Report - 9e2722ab.joinsafelyonline.com/routes/9e2722ab/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x

Report Overview

Visited public
2023-12-05 01:23:42
Tags
URL
9e2722ab.joinsafelyonline.com/routes/9e2722ab/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211-
Finishing URL
cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
IP / ASN
163.171.129.207
#54994 QUANTILNETWORKS
Title
cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cnsgtfmd.com	unknown	unknown	No data	No data	6.2 kB	144 kB	188.114.97.1
ka-p.fontawesome.com	4489	2012-10-18	2019-12-16 21:35:53	2023-12-04 05:23:47	1.5 kB	331 kB	172.64.147.188
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-04 06:26:24	543 B	129 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-04 06:42:16	886 B	3.0 kB	142.250.74.106
9e2722ab.joinsafelyonline.com	unknown	2016-05-09	2023-01-25 05:33:16	2023-06-20 16:53:42	591 B	32 kB	163.171.128.172
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-12-04 18:21:50	924 B	30 kB	152.199.19.160
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-04 07:58:24	1.3 kB	196 kB	216.58.207.200
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-12-04 05:23:47	923 B	13 kB	172.64.147.188
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-04 08:14:01	468 B	89 kB	216.58.211.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed
2023-12-05	medium	cnsgtfmd.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	127 B	2023-03-07	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen16 Hash f92940178528cff899349c6b3bc8f6b5 71946185435cc4ee489eed6d3b8cb89c9e482857 1c176f72b1e82fdcc2b59f3161850788a57e77e4e9df64f1147a6d8a5228552b Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	391 B	2023-11-12	2024-08-20
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen6 Hash 6ad29f62c91623b91b6ee31ae79351f0 4df1603346f9519e3506f625d1695e5778e7a095 dcdeb8a1a35452c114257a3c7b98df47e3a83c3779dcc1ebadf908999b703b76 Loading...

	cnsgtfmd.com/user/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL cnsgtfmd.com/user/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 05:20 Times Seen341356 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 05:20 Times Seen340556 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-09
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 04:39 Times Seen27448 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	kit.fontawesome.com/b314bdf1b3.js	ScriptElement	12 kB	2023-12-02	2024-08-20
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 172.64.147.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 07:59 Last Seen2024-08-20 17:05 Times Seen14 Hash c75dc3fa76945b139ef548c6e5389e01 305badc7e874515c999645bf610f7ce71d1f2882 6eec89b6d86be9a29531d5803b6c0546d19e6c9b4b457bb0e326517e2d0fd80c Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	264 B	2023-03-07	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen22 Hash 50b8d257c149e4c89eb8fcd42cbb90bd ec36a40fb37b6fcca17ac892e3b274ecff9c5164 04b5d8be7fc682489a5060b6832c7a14ebe5480a284f3f9d55f0a0407aeff7b0 Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	166 B	2023-03-07	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 08:25 Times Seen35 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 05:15 Times Seen68090 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	cnsgtfmd.com/common_tpls/js/form_support.js?v=1101202201	ScriptElement	3.8 kB	2023-03-08	2024-08-21
Pretty URL cnsgtfmd.com/common_tpls/js/form_support.js?v=1101202201 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25 Last Seen2024-08-21 08:25 Times Seen40 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	528 B	2023-03-07	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:11 Times Seen24 Hash 10dd1b2ab36045f6dd30390708c046c8 5ea106d1b689de5bda25b576ae36d26160ed6795 6d5167f39f1f849ab2050bb2429f122ed1e62a41d7bdcf18a9ec09438f087e88 Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	500 B	2023-06-20	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-20 05:08 Last Seen2024-08-21 08:25 Times Seen30 Hash b3a1b315d6288a561818ce4d5253d7f6 2ce9c680b598f3cc1e3962a44ef82ae5fa4494fd 91fd13dbb2b63dbb6392347bd6b26447b1e7aa12711de8bd71979cd981ff1cb4 Loading...

	cnsgtfmd.com/common_tpls/js/iframeResizer.contentWindow.min.js	ScriptElement	13 kB	2023-03-07	2025-04-17
Pretty URL cnsgtfmd.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 05:46 Times Seen84 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	www.googletagmanager.com/gtm.js?id=GTM-NSCK9H9	ScriptElement	115 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-NSCK9H9 IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 02:23 Last Seen2023-12-05 02:23 Times Seen1 Hash 47ab0b62902d4721be20303c5edb3877 5cd320ee103763c092ac80a130a6cfc8672e6626 3c7f39d2e439e75266ad75fd0d94bd7ca010483829064956cd9bf75ef3c06ffd Loading...

	www.googletagmanager.com/gtag/js?id=G-90FLKCEX7T&l=dataLayer&cx=c	ScriptElement	229 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-90FLKCEX7T&l=dataLayer&cx=c IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 02:23 Last Seen2023-12-05 02:23 Times Seen1 Hash 56634baa9e4488bf773fc0fbf86838dd 20077664c0ed5b8c43504b7d9b92d5626664b125 a6c409ca36e68b469fd65392644744464eaafac0c2bfddf5aac8b953d44df522 Loading...

	cnsgtfmd.com/common_tpls/js/validate_form_v2.js?jsv=35	ScriptElement	26 kB	2023-11-12	2024-08-20
Pretty URL cnsgtfmd.com/common_tpls/js/validate_form_v2.js?jsv=35 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen24 Hash 44bf7e2fb58e77a3ab76bb6191b1a862 f6516881e1c2b17e923ca1a651de92a22c4ccaa7 b3f9ad8a6b5ee12a78a32d898be23898f6d340765e340873e0253feb3b0e8825 Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	2.5 kB	2023-03-12	2024-08-21
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 21:04 Last Seen2024-08-21 07:54 Times Seen14 Hash ac428da6c58b59908e1e32ae534c701f 6762e6723215e67f3bc59d70921dff1c31cf340f 99f03e720b2056ee9fe812f4e55e01df1e9ff78e25b193457cfea0e9bf452cce Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	154 B	2023-03-07	2024-08-20
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-20 16:45 Times Seen4 Hash 7ca4548110bd2c05da7e5222ccfbb504 0649d1bcc1e6f3cd57af1273b2a511dc9b4f415f ac2642ddd2f2bd3248dcbcaeaadbe6a4e74fa2d8b5bc88e7dfb9d3b1e341a748 Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	341 B	2023-03-07	2024-08-20
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-20 16:45 Times Seen4 Hash b8efe6a55af9822df37e3a215856c4ce 7a3cb9da219880386319fbb0a0f0c7e9dcdc9fbf 92a59ecee117a08d199a1443de12eded994ab404d4f982470756e39fb38c52ee Loading...

	cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f	ScriptElement	61 B	2024-08-20	2024-08-20
Pretty URL cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash 8626388644199912221cddd1b6e1da35 ac7de8df34ece2518c3a8326fe8034560e39ba5c e42fa11605b8a8c7c5f73f3ce0dcaf744f965b03393526ea83fb12e4adaf2be1 Loading...

	www.googletagmanager.com/gtag/js?id=UA-208173773-1	ScriptElement	191 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-208173773-1 IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 02:23 Last Seen2023-12-05 02:23 Times Seen1 Hash 24986fd2952b756b1bbc07aafb4f3781 ce31d6aded50f14906afd0b02cbf25fb596e2ced 3759dcaff006e35d2e96a9c82a7fb9dd61f9e281a08ed8035a6e20b1733ed785 Loading...

HTTP Transactions (26)

URL IP Response Size

9e2722ab.joinsafelyonline.com/routes/9e2722ab/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211-

163.171.128.172

31 kB

URL
9e2722ab.joinsafelyonline.com/routes/9e2722ab/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211-
IP
163.171.128.172:0
ASN
#54994 QUANTILNETWORKS

File type
gzip compressed data, max compression\012- data
Size
31 kB (30774 bytes)
Hash
81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

HTTP Headers

GET /routes/9e2722ab/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211- HTTP/1.1
Host: 9e2722ab.joinsafelyonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 05 Dec 2023 01:23:17 GMT
content-type: text/html; charset=UTF-8
server: waf/4.35.0-0.el7
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://cnsgtfmd.com/user/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211-&sitekey=69b4d2e1b8a025e8&rtr=1&rtid=6167035365
x-via: 1.1 PS-LAX-01iL8141:7 (Cdn Cache Server V2.0), 1.1 kf160:2 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1gi91:16 (Cdn Cache Server V2.0)
x-ws-request-id: 656e7b85_PSdgflkfFRA1vg90_19216-10843
set-cookie: PHPSESSID=1985deee2bc0b42057a77c6b7028b79a; path=/; secure; SameSite=None
HMF_CI=c32580f98bea0792a9c95dbfd9db80a05b5d7832816860a7819166c2e3c6a964cb8f1da3b66ef20af9e8a4a02d75aa2cd0b71679edc96d4fd84eb465b38e599250; Expires=Thu, 04-Jan-24 01:23:17 GMT; Path=/
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

20 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
20 kB (19629 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 20926080
cache-control: public,max-age=31536000
content-type: text/css
date: Tue, 05 Dec 2023 01:23:19 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 11835932
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 05 Dec 2023 01:23:19 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-208173773-1

216.58.207.200

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-208173773-1
IP
216.58.207.200:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68994 bytes)
Hash
24986fd2952b756b1bbc07aafb4f3781
ce31d6aded50f14906afd0b02cbf25fb596e2ced
3759dcaff006e35d2e96a9c82a7fb9dd61f9e281a08ed8035a6e20b1733ed785

HTTP Headers

GET /gtag/js?id=UA-208173773-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 01:23:19 GMT
expires: Tue, 05 Dec 2023 01:23:19 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68994
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f

188.114.97.1

200 OK

5.2 kB

URL User Request GET HTTP/3
cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (536)
Size
5.2 kB (5220 bytes)
Hash
b95ceb85ff2e6a49d787393c0fb33859
d35d08aae66a237203c1955b790bbd738a3454fb
2bb1c8aebf8866933d20b91fb7beef06c5c5e1593a25cddba4200d3889799194

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/?SID=03cd74ba7f30571477e6fc9492070d7f HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?ofid=410&a_aid=9e2722ab&a_bid=14da04fb&x_o=962&x_r=48783287&x_a=7447&x_c=2211-&sitekey=69b4d2e1b8a025e8&rtr=1&rtid=6167035365
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqhxMId5gnnsHeSkGuOPL%2BpfFpc7uQgltrS0mfw1hHvEFAov9OXarJGIs9AONLcU2vxil9Bx3o4dhstBM%2F8VfYrOvghl8o1CDDhKQasUA8LkagUJts29CBAHdH2n8N8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83087bac5dcfb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cnsgtfmd.com/common_tpls/images/ajax-loader.gif

188.114.97.1

200 OK

3.2 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/images/ajax-loader.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWsReqAW3xFj2NzWYR2IH9YxYmTSiI1GpPwiug1rOF7uhmoASoS6moFy86nYElfcLNEyP5kgSQogJGv3h5P7EM%2Fw09kCmbw4dMx7Hx5P8nujZZovxlH5wP3Oe3eosUU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea5b4eb-OSL
alt-svc: h3=":443"; ma=86400

cnsgtfmd.com/common_tpls/images/icons/email_dr.png

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/images/icons/email_dr.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1102 bytes)
Hash
68397c726eab4dbc701d16b6fdfe5975
6fdfe37f51c0c18651fb3c9ec7cc91ac31d0309a
c46c7c320f0d3330a24cb21fe0d22c7b37435cb901c92cc2e9ecbea25e7bec2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/email_dr.png HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: image/png
content-length: 1102
last-modified: Tue, 17 Oct 2017 18:45:06 GMT
etag: "59e64fb2-44e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PoxDe4IcgqH2vmPDJFFNqYESJNBxyENBybRRy2J9S0cwLsP7CETXph9ArSvk9EkM0ikQuGloYbhzL3YR0AuUiddLiOEDzoKSEg7cDPKT4yhFpL6oz02Fjf%2B65%2FSUkfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea6b4eb-OSL
alt-svc: h3=":443"; ma=86400

cnsgtfmd.com/common_tpls/images/icons/password_dr.png

188.114.97.1

200 OK

1.2 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/images/icons/password_dr.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1231 bytes)
Hash
f07302761dee9dc8589c02f5592ff92c
1348f867c8fda17789df57260813851690f73bb0
fd51de4b0f8b74cbe73c83f3a90587f628de3d5ac279e6b8348c94a01272b647

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/password_dr.png HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: image/png
content-length: 1231
last-modified: Tue, 17 Oct 2017 18:45:06 GMT
etag: "59e64fb2-4cf"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4QCGsl3BaJjV3YJE4gGBADCchqRfR1jnUpcEAPC5KMBN%2BhXwYHtxik3pANg7naCeSUKTYkBzeiwmXYbrPk16bdJs3B%2B5ri6Kk4mKyRDNIgxDJj7faNe2Acrb9Uliyg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea9b4eb-OSL
alt-svc: h3=":443"; ma=86400

cnsgtfmd.com/common_tpls/images/icons/user_dr.png

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/images/icons/user_dr.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1130 bytes)
Hash
5d83b810e912a0436fde2ca255d2dce8
a0bcc91e1c6aca1f20bb9e0d89daf6643d77fe74
b03a0611d454e9d2e14d6dbbdbb3e82db53799b294d00c3e067279eec82f2a6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/user_dr.png HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: image/png
content-length: 1130
last-modified: Tue, 17 Oct 2017 18:45:06 GMT
etag: "59e64fb2-46a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABxE9qrED3kMvRfOsLzMwJVqth36tqwJ%2Fzc6qPzJFHbfrehwS4mg0y6I6nopr96fWm3%2B4l%2Fv6KCDCyISTxzq%2BPZfOd2TTrMJ70b3QFjvRki6g60hL3Hlg3jlAVz8pF4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea7b4eb-OSL
alt-svc: h3=":443"; ma=86400

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

172.64.147.188

200 OK

2.6 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
2.6 kB (2603 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsgtfmd.com/
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 83087bb33be0b52d-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

172.64.147.188

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsgtfmd.com/
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 83087bb32bddb52d-OSL
X-Firefox-Spdy: h2

cnsgtfmd.com/common_tpls/js/iframeResizer.contentWindow.min.js

188.114.97.1

200 OK

59 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
ASCII text, with very long lines (12990)
Size
59 kB (59303 bytes)
Hash
2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: application/javascript
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2X2wVRf%2F66cvQiG1SmQtAkJGHukrucGbo4taFpkcSMnQwZERPmj22W59HBGkZ7N8G8Y7rnFgcHNTFpDLyA9wrw9ltPi429KnIbufoWD8LNbNNgyykAjtUOiY9%2Fz0sm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baedebcb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css

172.64.147.188

200 OK

0 B

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsgtfmd.com/
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F52vxKt7D8HYnAmk6zbB
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 83087bb33be4b52d-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-NSCK9H9

216.58.207.200

200 OK

44 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-NSCK9H9
IP
216.58.207.200:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
44 kB (44393 bytes)
Hash
47ab0b62902d4721be20303c5edb3877
5cd320ee103763c092ac80a130a6cfc8672e6626
3c7f39d2e439e75266ad75fd0d94bd7ca010483829064956cd9bf75ef3c06ffd

HTTP Headers

GET /gtm.js?id=GTM-NSCK9H9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 01:23:20 GMT
expires: Tue, 05 Dec 2023 01:23:20 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44393
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-90FLKCEX7T&l=dataLayer&cx=c

216.58.207.200

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-90FLKCEX7T&l=dataLayer&cx=c
IP
216.58.207.200:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
81 kB (81288 bytes)
Hash
56634baa9e4488bf773fc0fbf86838dd
20077664c0ed5b8c43504b7d9b92d5626664b125
a6c409ca36e68b469fd65392644744464eaafac0c2bfddf5aac8b953d44df522

HTTP Headers

GET /gtag/js?id=G-90FLKCEX7T&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 01:23:20 GMT
expires: Tue, 05 Dec 2023 01:23:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.227

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 00:33:04 GMT
expires: Fri, 29 Nov 2024 00:33:04 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
age: 435016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cnsgtfmd.com/common_tpls/compactML/css/verLblue.css

188.114.97.1

200 OK

36 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/compactML/css/verLblue.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
ASCII text, with very long lines (35781), with no line terminators
Size
36 kB (35781 bytes)
Hash
3a36ee43874303ccfe644a675468581e
952e6e381db4d48899972073ee5ec0a485c9c677
7dc23aba443c26450e47762c8e32e70b08a9f333deff6fd14922b3251307047c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/compactML/css/verLblue.css HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 20:37:16 GMT
etag: W/"5eac887c-8bc5"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkwfTTKAk3Q%2BcBVzrqZjlQtQAN6OaXL9UqYOIQU2y3p887XE3TeEqhFhw%2FOHwuaBsd1TATSmEoxY%2F2le%2Bekj0SML%2FEnaJ6uC6BhNJw5COanMTmJpyy1yW0YYB3tpr6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baebe9eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/b314bdf1b3.js

172.64.147.188

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11461)
Size
12 kB (12001 bytes)
Hash
c75dc3fa76945b139ef548c6e5389e01
305badc7e874515c999645bf610f7ce71d1f2882
6eec89b6d86be9a29531d5803b6c0546d19e6c9b4b457bb0e326517e2d0fd80c

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5227UM8dCiqbbWqR7pB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 83087baf0b36b52d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cnsgtfmd.com/common_tpls/js/form_support.js?v=1101202201

188.114.97.1

200 OK

3.8 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/js/form_support.js?v=1101202201
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
ASCII text, with very long lines (4261), with no line terminators
Size
3.8 kB (3799 bytes)
Hash
bd72340aa5a6ac08cf9a0fdbd650579c
c0550503cbb35b4abcc5618fc78a0cb18c26c89c
783abe18fe8132421d19b383088f95e95a9ee6ac64b85bd2e2b178b481ab2ca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 21:23:37 GMT
etag: W/"6377f7d9-ed7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlV3tnQt4lCJx2QaSaqcvd1wkSQ2CIYHGRNnX%2BksuI5dAX6YLqa228HiDisQlCIEjCYBoG1P3fT6Sax8tYU0LO4jxVSEiH4PKMKYhLmzpq%2FaJfMqB6JmftuHA%2FZksHM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea1b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cnsgtfmd.com/favicon.ico

188.114.97.1

404 Not Found

162 B

URL GET HTTP/3
cnsgtfmd.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
42b7c03ebcddafdb2aa3078e3a9ceb69
57570cf4712b36bce96f68228e6c72137c2156dd
a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSI4LFLLp8PLQM7fsDUvlWYfqiHG%2BAL%2Fa4iaURZmqIWsfwOH%2F1a58ZgLBoprv43wQDoj7jnk%2BPB%2BlIRN%2Bu0ySnPV5PfQJ9AVTJbvI2hmirS9nXM7cCJ4MLQiZ4e55o0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087bb5694db4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

172.64.147.188

200 OK

323 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
323 kB (322695 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsgtfmd.com/
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 83087bb32bdcb52d-OSL
X-Firefox-Spdy: h2

cnsgtfmd.com/common_tpls/js/validate_form_v2.js?jsv=35

188.114.97.1

200 OK

26 kB

URL GET HTTP/3
cnsgtfmd.com/common_tpls/js/validate_form_v2.js?jsv=35
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type

Size
26 kB (26000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=35 HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 00:24:58 GMT
etag: W/"6530775a-6590"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aythrh0SK0f%2Ft1AJylTkbU9UrQJmJgjSXH71WZktSkLGd%2BUJUms0ZZ3SaZCEYpOE6f0ZZNuvJRpMcg%2FCFTBUpNU9nR1KbUWwLw7%2Bg4eTQsYtGtI9UKco4wbU%2B9hU3zw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83087baecea3b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Quicksand

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Quicksand
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f

File type
ASCII text, with very long lines (1204), with no line terminators
Size
1.2 kB (1180 bytes)
Hash
f07261df5e889b3e4e4519ea7d30f653
8c4de5642bccfc34c5c899558497aa928a330844
5ad5a0cdaeef4329f4c9d6a967e2d1de774d111ef8e88611eeee45a03386b527

HTTP Headers

GET /css?family=Quicksand HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 01:23:20 GMT
date: Tue, 05 Dec 2023 01:23:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 01:23:19 GMT
date: Tue, 05 Dec 2023 01:23:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

216.58.211.10

200 OK

88 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cnsgtfmd.com
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 13:46:40 GMT
expires: Thu, 28 Nov 2024 13:46:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 473799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cnsgtfmd.com/user/trk/?rtid=6167035365

188.114.97.1

200 OK

21 B

URL GET HTTP/3
cnsgtfmd.com/user/trk/?rtid=6167035365
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Certificate
IssuerGoogle Trust Services LLC
Subjectcnsgtfmd.com
Fingerprint9B:E5:71:B6:78:4D:A6:EA:52:A0:BF:DB:7D:38:44:2F:28:20:FB:D1
ValidityMon, 16 Oct 2023 17:01:02 GMT - Sun, 14 Jan 2024 17:01:01 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
1f19a9d9d6ec79f0077d093a49dd7e64
c44863953ce5ad1b8ccfeb51f764c486a6d51b36
2978f3d95b32b3ce1997441b326ca52fc4fc1f6d505f391da9dc1d42bea48942

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/trk/?rtid=6167035365 HTTP/1.1
Host: cnsgtfmd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://cnsgtfmd.com/user/?SID=03cd74ba7f30571477e6fc9492070d7f
Cookie: PHPSESSID=03cd74ba7f30571477e6fc9492070d7f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 01:23:20 GMT
content-type: text/json;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGGJXl18jtIsRBGZ8KWQx0HvfdI4LpDacnIQ7XGGbFKVDDtvP1yMp4Y5Xs95l%2FTwqHvxmOOO97Z7cXB7TbhVGGPuf%2FTRnIJ0v8vSt1iIVGKIKOrlhoQP1qnBbxGEfZo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83087bb5694eb4eb-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by