Report - fms.yru.ac.th/academic/redirect/87?url=//whatsnextkit.net/yuy9j

Report Overview

Visited public
2024-04-04 16:51:54
Tags
URL
fms.yru.ac.th/academic/redirect/87?url=//whatsnextkit.net/yuy9j
Finishing URL
l312mo3.ru/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Digitf

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
l312mo3.ru	unknown	2024-03-26	2024-03-26 20:11:57	2024-03-26 20:11:57	16 kB	1.1 MB	193.106.174.153
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2024-04-04 17:36:38	4.2 kB	263 kB	142.250.74.106
leostop.com	513163	2014-05-22	2014-12-29 03:04:51	2024-03-28 09:44:19	417 B	624 B	162.215.254.164
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-04-03 18:25:17	461 B	2.8 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-04-04 02:56:20	1.6 kB	107 kB	216.58.207.227
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-03-23 18:27:44	588 B	2.0 kB	142.250.74.164
maps.gstatic.com	unknown	2008-02-11	2016-01-11 17:55:17	2024-04-04 17:40:10	429 B	62 kB	142.250.74.3
whatsnextkit.net	unknown	unknown	No data	No data	868 B	674 B	193.3.19.82
fms.yru.ac.th	unknown	2004-07-21	2019-06-18 09:18:13	2024-02-01 19:46:36	517 B	8.8 kB	188.114.96.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-04-03 18:25:24	912 B	12 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed
2024-04-04	medium	l312mo3.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=en_US&callback=onApiLoad	ScriptElement	200 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=en_US&callback=onApiLoad IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 03:31 Last Seen2024-08-20 06:06 Times Seen34 Hash 42627d551e7419dac1ac2226d6ddd554 5d44b2247e58026a202264d5cfa41af702837098 1e09389d297a36e79adf6918954257b26561d74e3bb1189dcad5f557d632e9a3 Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/search_impl.js	ScriptElement	3.3 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/search_impl.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen86 Hash 769c1f2d046b385baed80a8f203073d3 0297b11d373729311d4490954e60da4799f3c2ca adb8ccb0c57662d059a8039851b4ad3a40f9b5af6263efeecca0b6be8f91308e Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/overlay.js	ScriptElement	3.4 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/overlay.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen89 Hash b580d400032768af94736fe2ae2b149a 0eca843c1f85a08dd92f5029979ecf3f36af29d9 0b44cb32e7c1877809d3486ab2cd4d2aa549f18553c2b19e5019f057324e248e Loading...

	cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.1/owl.carousel.min.js	ScriptElement	43 kB	2023-03-07	2025-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.1/owl.carousel.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-10 22:47 Times Seen5340 Hash b7b9c97cd68ec336d01a79d5be48c58d 1a99890b57c9859a622337ed0b2f989d6e30cc0e b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43 Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/util.js	ScriptElement	186 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/util.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen150 Hash 1c466f3dac7176e91b8c09aa123c213d 55503504f817d44ae44f12e6728f0d489372b0ca b10766b05169bc41d9fe4e8397dc3ee875628d20e7c624fd2602cfdddd8cf06a Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/map.js	ScriptElement	74 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/map.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen95 Hash d9d208f48db1cb6dfaa0f0387196742d c33050ed6503220333806bb8c708e59c24501c30 22abc71b913ab939964fcc4e779441144d3825c3e8885138821b9cb834dcd13d Loading...

	www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 04:21 Times Seen4650695 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	l312mo3.ru/js/bootstrap.js	ScriptElement	132 kB	2024-04-03	2025-03-11
Pretty URL l312mo3.ru/js/bootstrap.js IP 193.106.174.153 ASN #50465 IQHost Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-03 20:23 Last Seen2025-03-11 19:27 Times Seen68 Hash 9c9c933a86200186668e53b4a9c65c04 976112f2cdc9464dc7f120f4c49442664b7937fd ae67f36f76419b6322bcda76c638aff818ef672405bdf34062c5def4020a36f5 Loading...

	l312mo3.ru/	ScriptElement	336 B	2024-04-03	2025-03-11
Pretty URL l312mo3.ru/ IP 193.106.174.153 ASN #50465 IQHost Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-03 20:23 Last Seen2025-03-11 19:27 Times Seen68 Hash aa459bd0d95cccd67d445fd0eb1fab69 8689077464f7be229a3f2e6705444e44e4a1c00a 15af3a5c7410604f837fd951e257da177a1c6146a0a574c8863584fb9b544130 Loading...

	l312mo3.ru/	ScriptElement	286 B	2024-04-03	2025-03-11
Pretty URL l312mo3.ru/ IP 193.106.174.153 ASN #50465 IQHost Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-03 20:23 Last Seen2025-03-11 19:27 Times Seen68 Hash 8a0255121b0c125818afeff611e1da0c 89eb1e1548878a100fa62b8c09026f2226a86cdb 98208a6e79eb24f34a36e63e04a144a387ae1d97434b6d31c55ba06aa3198b4d Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/common.js	ScriptElement	262 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/common.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen150 Hash af9f95411a30559f8dfd10f2ddcee033 b8c0342af790f15be89935bb516fc99d65a26408 934bf5d16e7bf5639867a424a6c5338741bad23576651be40ddbd2dd89e185d1 Loading...

	maps.googleapis.com/maps-api-v3/api/js/56/7/onion.js	ScriptElement	28 kB	2024-04-04	2024-08-20
Pretty URL maps.googleapis.com/maps-api-v3/api/js/56/7/onion.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen92 Hash 5ca45645d2b12496605535c47e04176c 663caa181e6a63ba89601e3f99d36453134d248a b47365b01c4b058477ff23b10e718fec1b7bd5dc105ced5d0006da0bb4f9ef23 Loading...

	l312mo3.ru/js/jquery-3.4.1.min.js	ScriptElement	88 kB	2023-03-07	2025-05-10
Pretty URL l312mo3.ru/js/jquery-3.4.1.min.js IP 193.106.174.153 ASN #50465 IQHost Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 22:03 Times Seen3663 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	l312mo3.ru/	ScriptElement	314 B	2024-04-03	2025-03-11
Pretty URL l312mo3.ru/ IP 193.106.174.153 ASN #50465 IQHost Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-03 20:23 Last Seen2025-03-11 19:27 Times Seen68 Hash 7a1e1429a77a50b882b9e229f2ccca36 437b3b60d0f222f794096a375b59fd29782e0146 bd827420fe4df71918a1725f6e4f392526da222bd4c0fae41b60aee0ad95437d Loading...

	maps.gstatic.com/maps-api-v3/embed/js/56/7/init_embed.js	ScriptElement	233 kB	2024-04-04	2024-08-20
Pretty URL maps.gstatic.com/maps-api-v3/embed/js/56/7/init_embed.js IP 142.250.74.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 00:39 Last Seen2024-08-20 06:07 Times Seen89 Hash 12fbc2aa01d65fc69737ba6f7c361dd7 7f80f801a30e53cea4fa7d70fb362314a82fe2e0 a336d716114ccdc7059005d940a75b5cf64927ce15c9630b6857a8d730ea825b Loading...

HTTP Transactions (58)

URL IP Response Size

whatsnextkit.net/yuy9j

193.3.19.82

59 B

URL
whatsnextkit.net/yuy9j
IP
193.3.19.82:0
ASN
#50340 OOO Network of data-centers Selectel

File type
ASCII text
Size
59 B (59 bytes)
Hash
80d31e9ed7c887ec514760fa9b6cf37e
306f090dbddf6690c42a9919c92ba156da0b4457
c5de7cf15f08bfd89f1589648ba4c8b2db5b02fc38b1d270380e9a2d41350489

HTTP Headers

GET /yuy9j HTTP/1.1
Host: whatsnextkit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 04 Apr 2024 16:51:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 59
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Tue, 02 Apr 2024 14:53:20 GMT
ETag: "3b-6151e445a5779"
Accept-Ranges: bytes

whatsnextkit.net/yuy9j

193.3.19.82

59 B

URL
whatsnextkit.net/yuy9j
IP
193.3.19.82:0
ASN
#50340 OOO Network of data-centers Selectel

File type
ASCII text
Size
59 B (59 bytes)
Hash
80d31e9ed7c887ec514760fa9b6cf37e
306f090dbddf6690c42a9919c92ba156da0b4457
c5de7cf15f08bfd89f1589648ba4c8b2db5b02fc38b1d270380e9a2d41350489

HTTP Headers

GET /yuy9j HTTP/1.1
Host: whatsnextkit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 04 Apr 2024 16:51:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 59
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Tue, 02 Apr 2024 14:53:20 GMT
ETag: "3b-6151e445a5779"
Accept-Ranges: bytes

fms.yru.ac.th/academic/redirect/87?url=//whatsnextkit.net/yuy9j

188.114.96.1

8.1 kB

URL
fms.yru.ac.th/academic/redirect/87?url=//whatsnextkit.net/yuy9j
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3
Size
8.1 kB (8078 bytes)
Hash
de22c7e3df48115922c9a8313e26ef3f
85105820f819e87a3cac80d580435b610f5cfe76
3cac2570123cd8fb9ae0c936c433b5f3c90bb3b08150ad95bc158c3241d066ba

HTTP Headers

GET /academic/redirect/87?url=//whatsnextkit.net/yuy9j HTTP/1.1
Host: fms.yru.ac.th
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 04 Apr 2024 16:51:26 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _frontendSessionId=c5c8fe1e89fdeee2eaef1b8bbc41167d; path=/; HttpOnly
location: ////whatsnextkit.net/yuy9j
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LUbrjCVB81Pq5ES4vgGHwfKWpsxzCdqQDs8q3uIjpejxGmT2G4Am2HwXEhasSnXFQHRaDwICsqGa5pvkCF%2BJ5y%2Bkom0wyOFQpnhYpvgoaAV5duTRCVHK3MtyRvrOnrx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86f2cd990feb568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l312mo3.ru/

193.106.174.153

200 OK

3.8 kB

URL GET HTTP/1.1
l312mo3.ru/
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
3.8 kB (3789 bytes)
Hash
fb912c09080a62ab06cfbfbec4e79351
74c625cda9d76f35fa5f3a176921b3a70556c242
164d04216f0b8435528fe9a24ca0fd1443a831a5587ad6b637341b8327d7163c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 3789
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.1.3/assets/owl.carousel.min.css

104.17.25.14

200 OK

747 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.1.3/assets/owl.carousel.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l312mo3.ru/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2863)
Size
747 B (747 bytes)
Hash
5d8c32d21be412193ef0c45f05856546
3ec2cb15435885e619009947e6a976f9b0721633
f4f09dea12f5d1524e13a0a00e7f22c8f2d7cb19bf705e7ba4e98ae4c1efc54d

HTTP Headers

GET /ajax/libs/OwlCarousel2/2.1.3/assets/owl.carousel.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 04 Apr 2024 16:51:28 GMT
content-type: text/css; charset=utf-8
content-length: 747
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf0-bcc"
last-modified: Mon, 04 May 2020 16:04:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7852700
expires: Tue, 25 Mar 2025 16:51:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gSiCpBFaH6SU3I3bf350O46cvkJH8HX9HUCaUd%2FLUhljZ7XX8lDIVL9BpIHZWaUAokwMxyO06TG08DAzoPidMffYRXUqfsXfgOnVEnOiwFBNrh4XCY8HvpkCUpMRZCaci0PYYGxc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86f2cda51e49b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.1/owl.carousel.min.js

104.17.25.14

200 OK

9.7 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.1/owl.carousel.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l312mo3.ru/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32000)
Size
9.7 kB (9719 bytes)
Hash
b7b9c97cd68ec336d01a79d5be48c58d
1a99890b57c9859a622337ed0b2f989d6e30cc0e
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

HTTP Headers

GET /ajax/libs/OwlCarousel2/2.2.1/owl.carousel.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 04 Apr 2024 16:51:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 9719
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf0-a70e"
last-modified: Mon, 04 May 2020 16:04:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1114125
expires: Tue, 25 Mar 2025 16:51:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8wTvydM%2BcwG9Smeb0hcHqii36IBfptXagzFv6qLyZVrtgKfomQGcCtqS2dV5BQYHQJPrx7dwDYwmrbwEXNk0TBDUr7cGLEFh9zdkoYMeeI%2BJeZ6WhJkecua1T4kwtfjbMpi7ZXq2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86f2cda52e5bb4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l312mo3.ru/css/bootstrap.css

193.106.174.153

200 OK

25 kB

URL GET HTTP/1.1
l312mo3.ru/css/bootstrap.css
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
ASCII text, with very long lines (570)
Size
25 kB (25436 bytes)
Hash
bd551f56ce2be3eba2812e605ab4f5b2
94d6450720dd8deb413760cc9184204b46802e9c
35fbb6dc3891aacaf1ffa07abec2344fdbc454aab533a2a03bcf93577eb7837b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: text/css
Content-Length: 25436
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:53 GMT
ETag: "2ef5c-6151e29b5a53c-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

fonts.googleapis.com/css?family=Open+Sans:400,700|Poppins:400,700&display=swap

142.250.74.106

200 OK

2.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,700|Poppins:400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://l312mo3.ru/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
2.2 kB (2162 bytes)
Hash
2d9253d2d0aefb3814bc04a69e0ff0dc
bfae8a596e2fc5571e5eb2c9b869b28b9841937a
be14678965a2091ee044a159f9412bfe83f0965c5a828e3a52c221a9d226da3b

HTTP Headers

GET /css?family=Open+Sans:400,700|Poppins:400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 04 Apr 2024 16:51:28 GMT
date: Thu, 04 Apr 2024 16:51:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l312mo3.ru/css/style.css

193.106.174.153

200 OK

3.2 kB

URL GET HTTP/1.1
l312mo3.ru/css/style.css
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
ASCII text
Size
3.2 kB (3212 bytes)
Hash
65d9cafdbacf7245693180057729f77b
368a7fb499965e6f93afec0044acb5b98fa7cc23
a08ebfde2e2e0abc255afff2df8d0ba6748137598b38855b2a73d08791f82681

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: text/css
Content-Length: 3212
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:54 GMT
ETag: "52aa-6151e29c17c89-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

l312mo3.ru/css/responsive.css

193.106.174.153

200 OK

809 B

URL GET HTTP/1.1
l312mo3.ru/css/responsive.css
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
ASCII text, with CRLF line terminators
Size
809 B (809 bytes)
Hash
bf3e808b9b11b4d6428b5e0ad804b01d
0e60115c2a4b2435ddaa184da76fed6435f63e95
a8a76bd633bc2fbe963b2f917edc4b722aea3a55fe666925553a3d7c38eb0887

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/responsive.css HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: text/css
Content-Length: 809
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:52 GMT
ETag: "df4-6151e29a7f92d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

l312mo3.ru/js/bootstrap.js

193.106.174.153

200 OK

25 kB

URL GET HTTP/1.1
l312mo3.ru/js/bootstrap.js
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JavaScript source, ASCII text, with very long lines (328)
Size
25 kB (25188 bytes)
Hash
9c9c933a86200186668e53b4a9c65c04
976112f2cdc9464dc7f120f4c49442664b7937fd
ae67f36f76419b6322bcda76c638aff818ef672405bdf34062c5def4020a36f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.js HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: application/javascript
Content-Length: 25188
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:44:58 GMT
ETag: "20317-6151e266e468b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

l312mo3.ru/images/linkedin.png

193.106.174.153

200 OK

1.4 kB

URL GET HTTP/1.1
l312mo3.ru/images/linkedin.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1393 bytes)
Hash
45d2ae59bae12e9d308dcc9a4eda7505
4f8a41b0252e44d7d653be4c0e086f9b630ed2ef
a09ec362537afeec654b8a897363f1da61914672d287ae617f5944fab36a2d76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/linkedin.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 1393
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:23 GMT
ETag: "571-6151e27f13ebf"
Accept-Ranges: bytes

l312mo3.ru/images/user.png

193.106.174.153

200 OK

335 B

URL GET HTTP/1.1
l312mo3.ru/images/user.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
335 B (335 bytes)
Hash
3fb281e6abf5c03c0de2857ddffbf4a9
bb0e7d82fe21acaf10dad8fdcf08c097adcb33ca
4a9c09680b3fc4e69b61f44b4a4b189b0a9d2c9003a42003ac87fadffdb6f555

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/user.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 335
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:48 GMT
ETag: "14f-6151e2965eea2"
Accept-Ranges: bytes

l312mo3.ru/images/youtube.png

193.106.174.153

200 OK

1.5 kB

URL GET HTTP/1.1
l312mo3.ru/images/youtube.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1450 bytes)
Hash
222569a6e87d63ab8307a336ba24324c
375b3cbe92751ea0ed3835350ecdba69d0d07942
e2d0a3cfab52ea33967606ce4c8a074e15e6401d8584699a0a3809060206e33b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/youtube.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 1450
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:49 GMT
ETag: "5aa-6151e297b0cfa"
Accept-Ranges: bytes

l312mo3.ru/images/logo.png

193.106.174.153

404 Not Found

230 B

URL GET HTTP/1.1
l312mo3.ru/images/logo.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
HTML document, ASCII text
Size
230 B (230 bytes)
Hash
740f05325e7e31e5c95af77255371657
a8da3a3ebad1bae48b33b41fc2cf99a47dd795ab
484d348f05cbc0fad9012b63f838d328423f8e4d0c26680dbf92551b98328a60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l312mo3.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l312mo3.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Apr 2024 02:35:00 GMT
expires: Fri, 04 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 51388
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l312mo3.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l312mo3.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:26:54 GMT
expires: Fri, 28 Mar 2025 17:26:54 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
age: 602674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l312mo3.ru/js/jquery-3.4.1.min.js

193.106.174.153

200 OK

31 kB

URL GET HTTP/1.1
l312mo3.ru/js/jquery-3.4.1.min.js
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
31 kB (30679 bytes)
Hash
2f772fed444d5489079f275bd01e26cc
a8927ac2830b2fdd4a729eb0eb7f80923539ceb9
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-3.4.1.min.js HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: application/javascript
Content-Length: 30679
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:04 GMT
ETag: "15851-6151e26c782af-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

l312mo3.ru/images/play.png

193.106.174.153

200 OK

300 B

URL GET HTTP/1.1
l312mo3.ru/images/play.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 22 x 28, 8-bit/color RGBA, non-interlaced
Size
300 B (300 bytes)
Hash
ac0b27adb793ff69c7c8e36e59726c42
4e8ee38e9758910467ebda384bc02863e3a69e2f
e024ddb6bc31074919adb810503f679a36e5bb76ed0f66e42bc1129e04cd752b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 300
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:36 GMT
ETag: "12c-6151e28b49f3b"
Accept-Ranges: bytes

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l312mo3.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l312mo3.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Apr 2024 02:35:00 GMT
expires: Fri, 04 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 51388
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France

142.250.74.164

200 OK

1.3 kB

URL GET HTTP/2
www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://l312mo3.ru/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2529)
Size
1.3 kB (1344 bytes)
Hash
753c88e2577a9dfe279660b78f437101
cedeeacfe9c8b974bcda61f6c5a570b8308457e5
17cc990a90c07f0f0938f6c2736d76fbc0717d840c6abb07931db2a538ea043e

HTTP Headers

GET /maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
vary: Accept-Language, Origin, X-Origin, Referer
pragma: no-cache
cache-control: no-cache, must-revalidate
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-AUX5s-jug3lWyJUfsfLY0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Thu, 04 Apr 2024 16:51:28 GMT
server: scaffolding on HTTPServer2
content-length: 1344
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l312mo3.ru/images/hero-side-bg.png

193.106.174.153

200 OK

35 kB

URL GET HTTP/1.1
l312mo3.ru/images/hero-side-bg.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 760 x 861, 8-bit/color RGBA, non-interlaced
Size
35 kB (34579 bytes)
Hash
128d7e44915bc97cbb49bb62f0fa467e
64403797c69896252bee91c2569628aeabfa005c
f48571b2717952474bcf668a0db2102e2a686c611d8aa9210bc04ee35d52d0b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/hero-side-bg.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 34579
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:16 GMT
ETag: "8713-6151e278c4a8d"
Accept-Ranges: bytes

l312mo3.ru/images/slider-img.png

193.106.174.153

200 OK

36 kB

URL GET HTTP/1.1
l312mo3.ru/images/slider-img.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 223 x 235, 8-bit/color RGBA, non-interlaced
Size
36 kB (35552 bytes)
Hash
6954f9811f9ee52fb1ef11faa67ded5c
7cdc7638825a745c6cefee3cce61ae8f3ea34c6e
4a11c23f7f59b9572ea0a20ea548d51218ac937cd6d29e49baec8cb994582c29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/slider-img.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 35552
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:41 GMT
ETag: "8ae0-6151e2909e3bb"
Accept-Ranges: bytes

l312mo3.ru/images/t-1.jpg

193.106.174.153

200 OK

46 kB

URL GET HTTP/1.1
l312mo3.ru/images/t-1.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 293x252, components 3
Size
46 kB (45748 bytes)
Hash
ef18aea1d4db6be45c6c4989bc31a28d
222aa0fc0a3a62acd2792e09af25a090887dc1ec
00a17b3ed7b42e58beede84ec0995032be3979008edd634cd64caa34e782c098

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/t-1.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/jpeg
Content-Length: 45748
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:41 GMT
ETag: "b2b4-6151e2904f215"
Accept-Ranges: bytes

l312mo3.ru/images/t-2.jpg

193.106.174.153

200 OK

64 kB

URL GET HTTP/1.1
l312mo3.ru/images/t-2.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 293x252, components 3
Size
64 kB (64086 bytes)
Hash
7d225fd60fc8c439c06f86c45e0f45d2
cd6c7ce938157ce6f61a1e202d6328f24c877bb9
432597040bbabc948338ec3a93c4d0599348bc2c639b2789ad5bcbb5fd71b179

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/t-2.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/jpeg
Content-Length: 64086
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:45 GMT
ETag: "fa56-6151e293a5a31"
Accept-Ranges: bytes

l312mo3.ru/images/t-4.jpg

193.106.174.153

200 OK

24 kB

URL GET HTTP/1.1
l312mo3.ru/images/t-4.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 293x252, components 3
Size
24 kB (23492 bytes)
Hash
68706c72978cb0bd34e1ffd7e05b08aa
f820238efd0d23f2c268616f731168605dec8d99
bb84db11e54610b03000cf0a8a06f3d954550d0f0d2b4609c9b928585ebe76f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/t-4.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/jpeg
Content-Length: 23492
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:46 GMT
ETag: "5bc4-6151e294fd649"
Accept-Ranges: bytes

maps.gstatic.com/maps-api-v3/embed/js/56/7/init_embed.js

142.250.74.3

200 OK

62 kB

URL GET HTTP/2
maps.gstatic.com/maps-api-v3/embed/js/56/7/init_embed.js
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (3255)
Size
62 kB (61512 bytes)
Hash
12fbc2aa01d65fc69737ba6f7c361dd7
7f80f801a30e53cea4fa7d70fb362314a82fe2e0
a336d716114ccdc7059005d940a75b5cf64927ce15c9630b6857a8d730ea825b

HTTP Headers

GET /maps-api-v3/embed/js/56/7/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 61512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:17 GMT
expires: Thu, 03 Apr 2025 21:21:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:09:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70211
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l312mo3.ru/images/t-3.jpg

193.106.174.153

200 OK

48 kB

URL GET HTTP/1.1
l312mo3.ru/images/t-3.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 293x252, components 3
Size
48 kB (47593 bytes)
Hash
18efa5efb6b523f706c25aa235d7f20b
07c6dffaccb38aa01fcba78ae97c2a4528961ce7
1931670d975f89223c33771e0d80b7f90ef3d7d804a91bd8b92628c0409bda08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/t-3.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/jpeg
Content-Length: 47593
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:45 GMT
ETag: "b9e9-6151e29399eb0"
Accept-Ranges: bytes

maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=en_US&callback=onApiLoad

142.250.74.106

200 OK

67 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=en_US&callback=onApiLoad
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (10167)
Size
67 kB (67430 bytes)
Hash
42627d551e7419dac1ac2226d6ddd554
5d44b2247e58026a202264d5cfa41af702837098
1e09389d297a36e79adf6918954257b26561d74e3bb1189dcad5f557d632e9a3

HTTP Headers

GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=weekly&loading=async&language=en_US&callback=onApiLoad HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=1800
timing-allow-origin: *
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 04 Apr 2024 16:51:28 GMT
server: scaffolding on HTTPServer2
content-length: 67430
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l312mo3.ru/

193.106.174.153

200 OK

3.8 kB

URL GET HTTP/1.1
l312mo3.ru/
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
3.8 kB (3789 bytes)
Hash
fb912c09080a62ab06cfbfbec4e79351
74c625cda9d76f35fa5f3a176921b3a70556c242
164d04216f0b8435528fe9a24ca0fd1443a831a5587ad6b637341b8327d7163c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 3789
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

l312mo3.ru/images/client-1.png

193.106.174.153

200 OK

22 kB

URL GET HTTP/1.1
l312mo3.ru/images/client-1.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced
Size
22 kB (21921 bytes)
Hash
ac7dcd7e84de6bf6caf721c8a99a4ea3
2dae05a5981a5924531606aaad15dc06cc37c37f
877a9052c31537b1a2e621bf4c74838fdec86cd72f400761bac4dff0a1ee58d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/client-1.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 21921
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:09 GMT
ETag: "55a1-6151e27195c2b"
Accept-Ranges: bytes

l312mo3.ru/images/client-2.png

193.106.174.153

200 OK

32 kB

URL GET HTTP/1.1
l312mo3.ru/images/client-2.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced
Size
32 kB (31933 bytes)
Hash
5488e52ae155a5518093e3045a9eb18e
309ff9e9f4251c55edcd384906a5b3435e55bd61
9ba9701e00a0a216b203b710eb0a9da4b49bbf6813041f0542b65c983de6eb2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/client-2.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 31933
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:13 GMT
ETag: "7cbd-6151e27569450"
Accept-Ranges: bytes

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.106

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 04 Apr 2024 16:51:29 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l312mo3.ru/images/location-white.png

193.106.174.153

200 OK

723 B

URL GET HTTP/1.1
l312mo3.ru/images/location-white.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 30 x 40, 8-bit/color RGBA, non-interlaced
Size
723 B (723 bytes)
Hash
2e0ce90d950c2ce04db829b9c0e04de3
bfbe145d7881739b59c5c84ef59530f3b3abc479
6e60ccc7ff5c0870ad422ad001f80113e4335127732a12954b153bc7a093420f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/location-white.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 723
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:24 GMT
ETag: "2d3-6151e27fe1fad"
Accept-Ranges: bytes

l312mo3.ru/images/telephone-white.png

193.106.174.153

200 OK

385 B

URL GET HTTP/1.1
l312mo3.ru/images/telephone-white.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 13 x 24, 8-bit/color RGBA, non-interlaced
Size
385 B (385 bytes)
Hash
4d69cb0ae14e64c073b31e59d336c56b
421463156e3703fe10b7b3d41816b3b13d3482b7
ab714c7b84273730be1b17ec2080ed5bd93cce49999011315e14f4cfdb4f88ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/telephone-white.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 385
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:46 GMT
ETag: "181-6151e294fd649"
Accept-Ranges: bytes

maps.googleapis.com/maps-api-v3/api/js/56/7/common.js

142.250.74.106

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/common.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (6747)
Size
57 kB (57406 bytes)
Hash
af9f95411a30559f8dfd10f2ddcee033
b8c0342af790f15be89935bb516fc99d65a26408
934bf5d16e7bf5639867a424a6c5338741bad23576651be40ddbd2dd89e185d1

HTTP Headers

GET /maps-api-v3/api/js/56/7/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57406
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:16 GMT
expires: Thu, 03 Apr 2025 21:21:16 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/56/7/map.js

142.250.74.106

200 OK

24 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/map.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (2334)
Size
24 kB (23956 bytes)
Hash
d9d208f48db1cb6dfaa0f0387196742d
c33050ed6503220333806bb8c708e59c24501c30
22abc71b913ab939964fcc4e779441144d3825c3e8885138821b9cb834dcd13d

HTTP Headers

GET /maps-api-v3/api/js/56/7/map.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 23956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:37 GMT
expires: Thu, 03 Apr 2025 21:21:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70192
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/56/7/util.js

142.250.74.106

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/util.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (562)
Size
57 kB (57147 bytes)
Hash
1c466f3dac7176e91b8c09aa123c213d
55503504f817d44ae44f12e6728f0d489372b0ca
b10766b05169bc41d9fe4e8397dc3ee875628d20e7c624fd2602cfdddd8cf06a

HTTP Headers

GET /maps-api-v3/api/js/56/7/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57147
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:16 GMT
expires: Thu, 03 Apr 2025 21:21:16 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/56/7/overlay.js

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/overlay.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (1205)
Size
1.3 kB (1283 bytes)
Hash
b580d400032768af94736fe2ae2b149a
0eca843c1f85a08dd92f5029979ecf3f36af29d9
0b44cb32e7c1877809d3486ab2cd4d2aa549f18553c2b19e5019f057324e248e

HTTP Headers

GET /maps-api-v3/api/js/56/7/overlay.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1283
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:37 GMT
expires: Thu, 03 Apr 2025 21:21:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70192
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l312mo3.ru/images/hero-bg.jpg

193.106.174.153

200 OK

220 kB

URL GET HTTP/1.1
l312mo3.ru/images/hero-bg.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1600x870, components 3
Size
220 kB (219981 bytes)
Hash
b11a7c4d5fe4b9a726d8eca9f8d0b804
da05e29df83bca89c70752a2c5c29abca764aab5
f4c50110faca11b04597d6c1ed3a7c02bc212bd27f2113a617764c3c817be66d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/hero-bg.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/jpeg
Content-Length: 219981
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:19 GMT
ETag: "35b4d-6151e27b07c56"
Accept-Ranges: bytes

l312mo3.ru/images/envelope-white.png

193.106.174.153

200 OK

476 B

URL GET HTTP/1.1
l312mo3.ru/images/envelope-white.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 31 x 25, 8-bit/color RGBA, non-interlaced
Size
476 B (476 bytes)
Hash
69333584a8e357d08dbdbad576b6dab5
1caaf848c8768cf9007865d1d08fcf9dcb434a23
b88af19c5847e30e398a87c22c628cf270ab2c5b85ccb17120c2c962f3288551

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/envelope-white.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 476
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:13 GMT
ETag: "1dc-6151e2754ee6f"
Accept-Ranges: bytes

l312mo3.ru/images/about-img.png

193.106.174.153

200 OK

215 kB

URL GET HTTP/1.1
l312mo3.ru/images/about-img.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 613 x 480, 8-bit/color RGBA, non-interlaced
Size
215 kB (215321 bytes)
Hash
b373e52b499b7e7b05f7589372d9a664
8d1cde51b57e0030b3d2153b790736660ccb5d66
675fde1c316e70caae58bb2df7dc77106e23c4ebbe8252d75728531a75e01594

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/about-img.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 215321
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:07 GMT
ETag: "34919-6151e2702a792"
Accept-Ranges: bytes

l312mo3.ru/images/discount-img.png

193.106.174.153

200 OK

183 kB

URL GET HTTP/1.1
l312mo3.ru/images/discount-img.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 638 x 480, 8-bit/color RGBA, non-interlaced
Size
183 kB (183162 bytes)
Hash
60f102e8b22011debaed5cf7bf498081
0b25694838c61f0976506ed3453e51b88f043e25
b94500edc9c6d660d2a63b2d89855cefbc481338d2a8d4f2a39fab8e98d6ec70

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/discount-img.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:28 GMT
Content-Type: image/png
Content-Length: 183162
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:12 GMT
ETag: "2cb7a-6151e2740ca18"
Accept-Ranges: bytes

maps.googleapis.com/maps-api-v3/api/js/56/7/search_impl.js

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/search_impl.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (1499)
Size
1.3 kB (1268 bytes)
Hash
769c1f2d046b385baed80a8f203073d3
0297b11d373729311d4490954e60da4799f3c2ca
adb8ccb0c57662d059a8039851b4ad3a40f9b5af6263efeecca0b6be8f91308e

HTTP Headers

GET /maps-api-v3/api/js/56/7/search_impl.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1268
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:51 GMT
expires: Thu, 03 Apr 2025 21:21:51 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/56/7/onion.js

142.250.74.106

200 OK

9.2 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/56/7/onion.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (2924)
Size
9.2 kB (9157 bytes)
Hash
5ca45645d2b12496605535c47e04176c
663caa181e6a63ba89601e3f99d36453134d248a
b47365b01c4b058477ff23b10e718fec1b7bd5dc105ced5d0006da0bb4f9ef23

HTTP Headers

GET /maps-api-v3/api/js/56/7/onion.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 9157
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Apr 2024 21:21:37 GMT
expires: Thu, 03 Apr 2025 21:21:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Apr 2024 18:10:07 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 70192
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l312mo3.ru/images/i-1.jpg

193.106.174.153

200 OK

3.4 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-1.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
3.4 kB (3438 bytes)
Hash
88cbb196193e82fac267a1bb6be72ea8
2672cd48c8ec7500eadcfaa37588c9e3fc057ce2
ac6a38e5b66f423502fdcefc4a35414d5ed5ca5e9bf0678ab6348f3aed56055c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-1.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 3438
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:18 GMT
ETag: "d6e-6151e27a262e6"
Accept-Ranges: bytes

l312mo3.ru/images/i-2.jpg

193.106.174.153

200 OK

2.8 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-2.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
2.8 kB (2847 bytes)
Hash
1229690a2d3f19b1539fe109dd9abd98
1ddc2e3bfb48039c13240dd707a7f565ceb4a893
25fb35f2f00bf9b983d162bf1f51b7e001f02e8d9ea388c10baf5b09a4eb75ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-2.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 2847
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:19 GMT
ETag: "b1f-6151e27ba30c1"
Accept-Ranges: bytes

l312mo3.ru/images/i-3.jpg

193.106.174.153

200 OK

2.5 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-3.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
2.5 kB (2507 bytes)
Hash
414a9b06a58d19201994cb6040e0879b
51c03f2754aa03592b2037cf89db30112584d10a
1f4b363c38a77aa5615099abe1ca139bca6643cec87571104f0d77e9914d5d9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-3.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 2507
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:20 GMT
ETag: "9cb-6151e27c5c98e"
Accept-Ranges: bytes

l312mo3.ru/images/i-5.jpg

193.106.174.153

200 OK

2.8 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-5.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
2.8 kB (2782 bytes)
Hash
181a53d3815aa4250161d86ffbb57df5
da8c0a182fe79512d996be18df6542e6c5d8f8e2
408b85882b0a821ff7f0db48133736e8ded4f47e80fe5f6d7ea8b3af25bcfa13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-5.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 2782
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:22 GMT
ETag: "ade-6151e27dc3fa7"
Accept-Ranges: bytes

l312mo3.ru/images/fb.png

193.106.174.153

200 OK

1.2 kB

URL GET HTTP/1.1
l312mo3.ru/images/fb.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1237 bytes)
Hash
8c61da75744ec23394d10a9522b9cef3
676c2a355211c6ef01747024c01ed5986c73672e
c0e7138123ce900c792c45faa361051d43df414defaf6412ee4075f13e8f80fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/fb.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 1237
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:15 GMT
ETag: "4d5-6151e277612f4"
Accept-Ranges: bytes

l312mo3.ru/images/i-6.jpg

193.106.174.153

200 OK

2.7 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-6.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
2.7 kB (2714 bytes)
Hash
a354ddce49b3ea938d11f2324fa54b9d
a449eab6dfa2de04b5f288aa51a3d8d3ae5ed62a
1db134c6562757b70579404ae1658a9758a455dace1c55831ff6cee36c83f298

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-6.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 2714
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:22 GMT
ETag: "a9a-6151e27e6ced3"
Accept-Ranges: bytes

l312mo3.ru/images/i-4.jpg

193.106.174.153

200 OK

2.5 kB

URL GET HTTP/1.1
l312mo3.ru/images/i-4.jpg
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
JPEG image data, baseline, precision 8, 66x54, components 3
Size
2.5 kB (2469 bytes)
Hash
63e2e8acb6e8bace6f3bee2c86128f83
0c712a23956fa82913b1b57798e658c0c148aa9e
abe9a2be892309996f44db7c18e0543360c5526580ecf4c923ec304b4e0ddcae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/i-4.jpg HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/jpeg
Content-Length: 2469
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:21 GMT
ETag: "9a5-6151e27d1a0db"
Accept-Ranges: bytes

l312mo3.ru/images/twitter.png

193.106.174.153

200 OK

1.5 kB

URL GET HTTP/1.1
l312mo3.ru/images/twitter.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1489 bytes)
Hash
21efa060f1a9e643fd53d7a046a79b73
33374fb5de82c49b6a03563e532cdb56fa55e4a4
5edbdacf95febf64eab2da103a7d36598b82b9faed757ff3e22bf49d77e88b93

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/twitter.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 1489
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:48 GMT
ETag: "5d1-6151e2965fe42"
Accept-Ranges: bytes

l312mo3.ru/images/search-icon.png

193.106.174.153

200 OK

337 B

URL GET HTTP/1.1
l312mo3.ru/images/search-icon.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
337 B (337 bytes)
Hash
468cd8c9c864cbc94803f9e3a4aaea06
815c22796b5c531749c48ed3dd1664b57a6f4f91
c47d1d1942b5cbbcc4a03033d5d5d2d43617611e84f38ce9654f55904f7e7b04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/search-icon.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 337
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:36 GMT
ETag: "151-6151e28b9a080"
Accept-Ranges: bytes

l312mo3.ru/images/arrow.png

193.106.174.153

200 OK

194 B

URL GET HTTP/1.1
l312mo3.ru/images/arrow.png
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
PNG image data, 28 x 15, 8-bit/color RGBA, non-interlaced
Size
194 B (194 bytes)
Hash
e5af2216a54fbeac74eef4b2f98c0477
8c76cf3605c2292c21f63406b7ee07912dfc88f2
a048555355c74847465f753f990097b131eb7905d8cc17239f01916aec6c36bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/arrow.png HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: image/png
Content-Length: 194
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2024 14:45:09 GMT
ETag: "c2-6151e271360e5"
Accept-Ranges: bytes

maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i8495261&2i5771541&2e1&3u16&4m2&1u555&2u345&5m5&1e0&5sen-US&6sus&10b1&12b1&client=google-maps-embed&token=64601

142.250.74.106

200 OK

39 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i8495261&2i5771541&2e1&3u16&4m2&1u555&2u345&5m5&1e0&5sen-US&6sus&10b1&12b1&client=google-maps-embed&token=64601
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed/v1/place?key=AIzaSyA0s1a7phLN0iaD6-UE7m4qP-z21pH0eSc&q=Eiffel+Tower+Paris+France
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
PNG image data, 555 x 345, 8-bit colormap, non-interlaced
Size
39 kB (39086 bytes)
Hash
9e670794f2edd15ed623299dd925a240
b0d862649756188e4df950de472d4c8637b9788d
17f2e0c75ff399dad926a6f3ea45f86c6b49c9c31850e785f45359a67836a525

HTTP Headers

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i8495261&2i5771541&2e1&3u16&4m2&1u555&2u345&5m5&1e0&5sen-US&6sus&10b1&12b1&client=google-maps-embed&token=64601 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
date: Thu, 04 Apr 2024 16:51:29 GMT
expires: Fri, 05 Apr 2024 16:51:29 GMT
cache-control: public, max-age=86400
server: scaffolding on HTTPServer2
content-length: 39086
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l312mo3.ru/favicon.ico

193.106.174.153

404 Not Found

230 B

URL GET HTTP/1.1
l312mo3.ru/favicon.ico
IP
193.106.174.153:443
ASN
#50465 IQHost Ltd

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectl312mo3.ru
Fingerprint4F:BA:D9:E9:0A:FF:7C:4D:FB:BA:61:0E:3D:EF:A6:29:1E:EC:75:54
ValidityTue, 02 Apr 2024 11:55:17 GMT - Mon, 01 Jul 2024 11:55:16 GMT

File type
HTML document, ASCII text
Size
230 B (230 bytes)
Hash
740f05325e7e31e5c95af77255371657
a8da3a3ebad1bae48b33b41fc2cf99a47dd795ab
484d348f05cbc0fad9012b63f838d328423f8e4d0c26680dbf92551b98328a60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: l312mo3.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 04 Apr 2024 16:51:29 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

leostop.com/tracking/tracking.js?_=1712249488701

162.215.254.164

503 Service Unavailable

358 B

URL GET HTTP/2
leostop.com/tracking/tracking.js?_=1712249488701
IP
162.215.254.164:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://l312mo3.ru/
Certificate
IssuerLet's Encrypt
Subjectleostop.com
Fingerprint2A:1B:29:17:3F:BC:CB:17:CB:C7:B5:F2:74:58:5B:10:DF:43:EC:C5
ValiditySun, 03 Mar 2024 02:48:39 GMT - Sat, 01 Jun 2024 02:48:38 GMT

File type
HTML document, ASCII text
Size
358 B (358 bytes)
Hash
51618ac2b7cf5c4937213e965c00f20a
7e704e57162ed18743bef9f95e2dea558954751b
0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5

HTTP Headers

GET /tracking/tracking.js?_=1712249488701 HTTP/1.1
Host: leostop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l312mo3.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
last-modified: Tue, 15 Mar 2022 21:40:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 358
content-type: text/html
date: Thu, 04 Apr 2024 16:51:29 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by