAwNDk2NDk3fSJ9.hnKdS2LvYKI3QMJjnF6oX-xqrZhaIQifCqe8MFccOI0; expires=Sat, 16 Oct 2077 08:16:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

climedballon.org/ytW8d9XY

95.214.26.19

0 B

URL GET
climedballon.org/ytW8d9XY
IP
95.214.26.19:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerLet's Encrypt
Subjectclimedballon.org
Fingerprint20:68:C1:C8:16:A8:73:F7:A7:A7:2A:E6:F0:03:34:1F:BC:BC:37:FC
ValidityFri, 13 Oct 2023 03:49:08 GMT - Thu, 11 Jan 2024 03:49:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ytW8d9XY HTTP/1.1
Host: climedballon.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:17 GMT
Set-Cookie: _subid=1sisi1ac28hcn; expires=Thu, 21 Dec 2023 16:08:17 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjU3NFwiOjE3MDA0OTY0OTd9LFwiY2FtcGFpZ25zXCI6e1wiOTFcIjoxNzAwNDk2NDk3fSxcInRpbWVcIjoxNzAwNDk2NDk3fSJ9.hnKdS2LvYKI3QMJjnF6oX-xqrZhaIQifCqe8MFccOI0; expires=Sat, 16 Oct 2077 08:16:34 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

fonts.googleapis.com/css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CMontserrat%3A400%2C700%7CMaven+Pro%3A400%2C700&ver=6.1.4

142.250.74.42

831 B

URL
fonts.googleapis.com/css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CMontserrat%3A400%2C700%7CMaven+Pro%3A400%2C700&ver=6.1.4
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
831 B (831 bytes)
Hash
67ea039238e5ed5573cc2fe3a051de46
d6a07a63faf365b9ee0e9d411011b0ace9454e38
808ba5df5609743daeeefabf2def1e597981a9aaffa987ac6ac910c9f120de20

HTTP Headers

GET /css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CMontserrat%3A400%2C700%7CMaven+Pro%3A400%2C700&ver=6.1.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 20 Nov 2023 16:08:16 GMT
date: Mon, 20 Nov 2023 16:08:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

climedballon.org/ZQFk8jVF

95.214.26.19

0 B

URL
climedballon.org/ZQFk8jVF
IP
95.214.26.19:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectclimedballon.org
Fingerprint20:68:C1:C8:16:A8:73:F7:A7:A7:2A:E6:F0:03:34:1F:BC:BC:37:FC
ValidityFri, 13 Oct 2023 03:49:08 GMT - Thu, 11 Jan 2024 03:49:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ZQFk8jVF HTTP/1.1
Host: climedballon.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 20 Nov 2023 16:08:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 20 Nov 2023 16:08:18 GMT
Location: https://greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb
Set-Cookie: _subid=1sisi1ac28hfb; expires=Thu, 21 Dec 2023 16:08:18 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjU3OFwiOjE3MDA0OTY0OTh9LFwiY2FtcGFpZ25zXCI6e1wiOTJcIjoxNzAwNDk2NDk4fSxcInRpbWVcIjoxNzAwNDk2NDk4fSJ9.xpcAnTUUCUELjWSIhAyYyfG4CEZwUNyFaHT79Nk5wlk; expires=Sat, 16 Oct 2077 08:16:36 GMT; path=/
_token=uuid_1sisi1ac28hfb_1sisi1ac28hfb655b8472e7a2a5.65885447; expires=Thu, 21 Dec 2023 16:08:18 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb

185.155.184.184

34 kB

URL
greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb
IP
185.155.184.184:0
ASN
#6898 SERVER.swiss Sagl

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17519), with CRLF line terminators
Size
34 kB (34262 bytes)
Hash
90d35ad7023835732e36f31fc625e395
1e30e7baf7a2ee0d8d493ac5e95458ef57cdaa85
dcb5dfa9358a821e8e696e18dc2c8911c64d6fa1d985101f3138ad09a1c3a07f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb HTTP/1.1
Host: greatbonushere.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.jerkos-welt.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 16:08:19 GMT
Content-Type: text/html
Content-Length: 34262
Connection: keep-alive
set-cookie: sid=t9~qjzvldnrs5553yf3lkmapb2r; path=/
sid=t9~qjzvldnrs5553yf3lkmapb2r; path=/
p1=https://cryshopwear.live/awyerrlk/; path=/
s1=liayh628ghteel7e; path=/
cache-control: private, no-transform

greatbonushere.top/favicon.ico

185.155.184.184

0 B

URL
greatbonushere.top/favicon.ico
IP
185.155.184.184:0
ASN
#6898 SERVER.swiss Sagl

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: greatbonushere.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://greatbonushere.top/?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb
Cookie: sid=t9~qjzvldnrs5553yf3lkmapb2r; p1=https://cryshopwear.live/awyerrlk/; s1=liayh628ghteel7e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 20 Nov 2023 16:08:19 GMT
Connection: keep-alive
Cache-Control: no-transform

208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D

185.155.184.79

21 kB

URL
208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (841), with CRLF line terminators
Size
21 kB (21361 bytes)
Hash
ebb26b233e6745269289d385146374c2
431a47403d87c8de55f9d6a1feeac2023fd1bc31
eb1eb6df40c3eab2f2680addab28a0433d33bf646d378d14c7ee3219ad8caaa0

HTTP Headers

GET /awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://greatbonushere.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:19 GMT
Content-Type: text/html
Content-Length: 21361
Connection: keep-alive
cache-control: private

208.cryshopwear.live/media/mainstream/all/ab/2008_2.css

185.155.184.79

8.0 kB

URL
208.cryshopwear.live/media/mainstream/all/ab/2008_2.css
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
assembler source, ASCII text
Size
8.0 kB (7969 bytes)
Hash
3a3692009050605115ce92e15cdc4f8a
80f2be7713fc6b704492a24646632ac5b86d610d
24af2f8d21f9612e2b3012382c362743db495fa91370d0f87d22b077caf484af

HTTP Headers

GET /media/mainstream/all/ab/2008_2.css HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:19 GMT
Content-Type: text/css
Content-Length: 7969
Connection: keep-alive
ETag: "3a3692009050605115ce92e15cdc4f8a"
Last-Modified: Mon, 03 Apr 2023 12:30:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 1799608A39506556
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1679328097#352624761/gid:0/gname:root/mode:33188/mtime:1661094568#999105000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-08-21T15:09:28.999105Z
Expires: Tue, 19 Nov 2024 16:08:19 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js

151.101.129.229

24 kB

URL
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65297)
Size
24 kB (23541 bytes)
Hash
a454220fc07088bf1fdd19313b6bfd50
265a733cb7fbc481fd2510a659a85ad55c93c895
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

HTTP Headers

GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"1332b-JlpzPLf7xIH9JRCmWaha1VyTyJU"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Nov 2023 16:08:20 GMT
age: 13179283
x-served-by: cache-fra-eddf8230062-FRA, cache-bma1624-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23541
X-Firefox-Spdy: h2

208.cryshopwear.live/media/mainstream/all/ab/2008_3.js

185.155.184.79

7.5 kB

URL
208.cryshopwear.live/media/mainstream/all/ab/2008_3.js
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
ASCII text
Size
7.5 kB (7481 bytes)
Hash
f235f98748487db96795fd73ed48a46d
4cf6f3d733184af759d2f6d2251321df778accdd
5ee7e3f6c675569417eabed4df39057a60e056b0a5eb5abbecf0c1979780d684

HTTP Headers

GET /media/mainstream/all/ab/2008_3.js HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:20 GMT
Content-Type: application/javascript
Content-Length: 7481
Connection: keep-alive
ETag: "f235f98748487db96795fd73ed48a46d"
Last-Modified: Mon, 03 Apr 2023 12:30:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 1799608A3D43930D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1679402415#668622988/gid:0/gname:root/mode:33188/mtime:1661082623#6152000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-08-21T11:50:23.006152Z
Expires: Tue, 19 Nov 2024 16:08:20 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

208.cryshopwear.live/media/mainstream/all/ab/2008_1.js

185.155.184.79

15 kB

URL
208.cryshopwear.live/media/mainstream/all/ab/2008_1.js
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
ASCII text, with very long lines (927), with CRLF line terminators
Size
15 kB (14759 bytes)
Hash
70a301508a891eb3c9f0e7d43cbd2072
37b7e329763c1285514bac3d77808a1a3389b6da
e86620b8e47101a2701a71369c8f40d6ac250beeea5a86b69fd407035b57b549

HTTP Headers

GET /media/mainstream/all/ab/2008_1.js HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:20 GMT
Content-Type: application/javascript
Content-Length: 14759
Connection: keep-alive
ETag: "70a301508a891eb3c9f0e7d43cbd2072"
Last-Modified: Wed, 20 Sep 2023 15:23:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 1799608A3F79E584
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#284024580/gid:0/gname:root/mode:33188/mtime:1661082594#618119000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-08-21T11:49:54.618119Z
Expires: Tue, 19 Nov 2024 16:08:20 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

208.cryshopwear.live/media/mainstream/icon.js

185.155.184.79

6.6 kB

URL
208.cryshopwear.live/media/mainstream/icon.js
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
ASCII text, with very long lines (6570), with no line terminators
Size
6.6 kB (6570 bytes)
Hash
a8e36248f01478844f0c4db185e945a0
d822225c2e21cd5fd7910f825da1e646b21dc078
9195437b3d4ffd3d3652df03d4de4ff03c454386ec19a1777da588a2f83827c2

HTTP Headers

GET /media/mainstream/icon.js HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:20 GMT
Content-Type: application/javascript
Content-Length: 6570
Connection: keep-alive
ETag: "a8e36248f01478844f0c4db185e945a0"
Last-Modified: Mon, 03 Apr 2023 12:31:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 179960856946CB5F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1679349305#423363716/gid:0/gname:root/mode:33279/mtime:1655387452#842583333/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.842583333Z
Expires: Tue, 19 Nov 2024 16:08:20 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

208.cryshopwear.live/media/mainstream/sound.js

185.155.184.79

5.0 kB

URL
208.cryshopwear.live/media/mainstream/sound.js
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
ASCII text, with very long lines (5014), with no line terminators
Size
5.0 kB (5014 bytes)
Hash
1f1fed792da20aa1e75213d3f1839a0d
b5744653854dc322effae7e83ba3b99f8818dffc
32cde492155502743e1b7c5ec41ba974216be8c331db01e5cd933726443241df

HTTP Headers

GET /media/mainstream/sound.js HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:20 GMT
Content-Type: application/javascript
Content-Length: 5014
Connection: keep-alive
ETag: "1f1fed792da20aa1e75213d3f1839a0d"
Last-Modified: Wed, 20 Sep 2023 15:25:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 1799608569712017
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#348024780/gid:0/gname:root/mode:33279/mtime:1655387452#846583343/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.846583343Z
Expires: Tue, 19 Nov 2024 16:08:20 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.74

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 18 Nov 2023 21:06:01 GMT
expires: Sun, 17 Nov 2024 21:06:01 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 154939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

208.cryshopwear.live/media/mainstream/all/ab/2008.css

185.155.184.79

22 kB

URL
208.cryshopwear.live/media/mainstream/all/ab/2008.css
IP
185.155.184.79:0
ASN
#6898 SERVER.swiss Sagl

File type
ASCII text, with CRLF line terminators
Size
22 kB (21546 bytes)
Hash
a008e2dbe07922242a5f012ccd7da015
1b0718855d0c5ca6e25d4553e312c8652df334a7
903a8f67a7fa0613988fa1ab30073aac45e856b60c7b1eace94a95b70db41e42

HTTP Headers

GET /media/mainstream/all/ab/2008.css HTTP/1.1
Host: 208.cryshopwear.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://208.cryshopwear.live/awyerrlk/article208.doc?u=4dkpaew&o=81yk607&cid=1sisi1ac28hfb&f=1&sid=t9~qjzvldnrs5553yf3lkmapb2r&fp=iPgeRXPBCqGnhJm2zI8uGw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 20 Nov 2023 16:08:20 GMT
Content-Type: text/css
Content-Length: 21546
Connection: keep-alive
ETag: "a008e2dbe07922242a5f012ccd7da015"
Last-Modified: Wed, 20 Sep 2023 15:23:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 1799608A39E67A0C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#284024580/gid:0/gname:root/mode:33188/mtime:1661084880#124572000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-08-21T12:28:00.124572Z
Expires: Tue, 19 Nov 2024 16:08:20 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

treegreeny.org/KDJnCSZn

0.0.0.0

0 B

URL GET
treegreeny.org/KDJnCSZn
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /KDJnCSZn HTTP/1.1
Host: treegreeny.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

backendjs.org/HVcLbYCK

0.0.0.0

0 B

URL GET
backendjs.org/HVcLbYCK
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /HVcLbYCK HTTP/1.1
Host: backendjs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

drilledgas.org/dpw79r1k

0.0.0.0

0 B

URL GET
drilledgas.org/dpw79r1k
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dpw79r1k HTTP/1.1
Host: drilledgas.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

drilledgas.org/dpw79r1k

0.0.0.0

0 B

URL GET
drilledgas.org/dpw79r1k
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dpw79r1k HTTP/1.1
Host: drilledgas.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

s.w.org/images/core/emoji/14.0.0/svg/1f642.svg

0.0.0.0

0 B

URL GET
s.w.org/images/core/emoji/14.0.0/svg/1f642.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/core/emoji/14.0.0/svg/1f642.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.jerkos-welt.com/wp-content/themes/activello120921/assets/css/font-awesome.min.css?ver=6.1.4

209.182.198.166

200 OK

29 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/themes/activello120921/assets/css/font-awesome.min.css?ver=6.1.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (28900)
Size
29 kB (29063 bytes)
Hash
4083f5d376eb849a458cc790b53ba080
fb5b49426dee7f1508500e698d1b3c6b04c8fcce
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

HTTP Headers

GET /wp-content/themes/activello120921/assets/css/font-awesome.min.css?ver=6.1.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Mon, 05 Oct 2020 13:23:34 GMT
vary: Accept-Encoding
etag: W/"5f7b1e56-7187"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.3

209.182.198.166

200 OK

315 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.3
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (62916), with CRLF line terminators
Size
315 kB (314775 bytes)
Hash
ba28783a0d953f67b7cc15f9f63b6c72
9d5ab450cbae7333979693e221ec6c9fe542f017
88ade16a4898f80ca0e68847eee08cb7688fff1dbc8a5aff3a6d5ed798da51fb

HTTP Headers

GET /wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.3 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
last-modified: Tue, 21 Feb 2023 00:48:10 GMT
vary: Accept-Encoding
etag: W/"63f414ca-4cd97"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/themes/activello120921/assets/js/vendor/modernizr.min.js?ver=6.1.4

209.182.198.166

200 OK

16 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/themes/activello120921/assets/js/vendor/modernizr.min.js?ver=6.1.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (14852)
Size
16 kB (15506 bytes)
Hash
a1db66cada6cf5ebf16f8b85c44aabca
c381cd0325cdf4fa6700476d69f5542ebd67a533
ce42c50fe7ec95fff7f081318f1c3e04b9230223f3ca0531d114b013cc8db193

HTTP Headers

GET /wp-content/themes/activello120921/assets/js/vendor/modernizr.min.js?ver=6.1.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
last-modified: Mon, 05 Oct 2020 13:23:34 GMT
vary: Accept-Encoding
etag: W/"5f7b1e56-3c92"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

backendjs.org/HVcLbYCK

0.0.0.0

0 B

URL GET
backendjs.org/HVcLbYCK
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /HVcLbYCK HTTP/1.1
Host: backendjs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.jerkos-welt.com/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.19

209.182.198.166

200 OK

5.7 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.19
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5974), with no line terminators
Size
5.7 kB (5732 bytes)
Hash
309a63d17140e37b4817dfe3a95fb399
0334cbdfeddb0a646db0d897a4a70e5eb91b801e
42b24dcf9ea80377ac6e580b377bbf446e30f467d2a08174f9a810697a9c21d3

HTTP Headers

GET /wp-content/plugins/google-language-translator/css/toolbar.css?ver=6.0.19 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Sat, 18 Mar 2023 08:05:22 GMT
vary: Accept-Encoding
etag: W/"641570c2-1664"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

www.jerkos-welt.com/wp-content/themes/activello120921/style.css?ver=6.1.4

209.182.198.166

200 OK

45 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/themes/activello120921/style.css?ver=6.1.4
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (639)
Size
45 kB (45037 bytes)
Hash
5736e0943ffe96b1fbc3da6eed3a14e2
acb843def2cbd507df81ec82a2fda12531040fb5
ba3f03e5ce650298c1d9a16c83a46f351000ff44d47b5f3c20c2cefd7390180c

HTTP Headers

GET /wp-content/themes/activello120921/style.css?ver=6.1.4 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Mon, 20 Sep 2021 01:22:17 GMT
vary: Accept-Encoding
etag: W/"6147e249-afed"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

drilledgas.org/dpw79r1k

0.0.0.0

0 B

URL GET
drilledgas.org/dpw79r1k
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dpw79r1k HTTP/1.1
Host: drilledgas.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.jerkos-welt.com/wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.3

209.182.198.166

200 OK

117 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.3
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1959), with CRLF line terminators
Size
117 kB (116794 bytes)
Hash
0032abfc99a5cdf4411cafe7707ffeb9
66556c393fb262351feabe57d41196d8323a3dd6
ffce487df4744525fd529363bd47e310529698170c91084a5099f760fa957569

HTTP Headers

GET /wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.3 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 00:48:08 GMT
vary: Accept-Encoding
etag: W/"63f414c8-1c83a"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

slurpslimes.org/spzPgNkL

0.0.0.0

0 B

URL GET
slurpslimes.org/spzPgNkL
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /spzPgNkL HTTP/1.1
Host: slurpslimes.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

windowlight.org/bXz6bx5C

0.0.0.0

0 B

URL GET
windowlight.org/bXz6bx5C
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bXz6bx5C HTTP/1.1
Host: windowlight.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

draggedline.org/1zkzW2Mq

0.0.0.0

0 B

URL GET
draggedline.org/1zkzW2Mq
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1zkzW2Mq HTTP/1.1
Host: draggedline.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

slurpslimes.org/spzPgNkL

0.0.0.0

0 B

URL GET
slurpslimes.org/spzPgNkL
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /spzPgNkL HTTP/1.1
Host: slurpslimes.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

sarcoma.space/js/min.main.js

0.0.0.0

0 B

URL GET
sarcoma.space/js/min.main.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/min.main.js HTTP/1.1
Host: sarcoma.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

c0.wp.com/c/6.1.4/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.1.4/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
11 kB (11256 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.1.4/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Tue, 19 Nov 2024 16:08:15 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

treegreeny.org/KDJnCSZn

0.0.0.0

0 B

URL GET
treegreeny.org/KDJnCSZn
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /KDJnCSZn HTTP/1.1
Host: treegreeny.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

bigbricks.org/cjpYRFns

0.0.0.0

0 B

URL GET
bigbricks.org/cjpYRFns
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cjpYRFns HTTP/1.1
Host: bigbricks.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.jerkos-welt.com/wp-content/plugins/wp-lightbox-2/js/dist/wp-lightbox-2.min.js?ver=1.3.4.1

209.182.198.166

200 OK

35 kB

URL GET HTTP/2
www.jerkos-welt.com/wp-content/plugins/wp-lightbox-2/js/dist/wp-lightbox-2.min.js?ver=1.3.4.1
IP
209.182.198.166:443
ASN
#54641 IMH-IAD

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuercPanel, Inc.
Subjectjerkos-welt.com
Fingerprint95:82:85:A1:F2:E2:A1:C4:A2:B9:9D:E4:45:1A:61:1C:F8:20:7F:D5
ValiditySat, 11 Nov 2023 00:00:00 GMT - Fri, 09 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17750), with CRLF, LF line terminators
Size
35 kB (35320 bytes)
Hash
803155a3756d3bbb47410d0756efc0b4
95f864b44fa5975a59d3a70dcc89eca62ab47497
15ab759371a641cd4fcb4f723b2d2f39a3b26239112157cd6b1fb59c974ef7f2

HTTP Headers

GET /wp-content/plugins/wp-lightbox-2/js/dist/wp-lightbox-2.min.js?ver=1.3.4.1 HTTP/1.1
Host: www.jerkos-welt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
last-modified: Mon, 20 Nov 2023 12:31:31 GMT
vary: Accept-Encoding
etag: W/"655b51a3-89f8"
expires: Mon, 27 Nov 2023 16:08:15 GMT
cache-control: max-age=604800, public, must-revalidate
x-proxy-cache: STATIC/TYPE
content-encoding: br
X-Firefox-Spdy: h2

bluegaslamp.org/V4CHvFq8

0.0.0.0

0 B

URL GET
bluegaslamp.org/V4CHvFq8
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /V4CHvFq8 HTTP/1.1
Host: bluegaslamp.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

machinetext.org/q7RzzRnM

0.0.0.0

0 B

URL GET
machinetext.org/q7RzzRnM
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /q7RzzRnM HTTP/1.1
Host: machinetext.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

linedgreen.org/mCGhH5yY

0.0.0.0

0 B

URL GET
linedgreen.org/mCGhH5yY
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mCGhH5yY HTTP/1.1
Host: linedgreen.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

slurpslimes.org/spzPgNkL

0.0.0.0

0 B

URL GET
slurpslimes.org/spzPgNkL
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /spzPgNkL HTTP/1.1
Host: slurpslimes.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

sarcoma.space/js/min.main.js

0.0.0.0

0 B

URL GET
sarcoma.space/js/min.main.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/min.main.js HTTP/1.1
Host: sarcoma.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

treegreeny.org/KDJnCSZn

0.0.0.0

0 B

URL GET
treegreeny.org/KDJnCSZn
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /KDJnCSZn HTTP/1.1
Host: treegreeny.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

drilledgas.org/dpw79r1k

0.0.0.0

0 B

URL GET
drilledgas.org/dpw79r1k
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dpw79r1k HTTP/1.1
Host: drilledgas.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

bigbricks.org/cjpYRFns

0.0.0.0

0 B

URL GET
bigbricks.org/cjpYRFns
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cjpYRFns HTTP/1.1
Host: bigbricks.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

c0.wp.com/c/6.1.4/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.1.4/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.jerkos-welt.com/klein-jerkos-bericht-zur-lage/lifestyle/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11126)
Size
11 kB (11224 bytes)
Hash
79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

HTTP Headers

GET /c/6.1.4/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.jerkos-welt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 16:08:15 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Tue, 19 Nov 2024 16:08:15 GMT
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (74)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type