Report - itgesports.com/fifa/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc

Report Overview

Visited public
2024-07-08 07:27:51
Tags
microsoft phishing
URL
itgesports.com/fifa/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc
Finishing URL
bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta
IP / ASN
104.21.21.221
#13335 CLOUDFLARENET
Title
## ## Confirm notifications ## ##
Phishing - Microsoft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bluestepcherry.com	unknown	unknown	No data	No data	1.1 kB	54 kB	172.67.166.73
www.itgesports.com	unknown	2016-05-03	2020-01-28 23:38:51	2024-03-10 13:27:52	7.7 kB	363 kB	172.67.200.215
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-07-08 03:33:48	2.7 kB	152 kB	142.250.74.163
background.apistatexperience.com	unknown	2024-03-01	2024-06-24 19:13:02	2024-06-26 18:52:43	419 B	26 kB	104.21.71.231
cdn.rdntocdns.com	unknown	unknown	No data	No data	500 B	6.4 kB	45.9.149.210
secure.gravatar.com	1671	2004-07-15	2012-05-22 07:36:38	2024-07-07 23:30:54	467 B	1.6 kB	192.0.73.2
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-07 18:12:32	1.6 kB	4.4 kB	23.36.77.32
itgesports.com	unknown	2016-05-03	2016-06-26 10:37:44	2024-03-31 10:46:02	523 B	14 kB	172.67.200.215
bind.bestresulttostart.com	unknown	2024-03-04	2024-03-22 10:31:16	2024-04-26 11:17:55	406 B	15 kB	193.163.7.113

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-08 07:27:27	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-07-08 07:27:28	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-07-08	medium	bestresulttostart.com	Sinkholed
2024-07-08	medium	rdntocdns.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-08	medium	apistatexperience.com	Sinkholed
2024-07-08	medium	bestresulttostart.com	Sinkholed
2024-07-08	medium	rdntocdns.com	Sinkholed
2024-07-07	medium	bluestepcherry.com	Sinkholed
2024-07-07	medium	bluestepcherry.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	cdn.rdntocdns.com	Unknown malware

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta	ScriptElement	704 B	2023-04-07	2025-04-24
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta IP 172.67.166.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 09:43 Last Seen2025-04-24 17:30 Times Seen842 Hash 3e855977d9319fb012645fa33b4e654a 2ddb2c71d3f0373b8685b15e6cf9f66f76a96eb0 8b3706b8ce6bb71424b9ee00e64cbe6880ed483677d6bc991a2375c55cc821ff Loading...

	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta	ScriptElement	8.2 kB	2024-08-19	2024-08-19
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta IP 172.67.166.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 17:38 Last Seen2024-08-19 17:38 Times Seen1 Hash cd37f7eabe9e35e13601b798a8721c97 6114c95c3571dc61f57dcab078772de237b62dff 8d519a0f2b84a4f90b2fcffcc6c7d058590dc73773f279c454199706ae441dc5 Loading...

	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta	ScriptElement	203 B	2023-03-07	2025-04-24
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta IP 172.67.166.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-24 17:30 Times Seen842 Hash c4824c2a16d2c8bb70469ed7b8508f34 783dcaa37fcdd311197de60f0c55ab5367be4fe2 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Loading...

	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta	ScriptElement	29 kB	2023-03-07	2025-04-24
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta IP 172.67.166.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-24 17:30 Times Seen842 Hash ae7f0f1874bd3e9a6a0e9736f3307398 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Loading...

	bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta	ScriptElement	3.1 kB	2023-03-07	2025-04-24
Pretty URL bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta IP 172.67.166.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-24 17:30 Times Seen842 Hash 68e280edf3cadafe4af8ccdc8782024d 7467ad11f5f3a21a3a4e0ab8556912db67311d90 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Loading...

		Size	First Seen	Last Seen
	#1 Eval - d4885d0b7c30f1cb41438edc48709852	7.9 kB	2024-08-19 17:38	2024-08-19 17:38
Pretty Observations First Seen2024-08-19 17:38 Last Seen2024-08-19 17:38 Times Seen1 Hash d4885d0b7c30f1cb41438edc48709852 e42653bae1e600347f437af6c0770270b8123514 5b2c236e238b532915bfd8e63057b26ed2833a1ffeb7347a1a4fbc5d6452c68f Loading...

HTTP Transactions (33)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
41036a4c62e61466443bce27a927e029
39a2a8a258c5feaf020246696135700b0c30740d
e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F"
Last-Modified: Sun, 07 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7428
Expires: Mon, 08 Jul 2024 09:31:14 GMT
Date: Mon, 08 Jul 2024 07:27:26 GMT
Connection: keep-alive

www.itgesports.com/wp-content/uploads/2019/06/Logo.png

172.67.200.215

19 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/Logo.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 167 x 50, 8-bit/color RGBA, non-interlaced
Size
19 kB (19100 bytes)
Hash
6492f51faabed2fb569b53f360e22bec
38d5736ac789247998677a8d73894daf98763ff0
5ae773848d4dd40e0aa8a50599abcc269b5a033e5fc74c7f6dd75eaf468a2c04

HTTP Headers

GET /wp-content/uploads/2019/06/Logo.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:26 GMT
content-type: image/png
content-length: 19100
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:08 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=88MHnxl7%2FqGyggm9dwVrhhbjNyZw2TC%2FsFWz9rvbiQx%2FUb1S36Xl3z5basCvTb%2FKLks%2BJXRwS20zMmShzXvQ%2B%2BeFuzVj9b1C3JqqEESe9JCM7bZGXTz6UVW7s%2BQejVs5JD7RveI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a101bcb0b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2019/06/Logo-1.png

172.67.200.215

19 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/Logo-1.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 167 x 50, 8-bit/color RGBA, non-interlaced
Size
19 kB (19100 bytes)
Hash
6492f51faabed2fb569b53f360e22bec
38d5736ac789247998677a8d73894daf98763ff0
5ae773848d4dd40e0aa8a50599abcc269b5a033e5fc74c7f6dd75eaf468a2c04

HTTP Headers

GET /wp-content/uploads/2019/06/Logo-1.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:26 GMT
content-type: image/png
content-length: 19100
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:08 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y35ZQFPI%2BYpRQPwxzYImhIXWaf3va9u8uZVtu8rFj2RkIbOQr%2FQ83pQDsBb%2BhEx74MYF%2FVxHALmMbpJnVtukiyBG0x6ACVCCYJLfxXKJjgK80hV62vbk6XNVmV1KYF0CFRtsFm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a101bcc0b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/themes/the-league/js/mvpcustom.js?ver=6.2.6

172.67.200.215

0 B

URL
www.itgesports.com/wp-content/themes/the-league/js/mvpcustom.js?ver=6.2.6
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/the-league/js/mvpcustom.js?ver=6.2.6 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: text/javascript
content-length: 0
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j30y%2FYKCVPjaDwHEkGElQGmAo1srcCGMYujNe2AMF5KW1ei5dE3Y7M%2FR%2FsXCX%2BqU95pWMfhJqTDh3euMkI3XgP7wKjVibIvIsYm4c1WjGcUOd%2B9gFJUY1ynb93YUzs8QEEnP3dE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a103be10b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/themes/the-league/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3

172.67.200.215

72 kB

URL
www.itgesports.com/wp-content/themes/the-league/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wp-content/themes/the-league/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://www.itgesports.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: font/woff2
content-length: 71896
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:08 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fe3gcjcaYf8av90tJOxbKQLfZaNhf66vEBin0tplbtNJ2wBlApcLYFf8ncB20JZoxvGB1vWzo3qsTaXIbsjYYblLlYpAX6Zh87bpQZr%2FbEnOKWT3C916dGSMcdVEGxZ0HzCK0T4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a132e7a0b65-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

48 kB

URL
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jul 2024 16:50:02 GMT
expires: Sat, 05 Jul 2025 16:50:02 GMT
cache-control: public, max-age=31536000
age: 225445
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

background.apistatexperience.com/starts/see.js

104.21.71.231

25 kB

URL
background.apistatexperience.com/starts/see.js
IP
104.21.71.231:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
25 kB (25056 bytes)
Hash
eb32838be35ed8473a1a30c6197310ec
8c3ca8c5543e30fd2217046be8ca598d92ee1fa3
ff7e0075b0864e2ff7cd8dd18e7d3800cc0b2f114a82c527d22da777eef2ff7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /starts/see.js HTTP/1.1
Host: background.apistatexperience.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 20 Jun 2024 10:08:06 GMT
vary: Accept-Encoding
etag: W/"6673ff86-7df9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 254530
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAFHD%2BrEoco%2B9Rfelu7isIzyKJgFZ1jcYmnP3SZ9YqJQkHoAkXSaRS%2Bfk2YK9EhtuNC5%2BRyAItscbPR2Fu8i2uPcepjkxT8UDkmBHkwr6dbBCuerIm%2FH9JDxu6GDYm2tkT3t2OjRvmsGgmVs7%2FeDtgkljQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a12b97956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

142.250.74.163

51 kB

URL
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Jul 2024 07:02:49 GMT
expires: Fri, 04 Jul 2025 07:02:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
age: 347078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

142.250.74.163

12 kB

URL
fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 11796, version 1.0
Size
12 kB (11796 bytes)
Hash
8d4079c3aa4f01e6d9bbd4f1bbcdf114
52ab47c062d0bfdbd34dbd31784008bd0e4c4227
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

HTTP Headers

GET /s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 05 Jul 2024 08:07:48 GMT
expires: Sat, 05 Jul 2025 08:07:48 GMT
cache-control: public, max-age=31536000
age: 256779
last-modified: Thu, 24 Aug 2023 20:48:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.itgesports.com/wp-includes/js/comment-reply.min.js?ver=6.2.6

172.67.200.215

17 kB

URL
www.itgesports.com/wp-includes/js/comment-reply.min.js?ver=6.2.6
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2946)
Size
17 kB (17053 bytes)
Hash
492f2c1a7ea7eb83fe42e0ff7cb51aa2
db36a77f6aaa2063bfbec02c2c0e967438c5a245
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

HTTP Headers

GET /wp-includes/js/comment-reply.min.js?ver=6.2.6 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: text/javascript
last-modified: Wed, 25 May 2022 03:13:47 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j58yQG2zCi%2BaPVlmmDMmAoDt%2BgXemM9A0hDVLrSsF8lhnmNP9mB1nfLWjej6m8apdnmZYuiSQcJXAV5dVpMiHlDWz%2Bc2Q6joBQKKOEVFcIGdF6W7UAT3LHfWaUU49xIhJL07ay0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a105c000b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itgesports.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

172.67.200.215

13 kB

URL
itgesports.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
13 kB (13027 bytes)
Hash
d2e06b7ff588a3cd2df5d8e35d7c3707
51a41b100a5b597db118db11adf25dc459bb8c7e
816ae6c666539d7903b0259dc034d1dc236b7273949bd96b4e8179f425a600e2

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/fifa/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: application/javascript
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
etag: W/"66867220-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afKuosZTUAA00ucSTvrBInuacY0VnT%2FWBSsMN4WTcacimm0BQkd0HBnysYsjlM181GEg5YY3YSxDmOTBm8mHTTM%2F%2B%2FMcA9twgDttUb8oXwQ9bmEnQxq1CfkwnvlOIfyfUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a12ce2a0b65-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 10 Jul 2024 07:27:27 GMT
cache-control: max-age=172800, public
content-encoding: gzip

fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzYw.woff2

142.250.74.163

12 kB

URL
fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzYw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12384, version 1.0
Size
12 kB (12384 bytes)
Hash
39009d392a58f87dd2b448612c2cbd5b
45ca26b72258f56af6fb786b8c4552acfdb5252e
d14d732f8caf915919ff661157edc3456a85f408b7a3c5ee1e21357e7df07e1a

HTTP Headers

GET /s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzYw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Jul 2024 00:59:37 GMT
expires: Fri, 04 Jul 2025 00:59:37 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 21:03:57 GMT
content-type: font/woff2
age: 368870
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

24 kB

URL
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Jul 2024 00:59:29 GMT
expires: Fri, 04 Jul 2025 00:59:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 368878
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bind.bestresulttostart.com/xf4mKQ

193.163.7.113

15 kB

URL
bind.bestresulttostart.com/xf4mKQ
IP
193.163.7.113:0
ASN
#204601 Zomro B.V.

File type
JavaScript source, ASCII text, with very long lines (36986), with no line terminators
Size
15 kB (14956 bytes)
Hash
67931d4afa6241cb9dcd43f372d11eb6
873e636f1e1190156d1eda637092f0ea607dc6af
f0045fac6f511f58f5aa2600ddcecc0e60bc47cda0851d856e648270b658fa61

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /xf4mKQ HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 14956
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000;
X-Firefox-Spdy: h2

www.itgesports.com/wp-content/uploads/2019/06/oes.png

172.67.200.215

7.9 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/oes.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 64, 8-bit/color RGBA, non-interlaced
Size
7.9 kB (7865 bytes)
Hash
429dd49bdf3b6e7a3404b816c8f4d510
19e308849e1867713c823f528ae8ad911253d1cf
cdb81f353cae5b09ad24247922a2bc60ad7d348630b564a29e093e95b4326392

HTTP Headers

GET /wp-content/uploads/2019/06/oes.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/png
content-length: 7865
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:09 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=556ueHtBcxX5KJ59Jrip8KyQ%2FN9TrLaN%2BlD0ypsgXI6nHCmo7G39H1g8BGnkSPMWhgY9EUxydXSidFobatv%2BmhfLN3j%2F1t2GNtryKCchijncidcKz8L6Ouwjm%2Bo%2FF689OUOheNQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fd90b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2022/10/Smoke-Spots-in-CS-GOs-Mirage-Map-80x80.jpeg

172.67.200.215

2.5 kB

URL
www.itgesports.com/wp-content/uploads/2022/10/Smoke-Spots-in-CS-GOs-Mirage-Map-80x80.jpeg
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 80x80, components 3
Size
2.5 kB (2510 bytes)
Hash
128ae87ac5680ba7603ad04b1896ed99
503da79a0b635a867d92bca5192e3cd10163b924
8f3093106d4a9d39d2b40ffb3dca905379a862b419b4972460d4873895871ed3

HTTP Headers

GET /wp-content/uploads/2022/10/Smoke-Spots-in-CS-GOs-Mirage-Map-80x80.jpeg HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/jpeg
content-length: 2510
cache-control: public, max-age=604800
expires: Sun, 14 Jul 2024 20:13:28 GMT
last-modified: Mon, 24 Oct 2022 11:28:14 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 40439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=th8D%2BJXxQVj%2B%2F1NRo%2BMqU6KSAulCmMHt6f%2BXUHugBCWISZAyTOJUm0L08schozX1EteypB4yNn2prcbBZsjv0Z4%2BsyVBWUUXpY9ATFmbgtG7EjQxVF4rNwEEoKYZ0wjO3DisH28%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fdf0b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2019/06/Screenshot-2019-07-15-at-23.15.48-80x80.png

172.67.200.215

9.5 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/Screenshot-2019-07-15-at-23.15.48-80x80.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
9.5 kB (9534 bytes)
Hash
c51e5abfb8a8b92f1051b311572aef3b
f4a63576170a43198664d0a71bb088525222b89c
41f8cdaebd5742eb910043833e61f41ce4c4596d2d41157136aac647a61b3ae2

HTTP Headers

GET /wp-content/uploads/2019/06/Screenshot-2019-07-15-at-23.15.48-80x80.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/png
content-length: 9534
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:09 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2FrDGFRzor6Q%2FG4BQhuHKKXpTi6y%2FRWGfGbdHv0XSMTs90a30c%2B%2FbliC6o4baZiMns3Cztj9HKDHlq4wtml6XvG0MBCdLFNWnuuqjf9R6yriMJ3kOLMNNeI6qbT%2Fywc1JcNuZI8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fe00b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2023/01/gaming-blog-80x80.jpeg

172.67.200.215

3.2 kB

URL
www.itgesports.com/wp-content/uploads/2023/01/gaming-blog-80x80.jpeg
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 80x80, components 3
Size
3.2 kB (3213 bytes)
Hash
e6c9008d12d402070d5ad2416e8eb35a
5c3ff95d647dcf13b26da50a2495debfbd57fd76
3d969fdc14aca9708f4999633322dfd06b76b83d53970f030c7d3458ead5c05e

HTTP Headers

GET /wp-content/uploads/2023/01/gaming-blog-80x80.jpeg HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/jpeg
content-length: 3213
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:09 GMT
last-modified: Mon, 30 Jan 2023 14:20:44 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BLNWtJqTwNl6baxTJAZP3NG5ZJYb7VlQbEpywHbdRHplyNp2a2vLhEe0SVnBFOy3UqRI%2FkQ30qgotJmqWyFuP1vgbB33JDHZdXxJ%2BqTvImVWig1MqV7PIMnBasXbmTIchhLzMOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fdc0b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2019/06/image1461367242-80x80.png

172.67.200.215

15 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/image1461367242-80x80.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
15 kB (15402 bytes)
Hash
eb9892245e56988056bdcf8ee436f7e7
2b7546591031b4ccbcc790f15937d21f19f0f3f4
148087351decb42ed1a33f133925c27d39b3e00c9add06d861d43f14cdfc724f

HTTP Headers

GET /wp-content/uploads/2019/06/image1461367242-80x80.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/png
content-length: 15402
cache-control: public, max-age=604800
expires: Sun, 14 Jul 2024 20:13:28 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 40439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mK1B0ZQDoiok2uZIC8SIS811bUzQwxVjXAjfZvhSMHisTQVOuu0Na%2BiwqzszAe%2BVTOKBFrTvZixM33GWnXAanhIsFyldcQaCGHYKuJQm28XupKk12EvfY%2FXe5i7iUEF%2FHsM1YaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fe20b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/themes/the-league/js/scripts.js?ver=6.2.6

172.67.200.215

34 kB

URL
www.itgesports.com/wp-content/themes/the-league/js/scripts.js?ver=6.2.6
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text
Size
34 kB (34308 bytes)
Hash
e1fc8a940d3ba3d26d66136a81672532
9bb8e76456bd8bdf6af154c4a7a517caabfed8fa
701c0a1103ee21684d29aa27cf2a4c3390212b4ba60ad75755d0d28252626a71

HTTP Headers

GET /wp-content/themes/the-league/js/scripts.js?ver=6.2.6 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: text/javascript
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apf04BEn8uaj%2B6%2BlpxpL2tO5zSzmO%2BwdEj%2BhUDOKpTMTKZUeZ5eeElH7BNBj1u6Q5dIO%2FoJQJHHOchHicTYvTanULuNz1IhkQOHy7LfQONClmv3Ii%2FEW1JCjlYg7gC2kB5hmBbc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a105bf20b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2019/06/8ad87236-043e-4acb-8d3b-7f33f6aafc2a-80x80.jpg

172.67.200.215

2.9 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/8ad87236-043e-4acb-8d3b-7f33f6aafc2a-80x80.jpg
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 80x80, components 3
Size
2.9 kB (2864 bytes)
Hash
b6c0978d3c4695524a477a5cdcb7994e
0f050848ed1068666d4419f68b7149f4e52cc34d
6cd2a9ae0b662ccbab587eadefd08508f93df1d018c45f4d8ec4c9eb52c62db8

HTTP Headers

GET /wp-content/uploads/2019/06/8ad87236-043e-4acb-8d3b-7f33f6aafc2a-80x80.jpg HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:27 GMT
content-type: image/jpeg
content-length: 2864
cache-control: public, max-age=604800
expires: Sat, 13 Jul 2024 16:45:09 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 139338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tL0hK45EdNUZVsD9RDLh4%2FMcZGAeBwHxr1t%2FBHKXsZF07McvTp3fQ7KOo9qUTLDPsIo9z0qBbxJcxDYwFJbz90rl9Xo3fFQvp8hh7jYNQQO%2Fy00k3EehNogg%2B9z2ou2321NKxlA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fe30b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/plugins/theia-sticky-sidebar/js/main.js?ver=1.7.0

172.67.200.215

91 kB

URL
www.itgesports.com/wp-content/plugins/theia-sticky-sidebar/js/main.js?ver=1.7.0
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text
Size
91 kB (90585 bytes)
Hash
84d0293a31628dc996d081e9bc8d2e87
13617849a087885cda74e6d8366dca00aa69aac4
3e304dfe39fde10af2ee219f794108f785d18dd88658877ddf07bce099f6a9fa

HTTP Headers

GET /wp-content/plugins/theia-sticky-sidebar/js/main.js?ver=1.7.0 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:26 GMT
content-type: text/javascript
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BKJC%2BfXIxlNRksU7UsbFp9UVH8Q%2FqXfQrnLzK5sz1WN3PZEAhAolEj6y1QZY68zwompWfhNquwo6c6gGWpb4rRLAQBQq888joRQfv5P%2F0K4ckuadGSDopQTkPWJA%2FgEpFzeMk80%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a101bca0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/uploads/2022/08/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc_630fa01e575ee.jpeg

172.67.200.215

56 kB

URL
www.itgesports.com/wp-content/uploads/2022/08/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc_630fa01e575ee.jpeg
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x405, components 3
Size
56 kB (55516 bytes)
Hash
a2652a64dbcc629f26f79872fee25fc5
30a871c8b44bd5292857598beee51d2702e9b0ad
45285fecc4517c4db38d8f777687cabb371c9c50c6afe3c32eded5272e62f2ca

HTTP Headers

GET /wp-content/uploads/2022/08/jules-kounde-fifa-22-how-to-complete-the-showdown-sbc_630fa01e575ee.jpeg HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:28 GMT
content-type: image/jpeg
content-length: 55516
cache-control: public, max-age=604800
expires: Mon, 15 Jul 2024 07:27:27 GMT
last-modified: Wed, 31 Aug 2022 17:53:34 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2Fk3YFEqWbZzbNafjTOPRWPXDSem%2Bj7cireAzdJxoxZ5zyrsPKQyONe7OSWRMEuflAvPz6yzlRpokVzJWfaJ%2BJ%2BscUpbxW1C4gHHeuRpcZs5qC7x5bfCx5IyDGFb9fKxJ4bdzLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a153fdb0b65-OSL
alt-svc: h3=":443"; ma=86400

cdn.rdntocdns.com/rthrttu.php

45.9.149.210

6.0 kB

URL
cdn.rdntocdns.com/rthrttu.php
IP
45.9.149.210:0
ASN
#49447 Nice IT Services Group Inc.

File type
JavaScript source, ASCII text, with very long lines (14233), with no line terminators
Size
6.0 kB (6026 bytes)
Hash
6c899067b95977c68fc5f8501428d1bd
67700832cf8e0d6f21a57dbcdb315cedf7ff9504
99c8d8e412d2f42c88eb77204937bb8e92aad289d959618e507dee5dcb7bfea6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rthrttu.php HTTP/1.1
Host: cdn.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 19
Origin: https://itgesports.com
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 08 Jul 2024 07:27:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 6026
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

secure.gravatar.com/avatar/482d3c64c2708a2b2ad7c040edc58ad6?s=46&d=mm&r=g

192.0.73.2

1.1 kB

URL
secure.gravatar.com/avatar/482d3c64c2708a2b2ad7c040edc58ad6?s=46&d=mm&r=g
IP
192.0.73.2:0
ASN
#2635 AUTOMATTIC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 46x46, components 3
Size
1.1 kB (1057 bytes)
Hash
6e594ce5ea78f281df1d90c3f414c8f2
02d91830651141f58f3750d6ee8a6d3846b416cd
1003060cecb5d6506baa2faa135782824aa7b828100e57d00be64af86c658939

HTTP Headers

GET /avatar/482d3c64c2708a2b2ad7c040edc58ad6?s=46&d=mm&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 08 Jul 2024 07:27:28 GMT
content-type: image/jpeg
content-length: 1057
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/482d3c64c2708a2b2ad7c040edc58ad6?s=46&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="482d3c64c2708a2b2ad7c040edc58ad6.png"
expires: Mon, 08 Jul 2024 07:32:28 GMT
cache-control: max-age=300
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

www.itgesports.com/wp-content/uploads/2019/06/itgfavicon.png

172.67.200.215

1.1 kB

URL
www.itgesports.com/wp-content/uploads/2019/06/itgfavicon.png
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1096 bytes)
Hash
1b8b6799f1789eda0dd1a088d57f1a54
44ef78a5ba991ea2e937db0af5b89b807e41961e
c569908820b4cf6add69eee6f23fead315a2ec10c19394244b9f2bffac379d3a

HTTP Headers

GET /wp-content/uploads/2019/06/itgfavicon.png HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:28 GMT
content-type: image/png
content-length: 1096
cache-control: public, max-age=604800
expires: Mon, 15 Jul 2024 07:27:28 GMT
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6c97zW05qPVffNuqLW5l%2B1ADRrZPjK%2FaH5gJpyyMyj8ljVPJ6VKq11LB7WVpXv6w055pKZXbzoPrU088IOYKATq5CYEyV%2FAmDruTemk6IDDCahBWnC373nF5SDVi11Byj5lJZD4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a195b020b65-OSL
alt-svc: h3=":443"; ma=86400

www.itgesports.com/wp-content/plugins/mvp-scoreboard/js/score-script.js?ver=6.2.6

172.67.200.215

991 B

URL
www.itgesports.com/wp-content/plugins/mvp-scoreboard/js/score-script.js?ver=6.2.6
IP
172.67.200.215:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
991 B (991 bytes)
Hash
07d0290b0e3b527358f71da8f225d456
f3acad89768a8aa7f5e3f10d92355b862fe00f5e
88959cfe440331c5e39ddb96598d464ccefddc738f4c968dab85c32addb2b58c

HTTP Headers

GET /wp-content/plugins/mvp-scoreboard/js/score-script.js?ver=6.2.6 HTTP/1.1
Host: www.itgesports.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://itgesports.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 08 Jul 2024 07:27:26 GMT
content-type: text/javascript
last-modified: Fri, 29 Jan 2021 06:22:25 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H8SZI0FW3qJh9nfQb%2FwjFtWonTn88BdhJDI%2B0%2BOyMSgGUmP0jCbQChZgZft%2FjIqZnrMNMVKtRrCyhE10oKfkIzIkj%2FhbZ2xq8o8rg1%2Bwo7gAsS1yBx2%2FPL6YK1xO8toliLNYK%2BU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a101bc50b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6528
Expires: Mon, 08 Jul 2024 09:16:16 GMT
Date: Mon, 08 Jul 2024 07:27:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6528
Expires: Mon, 08 Jul 2024 09:16:16 GMT
Date: Mon, 08 Jul 2024 07:27:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6528
Expires: Mon, 08 Jul 2024 09:16:16 GMT
Date: Mon, 08 Jul 2024 07:27:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6520
Expires: Mon, 08 Jul 2024 09:16:08 GMT
Date: Mon, 08 Jul 2024 07:27:28 GMT
Connection: keep-alive

bluestepcherry.com/favicon.ico

172.67.166.73

204 No Content

0 B

URL GET HTTP/3
bluestepcherry.com/favicon.ico
IP
172.67.166.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta
Certificate
IssuerGoogle Trust Services
Subjectbluestepcherry.com
FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96
ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta
Cookie: uuid=7ba10b1c-444f-412b-a979-9380eb13e7b9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 08 Jul 2024 07:27:29 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F3HsI1wwG%2F7CtC4CVCzRe%2B5uXoFI4E09v6HaIvkkfcdSa0zoki%2B%2FReVadSu2fdDb2T1OirfMF%2FcNY6M4CGiOt80NgjuKk6iWoqHkQBNOqNi%2BWwtOhMuTphdofZv5kKrwEnmiaCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89fe5a219abb56cc-OSL
alt-svc: h3=":443"; ma=86400

bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta

172.67.166.73

200 OK

53 kB

URL User Request GET HTTP/2
bluestepcherry.com/?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta
IP
172.67.166.73:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbluestepcherry.com
FingerprintFD:01:46:32:7C:47:CD:8A:CB:30:B4:74:0A:A7:85:7F:A0:14:17:96
ValidityTue, 18 Jun 2024 15:47:51 GMT - Mon, 16 Sep 2024 15:47:50 GMT

File type

Size
53 kB (53067 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?p=g5tdgmbxhe5gi3bpha4dena&sub1=carla&sub3=rosetta HTTP/1.1
Host: bluestepcherry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 08 Jul 2024 07:27:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=7ba10b1c-444f-412b-a979-9380eb13e7b9; expires=Wed, 07-Aug-2024 07:27:29 GMT; Max-Age=2592000; path=/; domain=bluestepcherry.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EuilabKQCVt7RESD4rs8LbqqXPub6Xuecdi3tonRV7MQrvP3d%2Fzorfg8dozwyS7XC6Z1cy2Gk3u9KMme017GAuL7jAfANLJTRHI%2Bd2InsQMxLwzm9UoWl%2FMNHlwjZE3W552sqXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89fe5a205ed456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (33)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL