Report - golfstreams.me/

Report Overview

Visitedpublic

2024-03-03 20:25:40

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	unknown	No data	No data	519 B	17 kB	142.250.74.3
golfstreams.me	unknown	unknown	No data	No data	4.5 kB	80 kB	45.178.6.75
tauphaub.net	unknown	unknown	No data	No data	2.0 kB	35 kB	139.45.197.244
my.rtmark.net	9054	unknown	No data	No data	461 B	743 B	139.45.195.8
kuthoost.net	unknown	unknown	No data	No data	1.6 kB	51 kB	139.45.197.243
ipp.littlecdn.com	109716	unknown	No data	No data	809 B	22 kB	104.22.25.116
si.castanydm.com	unknown	unknown	No data	No data	469 B	777 B	172.67.170.56
fonts.googleapis.com	8877	unknown	No data	No data	454 B	5.3 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-03	medium	tauphaub.net	Sinkholed
2024-03-03	medium	kuthoost.net	Sinkholed
2024-03-03	medium	tauphaub.net	Sinkholed
2024-03-03	medium	tauphaub.net	Sinkholed
2024-03-03	medium	kuthoost.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ipp.littlecdn.com/web/static/sport.js	ScriptElement	12 kB	2023-03-08	2024-08-21
URL ipp.littlecdn.com/web/static/sport.js IP / ASN 104.22.25.116 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-08 Last Seen 2024-08-21 Times Seen 230 Size 12 kB (12128 bytes) MD5 d9fd7638e4b5122530bbc3715cdba2ad SHA1 d8b0877cb7a6096e1abb944cd6ccc5efa837cdde SHA256 dd4392dd1d6854ed374273926c38160e4a931f52170d17cdfde4056da9d30127 Format Code Loading...

	golfstreams.me/	ScriptElement	250 B	2024-08-20	2024-08-20
URL golfstreams.me/ IP / ASN 45.178.6.75 #64122 SWISS GLOBAL SERVICES S.A.S Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 250 B (250 bytes) MD5 f177bba4fa43f8fb0bf082c0de78c8f5 SHA1 448b4bfedc9927d2bb0eba30dd211877b68fd4a5 SHA256 aa6b1852111cc2b6fbde714f87dbf6ce11c9c5cc537a27a263d45999a6016f94 Format Code Loading...

	golfstreams.me/	ScriptElement	66 kB	2024-08-20	2024-08-20
URL golfstreams.me/ IP / ASN 45.178.6.75 #64122 SWISS GLOBAL SERVICES S.A.S Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 66 kB (66197 bytes) MD5 fed8dabe2422e07a30bdb4c866b1ee80 SHA1 7cb3426d8eb73269c42f5db5ea1a301cbf2f98c8 SHA256 466092087e1beb526d680a47a477c5b8eb9edf7a2d60abfb9d6de21ab978ba49 Format Code Loading...

	golfstreams.me/	ScriptElement	447 B	2024-08-20	2024-08-20
URL golfstreams.me/ IP / ASN 45.178.6.75 #64122 SWISS GLOBAL SERVICES S.A.S Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 447 B (447 bytes) MD5 d5607ff23b5945d9b0e8823e0eeb1277 SHA1 4fcfab0560b3310c15b6aa826049e0d8a7b9d64e SHA256 d6945e59d45d52b55d436a1db092a5575e672021e9aa3d2ab9edda01e048ee48 Format Code Loading...

	unknown	ScriptElement	139 B	2023-10-14	2025-07-17
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-14 Last Seen 2025-07-17 Times Seen 13 Size 139 B (139 bytes) MD5 5ca9fb00b743825a2b2790ba006872b7 SHA1 a6ffc598c4893eb2cdb2035c4cc370a765bc3392 SHA256 4c512d3102010cebf7671825bde2efbbfd7b4a66fcc365dd17216de023ef4837 Format Code Loading...

	kuthoost.net/apu.php?zoneid=6534634&var=6297472	ScriptElement	93 kB	2024-08-20	2024-08-20
URL kuthoost.net/apu.php?zoneid=6534634&var=6297472 IP / ASN 139.45.197.243 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 93 kB (92621 bytes) MD5 9276b7013759d45971b8827c627e9f45 SHA1 912f93e320c95aeadad7f7b7642b6f06a67dc9b7 SHA256 2eb8fd7efcebe72d4bf1d6a77cd45dfaf560cd8f2d5291268b4658d6d7447b39 Format Code Loading...

	golfstreams.me/partytown/partytown.js	ScriptElement	1.4 kB	2023-08-31	2024-08-21
URL golfstreams.me/partytown/partytown.js IP / ASN 45.178.6.75 #64122 SWISS GLOBAL SERVICES S.A.S Introduced by ScriptElement Embedded false Resource Info First Seen 2023-08-31 Last Seen 2024-08-21 Times Seen 122 Size 1.4 kB (1447 bytes) MD5 4e40c3161d84d9bb48189009c498840d SHA1 e173dd158d0460e0f8fa736fc197b423af8e7498 SHA256 e3f6da23a00f557b65a81d2aa055da5d33c32fca85e0faec19e68651849c624a Format Code Loading...

	golfstreams.me/home.lite.bun.min.js?v=2.3	ScriptElement	17 kB	2023-11-01	2024-08-20
URL golfstreams.me/home.lite.bun.min.js?v=2.3 IP / ASN 45.178.6.75 #64122 SWISS GLOBAL SERVICES S.A.S Introduced by ScriptElement Embedded false Resource Info First Seen 2023-11-01 Last Seen 2024-08-20 Times Seen 64 Size 17 kB (17438 bytes) MD5 7a473035e40a92231fb1345aef156746 SHA1 7ef5d686d255dd9ffdcfa492b53361f65e2c34d7 SHA256 dd05c8445340a0d99d18119afd0e93ea8ef8ebca7e8299e3ce92238c06108ca9 Format Code Loading...

	tauphaub.net/tag.min.js	ScriptElement	85 kB	2024-03-01	2024-08-20
URL tauphaub.net/tag.min.js IP / ASN 139.45.197.244 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2024-03-01 Last Seen 2024-08-20 Times Seen 46 Size 85 kB (85240 bytes) MD5 ad722f7893365ed20e553313a19a1498 SHA1 44ac0574fa2d90d8fbbe2f2f0c6d96bde9ccb281 SHA256 7886f1e3c43d0cb57213d15a73ed024fe82f0b7e477e4be72115cc6b69fc70ae Format Code Loading...

HTTP Transactions (20)

URL IP Response Size

GET golfstreams.me/

45.178.6.75

200 OK

23 kB

URL

golfstreams.me/

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (59005)

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size23 kB (22804 bytes)

MD5e2ddc784dd7d7145bbed37f79b29ff95

SHA198a9f3b4696653539567fb124a40b4dc7ea31919

SHA25626a38bb8d76ec2cf93f19228274f2dd2fd5172c42f591043e2270ed9c8fc63bb

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET / HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D; expires=Mon, 04-Mar-2024 06:53:43 GMT; Max-Age=43200; path=/; domain=.golfstreams.me; secure; HttpOnly; SameSite=Strict
link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin=anonymous, <https://fonts.gstatic.com>; rel=preconnect; crossorigin=anonymous, <https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap>; rel=preload; as=style, </home.min.css?v=2.1>; rel=preload; as=style
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400
content-encoding: br
X-Firefox-Spdy: h2

GET golfstreams.me/partytown/partytown.js

45.178.6.75

200 OK

4.5 kB

URL

golfstreams.me/partytown/partytown.js

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1447), with no line terminators

First Seen2023-08-31

Last Seen2024-08-21

Times Seen122

Size4.5 kB (4517 bytes)

MD54e40c3161d84d9bb48189009c498840d

SHA1e173dd158d0460e0f8fa736fc197b423af8e7498

SHA256e3f6da23a00f557b65a81d2aa055da5d33c32fca85e0faec19e68651849c624a

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /partytown/partytown.js HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: application/javascript
last-modified: Tue, 22 Aug 2023 05:53:17 GMT
vary: accept-encoding
etag: W/"64e44d4d-5a7"
expires: Tue, 02 Apr 2024 18:53:43 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET golfstreams.me/home.lite.bun.min.js?v=2.3

45.178.6.75

200 OK

22 kB

URL

golfstreams.me/home.lite.bun.min.js?v=2.3

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (16516)

First Seen2023-11-01

Last Seen2024-08-20

Times Seen64

Size22 kB (21938 bytes)

MD57a473035e40a92231fb1345aef156746

SHA17ef5d686d255dd9ffdcfa492b53361f65e2c34d7

SHA256dd05c8445340a0d99d18119afd0e93ea8ef8ebca7e8299e3ce92238c06108ca9

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /home.lite.bun.min.js?v=2.3 HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: application/javascript
last-modified: Wed, 25 Oct 2023 18:31:58 GMT
vary: accept-encoding
etag: W/"65395f1e-441e"
expires: Tue, 02 Apr 2024 18:53:43 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET golfstreams.me/

45.178.6.75

200 OK

0 B

URL

golfstreams.me/

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607097

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

HEAD / HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: application/octet-stream
content-length: 2
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400

GET tauphaub.net/tag.min.js

139.45.197.244

200 OK

27 kB

URL

tauphaub.net/tag.min.js

IP / ASN

139.45.197.244

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-03-01

Last Seen2024-08-20

Times Seen46

Size27 kB (26790 bytes)

MD5ad722f7893365ed20e553313a19a1498

SHA144ac0574fa2d90d8fbbe2f2f0c6d96bde9ccb281

SHA2567886f1e3c43d0cb57213d15a73ed024fe82f0b7e477e4be72115cc6b69fc70ae

Certificate Info

IssuerLet's Encrypt

Subjecttauphaub.net

FingerprintB1:D9:9B:8E:83:54:E8:BC:9F:C5:9A:B8:BA:C2:34:E1:B1:1F:30:95

ValidityMon, 15 Jan 2024 08:42:42 GMT - Sun, 14 Apr 2024 08:42:41 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: tauphaub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 26790
content-encoding: br
x-trace-id: bfa6162aaab1859c7e3938c91da62e91
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 01 Mar 2024 13:08:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET golfstreams.me/fav/apple-touch-icon.png

45.178.6.75

200 OK

3.8 kB

URL

golfstreams.me/fav/apple-touch-icon.png

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced

First Seen2023-10-14

Last Seen2025-07-17

Times Seen13

Size3.8 kB (3763 bytes)

MD59f9dc9d07e8f6d926c6bc7dcab1989aa

SHA1be10b7bfc05d2d70aee2498a0df885ca055ab821

SHA2560cae6086a667617f94ee8c078fee4b43b72e29287befc329344a89c0f2b47913

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /fav/apple-touch-icon.png HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: image/png
content-length: 3763
last-modified: Mon, 04 Oct 2021 11:51:40 GMT
vary: accept-encoding
etag: "615aeacc-eb3"
expires: Tue, 02 Apr 2024 18:53:44 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes

GET golfstreams.me/fav/favicon-32x32.png

45.178.6.75

200 OK

989 B

URL

golfstreams.me/fav/favicon-32x32.png

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced

First Seen2023-10-14

Last Seen2025-07-17

Times Seen13

Size989 B (989 bytes)

MD53440a4ac5ff2ed485c351b8dfce004ae

SHA10c98228cf661a746e002867f09318487007f00e4

SHA2566c1e4d04d5b05f9a0e1dd41eba3b8c4c4609215c300848a65d54e8a32c3825be

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /fav/favicon-32x32.png HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: image/png
content-length: 989
last-modified: Mon, 04 Oct 2021 11:51:40 GMT
vary: accept-encoding
etag: "615aeacc-3dd"
expires: Tue, 02 Apr 2024 18:53:44 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes

GET my.rtmark.net/gid.js?userId=008014e38ebe428ef526f4418821bcd8

139.45.195.8

200 OK

65 B

URL

my.rtmark.net/gid.js?userId=008014e38ebe428ef526f4418821bcd8

IP / ASN

139.45.195.8

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typeJSON text data

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size65 B (65 bytes)

MD544aeb5491a1c440f9e726d680d2a344a

SHA158e04fffc564451e1a459a41afd554b30a146156

SHA2563c6644c0c8fbf79dfb7ac1900d74e57cd29696e7cafb98e0b6de21037f52b96c

Certificate Info

IssuerLet's Encrypt

Subjectrtmark.net

FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC

ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

HTTP Headers

GET /gid.js?userId=008014e38ebe428ef526f4418821bcd8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://golfstreams.me
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://golfstreams.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008014e38ebe428ef526f4418821bcd8; expires=Mon, 03 Mar 2025 18:53:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET kuthoost.net/apu.php?zoneid=6534634&var=6297472

139.45.197.243

200 OK

46 kB

URL

kuthoost.net/apu.php?zoneid=6534634&var=6297472

IP / ASN

139.45.197.243

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size46 kB (45657 bytes)

MD506a54183b684fe5dcd5c642ed0ca5f8f

SHA19dd55297adf346692340504e5d8299a1afa6d3a0

SHA25664357c9485a66271b5abd41a98814fa87d142751376b1b35978c2d6778dbe78a

Certificate Info

IssuerLet's Encrypt

Subjectkuthoost.net

FingerprintC9:DB:6A:7E:E0:E8:E0:45:94:31:0D:26:AA:B9:CF:67:83:76:CA:39

ValidityThu, 29 Feb 2024 18:25:13 GMT - Wed, 29 May 2024 18:25:12 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apu.php?zoneid=6534634&var=6297472 HTTP/1.1
Host: kuthoost.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/javascript
x-trace-id: 435c0605ed7e43632eda15d7b959fbb8
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00801456845e4f2efce059ab04607ab6; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
oaidts=1709492024; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET ipp.littlecdn.com/web/static/sport.js

104.22.25.116

200 OK

12 kB

URL

ipp.littlecdn.com/web/static/sport.js

IP / ASN

104.22.25.116

#13335 CLOUDFLARENET

Requested byhttps://golfstreams.me/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (12128), with no line terminators

First Seen2023-03-08

Last Seen2024-08-21

Times Seen230

Size12 kB (11568 bytes)

MD5d9fd7638e4b5122530bbc3715cdba2ad

SHA1d8b0877cb7a6096e1abb944cd6ccc5efa837cdde

SHA256dd4392dd1d6854ed374273926c38160e4a931f52170d17cdfde4056da9d30127

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F

ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

HTTP Headers

GET /web/static/sport.js HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 12:40:16 GMT
etag: W/"d9fd7638e4b5122530bbc3715cdba2ad"
expires: Mon, 04 Mar 2024 18:44:54 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 530
vary: Accept-Encoding
server: cloudflare
cf-ray: 85ebd4c0fe19568f-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET tauphaub.net/5/6297472/?oo=1&aab=1

139.45.197.244

200 OK

2.9 kB

URL

tauphaub.net/5/6297472/?oo=1&aab=1

IP / ASN

139.45.197.244

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typetroff or preprocessor input, ASCII text, with very long lines (3113), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size2.9 kB (2868 bytes)

MD5b9ab01524a6ba8d48f8cce7ad943d264

SHA125d6b8d7c79dbb0f20dcf9cf16247fbbfbbc3be2

SHA2564c408e4a98694f235bb15e54dab3dfca8e3622df2efec5085fd20e73c0ec2e15

Certificate Info

IssuerLet's Encrypt

Subjecttauphaub.net

FingerprintB1:D9:9B:8E:83:54:E8:BC:9F:C5:9A:B8:BA:C2:34:E1:B1:1F:30:95

ValidityMon, 15 Jan 2024 08:42:42 GMT - Sun, 14 Apr 2024 08:42:41 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6297472/?oo=1&aab=1 HTTP/1.1
Host: tauphaub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://golfstreams.me
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/json
x-trace-id: 55e2ffcddb2d83e06ecd597198d79067
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://golfstreams.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008014e38ebe428ef526f4418821bcd8; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
oaidts=1709492024; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET golfstreams.me/home.min.css?v=2.1

45.178.6.75

200 OK

15 kB

URL

golfstreams.me/home.min.css?v=2.1

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typeASCII text, with very long lines (15361), with no line terminators

First Seen2023-10-14

Last Seen2024-08-21

Times Seen9

Size15 kB (15361 bytes)

MD5b13ff810dd2b03146c028c6ff1985b49

SHA1ed1cac95829d390a53df4ff628de5fe695231f33

SHA256344f78fadfdd32b9404143251bd45af8c01870635f1a071aa8e1fc77004b6b1c

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /home.min.css?v=2.1 HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: text/css
last-modified: Wed, 30 Aug 2023 04:38:45 GMT
vary: accept-encoding
etag: W/"64eec7d5-3c01"
expires: Tue, 02 Apr 2024 18:53:43 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br

GET golfstreams.me/img/golfstream.svg

45.178.6.75

200 OK

3.4 kB

URL

golfstreams.me/img/golfstream.svg

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-10-14

Last Seen2024-09-19

Times Seen8

Size3.4 kB (3382 bytes)

MD5114754693b84b33c59f8523874c8c9ee

SHA14671d366001fee168198791fe5a2bc072e581dda

SHA256faeff93cebf652faa1fc668cb172e59d5e12a2bd355d56d7f323bae243b811c9

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /img/golfstream.svg HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://golfstreams.me/
DNT: 1
Connection: keep-alive
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: image/svg+xml
last-modified: Tue, 05 Oct 2021 02:50:52 GMT
vary: accept-encoding
etag: W/"615bbd8c-d36"
expires: Sun, 03 Mar 2024 18:54:13 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br

GET si.castanydm.com/?utm_data=cGdlPWhvbWUmbGFuZz1lbiZkb209Z3MmcmVmPSZoPTE%3D

172.67.170.56

200 OK

69 B

URL

si.castanydm.com/?utm_data=cGdlPWhvbWUmbGFuZz1lbiZkb209Z3MmcmVmPSZoPTE%3D

IP / ASN

172.67.170.56

#13335 CLOUDFLARENET

Requested byhttps://golfstreams.me/

Resource Info

File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced

First Seen2023-05-04

Last Seen2025-08-02

Times Seen168

Size69 B (69 bytes)

MD56c7a8e573e15b784caf2c2e09712e43b

SHA1bdcee93526ab5766a6622fdbb18464871411e121

SHA2560fe6baf08e550e4c7cd40b1f8d08b0cfbd00e8c6bd78a53a1822d6216bcd73d8

Certificate Info

IssuerGoogle Trust Services LLC

Subjectcastanydm.com

Fingerprint34:99:27:2C:48:DD:B1:32:2A:19:C3:5A:0A:E2:70:30:60:5E:4F:CC

ValiditySun, 04 Feb 2024 17:00:10 GMT - Sat, 04 May 2024 17:00:09 GMT

HTTP Headers

GET /?utm_data=cGdlPWhvbWUmbGFuZz1lbiZkb209Z3MmcmVmPSZoPTE%3D HTTP/1.1
Host: si.castanydm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: image/png
ser-loc-id: loc-004
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHpy4ljOwK05Ybkw6ooFS6tgNoS01MIUUKtegcq09LZ%2FE5%2FjXTvrpKaor079eHSesdWwVQTjRFhDbgh%2F%2FWyQOweBXOlb%2FUWAAALhaUzb%2BxlDvQjiN9SND1UP8Coz93k8h7rv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85ebd4bd0ba61bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ipp.littlecdn.com/web/static/ball.png

104.22.25.116

200 OK

9.6 kB

URL

ipp.littlecdn.com/web/static/ball.png

IP / ASN

104.22.25.116

#13335 CLOUDFLARENET

Requested byhttps://golfstreams.me/

Resource Info

File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced

First Seen2023-05-04

Last Seen2025-03-13

Times Seen297

Size9.6 kB (9637 bytes)

MD5903ff2b408f3246176c88a3936d5fd22

SHA1158954159a9ee7549b03bd5b93faa739dbbae7c3

SHA2567d82e30c72c434e3660014ff97d2cceea967d2014ce801844d784095133896cc

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F

ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

HTTP Headers

GET /web/static/ball.png HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: image/png
content-length: 9637
last-modified: Fri, 16 Apr 2021 13:05:23 GMT
etag: "903ff2b408f3246176c88a3936d5fd22"
expires: Mon, 04 Mar 2024 18:48:13 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 331
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 85ebd4c17edb568f-OSL
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

142.250.74.106

200 OK

4.7 kB

URL

fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

IP / ASN

142.250.74.106

#15169 GOOGLE

Requested byhttps://golfstreams.me/

Resource Info

File typeASCII text, with very long lines (4786), with no line terminators

First Seen2024-02-10

Last Seen2024-08-20

Times Seen749

Size4.7 kB (4660 bytes)

MD5c8ea484de9f8d29d52b3297bf12ebcd4

SHA1d80d042dffa0aa28c84d983490de88307a3f6b94

SHA256d22823463f2014e907a4ac0cd6f42f369fab071947f3becb21873dabd8671d6e

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint48:72:AA:F2:E2:69:76:76:93:18:78:2B:17:6E:20:5F:DF:87:66:5C

ValidityMon, 05 Feb 2024 08:19:19 GMT - Mon, 29 Apr 2024 08:19:18 GMT

HTTP Headers

GET /css2?family=Roboto:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Mar 2024 18:53:43 GMT
date: Sun, 03 Mar 2024 18:53:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET golfstreams.me/img/home.png

45.178.6.75

200 OK

3.8 kB

URL

golfstreams.me/img/home.png

IP / ASN

45.178.6.75

#64122 SWISS GLOBAL SERVICES S.A.S

Requested byhttps://golfstreams.me/

Resource Info

File typePNG image data, 74 x 296, 8-bit colormap, non-interlaced

First Seen2023-10-14

Last Seen2025-07-17

Times Seen13

Size3.8 kB (3816 bytes)

MD59e5bd02ac817c0fdf644f9287c03dca7

SHA173128786d5c63e495e296e068fa6ffbc81dd6d2e

SHA256294a8276dc650a4ada3572ebd53534be37cd0704ad8baf42b520f4ae01768ddd

Certificate Info

IssuerLet's Encrypt

Subjectgolfstreams.me

Fingerprint65:4A:65:69:20:9D:75:0B:E5:CF:ED:64:AA:D5:51:9B:25:94:C2:D6

ValidityFri, 26 Jan 2024 18:29:48 GMT - Thu, 25 Apr 2024 18:29:47 GMT

HTTP Headers

GET /img/home.png HTTP/1.1
Host: golfstreams.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/home.min.css?v=2.1
Cookie: _dt_gs=AAAAAhQCEQNhZHMUAREEaG9tZRQBEQNwb3AGABEHcmVmZXJlcg0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:43 GMT
content-type: image/png
content-length: 3816
last-modified: Mon, 04 Oct 2021 17:13:11 GMT
vary: accept-encoding
etag: "615b3627-ee8"
expires: Sun, 03 Mar 2024 18:54:13 GMT
cache-control: max-age=30, must-revalidate
accept-ranges: bytes

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.3

200 OK

16 kB

URL

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

IP / ASN

142.250.74.3

#15169 GOOGLE

Requested byhttps://golfstreams.me/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0

First Seen2023-04-05

Last Seen2025-08-02

Times Seen151637

Size16 kB (15744 bytes)

MD515d9f621c3bd1599f0169dcf0bd5e63e

SHA17ca9c5967f3bb8bffeab24b639b49c1e7d03fa52

SHA256f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55

ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://golfstreams.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Feb 2024 03:28:11 GMT
expires: Fri, 28 Feb 2025 03:28:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 314732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET tauphaub.net/?rb=Y2VU9Y1JrDg4qhPK42bu_maz327JR7vu87SCh_mY_vCRxKQKcJe41uHddE4kW22sphGHe6alUVXjFWgxcBLxPt3STBfrWsgIq_1q2DPqkDFZyeiyJgMzRdaD-Cs_EszSwZeinU4x7k0tqJ_FvTZ1UfQh-C-RwHrRcQgmTfPD8ZDdGz1XI967ISKxOmgMkfhu0yF3IAFunUmhh949ZOSIuik8Fu_inqS0aQv0KqBVGtmMoQpOiYz7wsvm0tlnG_B2&request_ab2=0&zoneid=6297472&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=63bab0a7-4091-493b-a172-64ccbd656841&userId=008014e38ebe428ef526f4418821bcd8&m=link

139.45.197.244

200 OK

2.3 kB

URL

tauphaub.net/?rb=Y2VU9Y1JrDg4qhPK42bu_maz327JR7vu87SCh_mY_vCRxKQKcJe41uHddE4kW22sphGHe6alUVXjFWgxcBLxPt3STBfrWsgIq_1q2DPqkDFZyeiyJgMzRdaD-Cs_EszSwZeinU4x7k0tqJ_FvTZ1UfQh-C-RwHrRcQgmTfPD8ZDdGz1XI967ISKxOmgMkfhu0yF3IAFunUmhh949ZOSIuik8Fu_inqS0aQv0KqBVGtmMoQpOiYz7wsvm0tlnG_B2&request_ab2=0&zoneid=6297472&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=63bab0a7-4091-493b-a172-64ccbd656841&userId=008014e38ebe428ef526f4418821bcd8&m=link

IP / ASN

139.45.197.244

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typetroff or preprocessor input, ASCII text, with very long lines (2338), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size2.3 kB (2316 bytes)

MD5c583639b1b30b034ac47ed94e2c4d9b8

SHA1d4f96d6e85cfc7711de7466f988b04db717c3170

SHA256474588c7c8adbffa0a768396de6f1ae752e317d9aeca133b1feaec4300e86b1d

Certificate Info

IssuerLet's Encrypt

Subjecttauphaub.net

FingerprintB1:D9:9B:8E:83:54:E8:BC:9F:C5:9A:B8:BA:C2:34:E1:B1:1F:30:95

ValidityMon, 15 Jan 2024 08:42:42 GMT - Sun, 14 Apr 2024 08:42:41 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=Y2VU9Y1JrDg4qhPK42bu_maz327JR7vu87SCh_mY_vCRxKQKcJe41uHddE4kW22sphGHe6alUVXjFWgxcBLxPt3STBfrWsgIq_1q2DPqkDFZyeiyJgMzRdaD-Cs_EszSwZeinU4x7k0tqJ_FvTZ1UfQh-C-RwHrRcQgmTfPD8ZDdGz1XI967ISKxOmgMkfhu0yF3IAFunUmhh949ZOSIuik8Fu_inqS0aQv0KqBVGtmMoQpOiYz7wsvm0tlnG_B2&request_ab2=0&zoneid=6297472&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=63bab0a7-4091-493b-a172-64ccbd656841&userId=008014e38ebe428ef526f4418821bcd8&m=link HTTP/1.1
Host: tauphaub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://golfstreams.me
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Cookie: OAID=008014e38ebe428ef526f4418821bcd8; oaidts=1709492024
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/json
x-trace-id: e5394227cf7750b44d804bba8054fc50
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://golfstreams.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008014e38ebe428ef526f4418821bcd8; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
oaidts=1709492024; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 10 Mar 2024 18:53:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET kuthoost.net/?rb=HQ_oXv5IybKp-fjTNdIh3nqLSx6pu6aWKe_H3cOze83j_qyS4AU78h10LppgykLtTRFp_0bzaRyjsLNu_E3KO6kPK2boVFUKt45D7pJSs8gnlTa5kNwQ_KwOMYoA2wbt0iSd12LQ4L-El4yf75nJRN1yvk9aGWT7TZ6EAMzAhhTKFbxNAwePT4FdgEVCVdzy0HIpqBsd6w8_Mz9hp6_nzLnbVFuM4jqDNsoC3dGvRz2jMtFOHnh1uCSh5cyAj93bFH2skJRXzeGjdcxH&request_ab2=0&zoneid=6534634&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=b8f68f04-5f15-4094-883c-d2a8767fed81&userId=008014e38ebe428ef526f4418821bcd8&m=link

139.45.197.243

200 OK

2.9 kB

URL

kuthoost.net/?rb=HQ_oXv5IybKp-fjTNdIh3nqLSx6pu6aWKe_H3cOze83j_qyS4AU78h10LppgykLtTRFp_0bzaRyjsLNu_E3KO6kPK2boVFUKt45D7pJSs8gnlTa5kNwQ_KwOMYoA2wbt0iSd12LQ4L-El4yf75nJRN1yvk9aGWT7TZ6EAMzAhhTKFbxNAwePT4FdgEVCVdzy0HIpqBsd6w8_Mz9hp6_nzLnbVFuM4jqDNsoC3dGvRz2jMtFOHnh1uCSh5cyAj93bFH2skJRXzeGjdcxH&request_ab2=0&zoneid=6534634&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=b8f68f04-5f15-4094-883c-d2a8767fed81&userId=008014e38ebe428ef526f4418821bcd8&m=link

IP / ASN

139.45.197.243

#9002 RETN Limited

Requested byhttps://golfstreams.me/

Resource Info

File typetroff or preprocessor input, ASCII text, with very long lines (2964), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size2.9 kB (2935 bytes)

MD5c2edcd48492b6528c96968dc09c53535

SHA17d4ff0f725a767dd8ddf04c85fb5833187e32fc9

SHA25682ae1482362bc72a770efe5d496290d031ffe2225d3e43959cc55b511b7258b9

Certificate Info

IssuerLet's Encrypt

Subjectkuthoost.net

FingerprintC9:DB:6A:7E:E0:E8:E0:45:94:31:0D:26:AA:B9:CF:67:83:76:CA:39

ValidityThu, 29 Feb 2024 18:25:13 GMT - Wed, 29 May 2024 18:25:12 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=HQ_oXv5IybKp-fjTNdIh3nqLSx6pu6aWKe_H3cOze83j_qyS4AU78h10LppgykLtTRFp_0bzaRyjsLNu_E3KO6kPK2boVFUKt45D7pJSs8gnlTa5kNwQ_KwOMYoA2wbt0iSd12LQ4L-El4yf75nJRN1yvk9aGWT7TZ6EAMzAhhTKFbxNAwePT4FdgEVCVdzy0HIpqBsd6w8_Mz9hp6_nzLnbVFuM4jqDNsoC3dGvRz2jMtFOHnh1uCSh5cyAj93bFH2skJRXzeGjdcxH&request_ab2=0&zoneid=6534634&js_build=iclick-v1.711.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fgolfstreams.me%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.711.0&navlng=en-US&pnt=0&pnrc=0&bs=b8f68f04-5f15-4094-883c-d2a8767fed81&userId=008014e38ebe428ef526f4418821bcd8&m=link HTTP/1.1
Host: kuthoost.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://golfstreams.me
DNT: 1
Connection: keep-alive
Referer: https://golfstreams.me/
Cookie: OAID=00801456845e4f2efce059ab04607ab6; oaidts=1709492024
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 03 Mar 2024 18:53:44 GMT
content-type: application/json
x-trace-id: 68d455d669317bc5ad040cbc40522639
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://golfstreams.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008014e38ebe428ef526f4418821bcd8; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
oaidts=1709492024; expires=Mon, 03 Mar 2025 18:53:44 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 10 Mar 2024 18:53:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2