| GET u-sp-sredirec.web.app/ |  199.36.158.100 | 200 OK | 3.7 kB |
URL User Request GET HTTP/2IP199.36.158.100:443
CertificateIssuerGoogle Trust Services LLC Subjectweb.app Fingerprint91:91:14:02:FC:83:4D:86:C4:39:E9:2F:0A:4D:72:FC:05:07:86:F3 ValidityMon, 13 Nov 2023 20:32:12 GMT - Sun, 11 Feb 2024 20:32:11 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (4098) Hash4813e173ae83eaeff3b6ef055cde396b 6151268eda5cb7d44a2b8da16ec51087b5ddd96c d454c2d147f2bcf2d365f6589fc2a0ade6e93ed712814b9fc375486ac0fab55a
| Analyzer | Verdict | Alert |
|---|
| PhishTank | phishing | Other | | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: u-sp-sredirec.web.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "500256b3d885bd1f0b87cc4d5eaa028ad182d745357465d6fe5c517ccbd57483-br"
last-modified: Wed, 26 Apr 2023 21:49:29 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 17 Nov 2023 05:19:34 GMT
x-served-by: cache-bma1643-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1700198375.810210,VS0,VE104
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3704
X-Firefox-Spdy: h2
|
| GET api.telegram.org/bot6170862736:AAFIOsMQMBpbP_NOt5br6fA281Vucr64kD8/getUpdates?limit=1&offset=-1 |  149.154.167.220 | 200 OK | 23 B |
URL GET HTTP/2api.telegram.org/bot6170862736:AAFIOsMQMBpbP_NOt5br6fA281Vucr64kD8/getUpdates?limit=1&offset=-1 IP149.154.167.220:443 ASN#62041 Telegram Messenger Inc
Requested byhttps://u-sp-sredirec.web.app/ CertificateIssuerGoDaddy.com, Inc. Subjectapi.telegram.org Fingerprint8A:10:B5:B9:B1:57:AB:DA:19:74:5B:AB:62:1F:38:03:72:FE:8E:47 ValiditySun, 26 Mar 2023 07:39:18 GMT - Fri, 26 Apr 2024 07:39:18 GMT
File typeJSON data\012- , ASCII text, with no line terminators Hash3aea26bbb1a80be6defef5e08b785138 47bd5d2600766cb214972441b754fbf0e2e1a458 2321bd0dcab3570cb4b36871411be2b13d70ccbaca5db547ed054b87ee563684
GET /bot6170862736:AAFIOsMQMBpbP_NOt5br6fA281Vucr64kD8/getUpdates?limit=1&offset=-1 HTTP/1.1
Host: api.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://u-sp-sredirec.web.app/
Origin: https://u-sp-sredirec.web.app
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 17 Nov 2023 05:19:35 GMT
content-type: application/json
content-length: 23
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2
|
| GET encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSBUDqIgVQHGOfNUaYgbNBasVan0vq75G58_-vVSdZJPw&s | 142.250.74.142 | 200 OK | 1.4 kB |
URL GET HTTP/2encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSBUDqIgVQHGOfNUaYgbNBasVan0vq75G58_-vVSdZJPw&s IP142.250.74.142:443
Requested byhttps://u-sp-sredirec.web.app/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28 ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT
File typePNG image data, 130 x 130, 8-bit colormap, non-interlaced\012- data Hash8d643b553cebe499c91575ca171939e9 511d04ea1506cf7755b95d46c6a16cd3bc4017d8 97bc07ff4a031f7bcdc2bbcefa6bc636902c188e8e5f79affd999bb2c1046c9f
GET /images?q=tbn:ANd9GcSBUDqIgVQHGOfNUaYgbNBasVan0vq75G58_-vVSdZJPw&s HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u-sp-sredirec.web.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 1415
date: Fri, 17 Nov 2023 05:19:35 GMT
expires: Sat, 16 Nov 2024 05:19:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 09 Jan 2020 15:49:23 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|