Report - 1der.ru/go.php?go=aHR0cDovL2FwaS5nYXRld2F5LmV0aHN3YXJtLm9yZy9ienovYzgyNDJmNzFjOGFmOWYwNzY4ZGJjZDg3MzdmMTExZDdjN2VhZGI4YWZmZmM5ZjdjODJlZTBiMWUxNTMyNDVlOC8/Y2xpZW50SUQ9ZmFsbWVpZGFAb3ZlcnN0ZXAucHQ=

Report Overview

Visited public
2023-10-23 12:22:37
Tags
URL
1der.ru/go.php?go=aHR0cDovL2FwaS5nYXRld2F5LmV0aHN3YXJtLm9yZy9ienovYzgyNDJmNzFjOGFmOWYwNzY4ZGJjZDg3MzdmMTExZDdjN2VhZGI4YWZmZmM5ZjdjODJlZTBiMWUxNTMyNDVlOC8/Y2xpZW50SUQ9ZmFsbWVpZGFAb3ZlcnN0ZXAucHQ=
Finishing URL
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
IP / ASN
5.8.64.16
#44812 Ip Server LLC
Title
Roundcube Webmail :: Welcome to Roundcube Webmail

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1der.ru	unknown	2018-04-20	2015-06-11 05:07:03	2023-10-22 03:43:06	650 B	3.1 kB	5.8.64.16
api.gateway.ethswarm.org	unknown	2019-02-26	2022-05-25 14:15:18	2023-10-22 03:37:04	9.1 kB	791 kB	3.122.207.255
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-10-23 00:36:16	442 B	28 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed
2023-10-23	medium	ethswarm.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/jquery.min.js?s=1593860325	ScriptElement	90 kB	2023-03-07	2025-05-13
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/jquery.min.js?s=1593860325 IP 3.68.172.36 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02 Last Seen2025-05-13 01:19 Times Seen217 Hash 80d6b39faaf27486264ff13531191401 03e255f1f19107a46b09da332347baa25231fc22 542ac2738d21d5ea4a39cd05efc447c3b5ca553f212f1bff44215d3f5f007a6f Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/common.min.js?s=1593860317	ScriptElement	13 kB	2023-03-07	2025-05-13
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/common.min.js?s=1593860317 IP 3.68.172.36 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:42 Last Seen2025-05-13 01:19 Times Seen114 Hash 049e268d7293af03f8592ca0742f9eae 8b541c5cbe301227ceb20d93751b44fef18102f1 753efdc34aa0463369369e8beba0129f264d71a02a2035a197599b5faf3889f2 Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/app.min.js?s=1593860317	ScriptElement	172 kB	2023-03-07	2025-04-06
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/app.min.js?s=1593860317 IP 3.68.172.36 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:47 Last Seen2025-04-06 10:17 Times Seen75 Hash 5c113adbc3e13b4ccae16936840ee50c fad9614e59a40df068b8a952fd201c17bca5b392 e49ef33af7ca609820d8d986f7c908a590993a3671982b68528021331c4e7cfe Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt IP 3.122.207.255 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 03:22 Times Seen4677121 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt IP 3.122.207.255 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 03:22 Times Seen4677121 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/ui.min.js?s=1593860317	ScriptElement	60 kB	2023-03-07	2024-11-11
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/ui.min.js?s=1593860317 IP 3.68.172.36 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:47 Last Seen2024-11-11 23:03 Times Seen20 Hash 21d7d640b65da7435604e1dd92c76294 197717ee6a5a10c7de0448640849af35395023c1 978f0f7e4b935e437563451dcf7eafaba6ea3f519e75d2309e13da2be491eaff Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-13
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-13 22:08 Times Seen57658 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt IP 3.122.207.255 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 03:22 Times Seen4677121 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	Function	113 B	2023-04-13	2025-05-13
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 01:54 Last Seen2025-05-13 01:19 Times Seen436 Hash a7bf779bf1b210137b4e2e88f6222593 b851692bb37b698d14b0f707f17d672bc31c5f5b e8e2b385faf716c54f60ce4f50d4526026c1565675a64d46a89395221f5b1b9b Loading...

HTTP Transactions (15)

URL IP Response Size

1der.ru/go.php?go=aHR0cDovL2FwaS5nYXRld2F5LmV0aHN3YXJtLm9yZy9ienovYzgyNDJmNzFjOGFmOWYwNzY4ZGJjZDg3MzdmMTExZDdjN2VhZGI4YWZmZmM5ZjdjODJlZTBiMWUxNTMyNDVlOC8/Y2xpZW50SUQ9ZmFsbWVpZGFAb3ZlcnN0ZXAucHQ=

5.8.64.16

302 Found

2.6 kB

URL User Request GET HTTP/1.1
1der.ru/go.php?go=aHR0cDovL2FwaS5nYXRld2F5LmV0aHN3YXJtLm9yZy9ienovYzgyNDJmNzFjOGFmOWYwNzY4ZGJjZDg3MzdmMTExZDdjN2VhZGI4YWZmZmM5ZjdjODJlZTBiMWUxNTMyNDVlOC8/Y2xpZW50SUQ9ZmFsbWVpZGFAb3ZlcnN0ZXAucHQ=
IP
5.8.64.16:443
ASN
#44812 Ip Server LLC

Certificate
IssuerLet's Encrypt
Subject1der.ru
Fingerprint50:B1:DA:D5:A4:9E:2A:84:EB:D7:A8:F0:21:4B:27:47:46:40:F3:53
ValiditySun, 13 Aug 2023 05:39:55 GMT - Sat, 11 Nov 2023 05:39:54 GMT

File type
XML 1.0 document text\012- XHTML document text (version 1.0)\012- broken XHTML document text (version 1.0)\012- HTML document text\012- XML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (380), with CRLF, LF line terminators
Size
2.6 kB (2591 bytes)
Hash
0763e5358b9740d3d45bd47a7cf69383
023abbde9d32864220982262f8c21521e9db82a7
c57d70c3ab9eafa4567c36a0d348fbd258651ae336808b7cdd68c9f1f38625c3

HTTP Headers

GET /go.php?go=aHR0cDovL2FwaS5nYXRld2F5LmV0aHN3YXJtLm9yZy9ienovYzgyNDJmNzFjOGFmOWYwNzY4ZGJjZDg3MzdmMTExZDdjN2VhZGI4YWZmZmM5ZjdjODJlZTBiMWUxNTMyNDVlOC8/Y2xpZW50SUQ9ZmFsbWVpZGFAb3ZlcnN0ZXAucHQ= HTTP/1.1
Host: 1der.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 23 Oct 2023 12:22:13 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2591
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.6.40
Set-Cookie: SESS=3995u792df81hs6d5v2d769a72; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt

3.122.207.255

308 Permanent Redirect

164 B

URL User Request GET HTTP/1.1
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
IP
3.122.207.255:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 308 Permanent Redirect
Date: Mon, 23 Oct 2023 12:22:19 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Max-Age: 1728000
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt

3.68.172.36

308 Permanent Redirect

5.0 kB

URL User Request GET HTTP/1.1
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
IP
3.68.172.36:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1607)
Size
5.0 kB (5029 bytes)
Hash
64fbf2aee8339d5cc5bdcb5c7262b416
22c8f89c6be527f7501dbfb50b942eacb1a78525
1b53763227d636882a1e077c239851901e054dcf476292563415ec8393e8f93a

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/html; charset=utf-8
content-length: 5029
set-cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4; Max-Age=86400; Path=default; Secure; HttpOnly
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="index.html"
etag: "3b2fe62d34719117aedd53a42ffef6380d2f2feb47bac3d0f24b167e2775a801"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27501 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 27501
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6b6d"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4581399
expires: Sat, 12 Oct 2024 12:22:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTZ5OhF0LEOQr6WjRcYOJc%2Fy0wWLBCLMerYxGeaTECAQnnl%2F2XvkDxPMXCeFt81ZnCZNkIlNZWxX7n7H41JlR3sf%2FMXYVRNTYGvUeA3L%2B%2BGy%2F9Vp1VxEr%2B927Kum7vNEygY7mZhZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 81a9f1e91b9ab523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/common.min.js?s=1593860317

3.68.172.36

200 OK

13 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/common.min.js?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (1382)
Size
13 kB (13174 bytes)
Hash
049e268d7293af03f8592ca0742f9eae
8b541c5cbe301227ceb20d93751b44fef18102f1
753efdc34aa0463369369e8beba0129f264d71a02a2035a197599b5faf3889f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/common.min.js?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 13174
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="common.min.js"
etag: "47a4c7b0b288ca0ba1689213b1d2a1316c3a79552489eff2128a88eb4e269b05"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/logo.svg?s=1593860317

3.68.172.36

200 OK

888 B

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/logo.svg?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text
Size
888 B (888 bytes)
Hash
ddeffd34eae92b1b9b9c636636e4b9c8
19cb881a5d08d31db933da6440595767d0a02d94
2b2d9c7a82f92976268b03e13c61f64ead91a3c63b97c59cef2acbf501f67618

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/logo.svg?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: image/svg+xml
content-length: 888
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="logo.svg"
etag: "9485362e9f8180bbd17fe1805abf2fd514e0555b53555d1b89632fb94931808b"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/jquery.min.js?s=1593860325

3.68.172.36

200 OK

90 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/jquery.min.js?s=1593860325
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (64001)
Size
90 kB (89595 bytes)
Hash
80d6b39faaf27486264ff13531191401
03e255f1f19107a46b09da332347baa25231fc22
542ac2738d21d5ea4a39cd05efc447c3b5ca553f212f1bff44215d3f5f007a6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/jquery.min.js?s=1593860325 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 89595
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="jquery.min.js"
etag: "427bdba48dca94d75b204eaddeaf7833048f42188966a383840e1b46e73d1d68"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317

3.68.172.36

200 OK

103 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (103264 bytes)
Hash
20f267e2f6e8de7f45f25c55f249bd21
29b81c9fe558f3552a7247397f2b09840875a936
21745e23ab210373deba89f3d0e235a5c3a71476e85e9ce8fabdf26c40065168

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/css; charset=utf-8
content-length: 103264
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="styles.css"
etag: "232d74b2f6aabc671eb843d35625102ab8a71ed670eb2a44236064e9e345790f"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/bootstrap.min.css?s=1593860330

3.68.172.36

200 OK

156 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/bootstrap.min.css?s=1593860330
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155713 bytes)
Hash
096fafc23eb84c35bb350d486e215ffc
5bba93b213b9394f7deb540dd62f52a409f94ff6
f9ddd1e64827cb0fa09d74aa581ecfd468212261fa170ec9baddbd678389b342

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/bootstrap.min.css?s=1593860330 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/css; charset=utf-8
content-length: 155713
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="bootstrap.min.css"
etag: "a92e351f37917b6d2a995b9bd8af75e34917cba78dbfdba33cfe2716fdbcbfd3"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/app.min.js?s=1593860317

3.68.172.36

200 OK

172 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/app.min.js?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (690)
Size
172 kB (171992 bytes)
Hash
5c113adbc3e13b4ccae16936840ee50c
fad9614e59a40df068b8a952fd201c17bca5b392
e49ef33af7ca609820d8d986f7c908a590993a3671982b68528021331c4e7cfe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/app.min.js?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 171992
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="app.min.js"
etag: "821d01582443077297708adccfb21dd32d9a326ca0d746b0fc42c66f65004659"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/ui.min.js?s=1593860317

3.68.172.36

200 OK

60 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/ui.min.js?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
ASCII text, with very long lines (597)
Size
60 kB (60147 bytes)
Hash
21d7d640b65da7435604e1dd92c76294
197717ee6a5a10c7de0448640849af35395023c1
978f0f7e4b935e437563451dcf7eafaba6ea3f519e75d2309e13da2be491eaff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/js/ui.min.js?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 60147
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="ui.min.js"
etag: "7738e6cfbbadd02ef0b00eda24b49b7dbb497ca46fc7ef0bb3b4a39ce99d7e33"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2

3.68.172.36

200 OK

51 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51116, version 1.0\012- data
Size
51 kB (51116 bytes)
Hash
9549360090baf2eb8b25d3a9708fc19d
3229ae839d33696d39c89dc0d3e193fe985f1da4
a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-length: 51116
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="roboto-v19-regular.woff2"
etag: "43b4e3fad8bc863b3151257a2bd817a8cddd232a2586e107075286275751763a"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/fa-solid-900.woff2

3.68.172.36

200 OK

75 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/fa-solid-900.woff2
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
Web Open Font Format (Version 2), TrueType, length 75440, version 329.-1049\012- data
Size
75 kB (75440 bytes)
Hash
b5cf8ae26748570d8fb95a47f46b69e1
07bed153d47f9129a944ee54dd72952deed074c8
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/fa-solid-900.woff2 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-length: 75440
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="fa-solid-900.woff2"
etag: "043ca77ea7b3e2b55f6668bac4e8df1a71891f43e02e3ff76acc04f453f0d688"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/favicon.ico?s=1593860317

3.68.172.36

200 OK

2.3 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/favicon.ico?s=1593860317
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 16x16, 32 bits/pixel\012- data
Size
2.3 kB (2294 bytes)
Hash
f1ac749564d5ba793550ec6bdc472e7c
e7629a6866f78f303da1ce3acc4245931d2d9b58
57cd8ca9ca6e635c103951b8339f8661e3dbc6eded99c082c6ea1df8e866e9e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/img/favicon.ico?s=1593860317 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-type: image/x-icon
content-length: 2294
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="favicon.ico"
etag: "10f92d1bbfd920bed93732b8ea4e7c5d6badbe5617fa485c613904831d0a8332"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2

3.68.172.36

200 OK

51 kB

URL GET HTTP/2
api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2
IP
3.68.172.36:443
ASN
#16509 AMAZON-02

Requested by
https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/?clientID=falmeida@overstep.pt
Certificate
IssuerLet's Encrypt
Subjectgateway.ethswarm.org
Fingerprint90:DC:FB:81:4A:D8:A3:A0:CC:43:21:3D:77:4C:9F:79:00:F9:60:D2
ValidityWed, 20 Sep 2023 13:29:16 GMT - Tue, 19 Dec 2023 13:29:15 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51116, version 1.0\012- data
Size
51 kB (51116 bytes)
Hash
9549360090baf2eb8b25d3a9708fc19d
3229ae839d33696d39c89dc0d3e193fe985f1da4
a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/fonts/roboto-v19-regular.woff2 HTTP/1.1
Host: api.gateway.ethswarm.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://api.gateway.ethswarm.org/bzz/c8242f71c8af9f0768dbcd8737f111d7c7eadb8afffc9f7c82ee0b1e153245e8/css/styles.css?s=1593860317
Cookie: SWARMGATEWAY=9c53b8e7321ab644fb22475c949bb9db|14e11ea03cd4c35a8af9c45c9721a2e4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Oct 2023 12:22:20 GMT
content-length: 51116
x-powered-by: Express
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="roboto-v19-regular.woff2"
etag: "43b4e3fad8bc863b3151257a2bd817a8cddd232a2586e107075286275751763a"
last-modified: Mon, 23 Oct 2023 12:22:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 1728000
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, Swarm-Collection,Swarm-Index-Document,Swarm-Postage-Batch-Id,Swarm-Encrypt
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size