Report - goheruds.xyz/2/7.html

Report Overview

Submitted URL
goheruds.xyz/2/7.html
IP
45.141.156.113
ASN
#206776 Ophidian Network Limited
Submitted
2024-05-10 06:59:27
Access
public
Website Title
Norton AntiVirus
Final URL
goheruds.xyz/2/7.html
Tags
fake_software scam
urlquery detections
Scam - Fake AntiVirus / Security software

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
translate.googleapis.com	1005	2005-01-25	2012-05-31	2024-05-09	1.7 kB	74 kB	142.250.74.42
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04	2024-05-09	526 B	2.2 kB	142.250.74.42
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	2.6 kB	200 kB	142.250.74.131
use.fontawesome.com	942	2012-10-18	2017-01-30	2024-05-09	1.8 kB	121 kB	172.67.142.245
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	1.1 kB	7.3 kB	142.250.74.35
translate.google.com	1156	1997-09-15	2012-05-30	2024-05-09	446 B	90 kB	142.250.74.142
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	488 B	36 kB	142.250.74.106
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-09	427 B	32 kB	142.250.74.170
goheruds.xyz	unknown	unknown	No data	No data	7.2 kB	90 kB	45.141.156.113
threatdetect.org	unknown	2022-01-28	2022-01-28	2024-05-03	466 B	16 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed
2024-05-10	medium	goheruds.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-20 21:43:12 Times Seen145958 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	goheruds.xyz/2/files/script/lang.js	1.2 kB	2023-03-07	2024-05-20
Pretty URL goheruds.xyz/2/files/script/lang.js IP 45.141.156.113 ASN #206776 Ophidian Network Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-05-20 09:26:42 Times Seen754 Hash fcd546809170dd574eb37b989529f69a 2e227e144e3b4bd68064354d8a7fbc61125f624c 350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920 Loading...

	goheruds.xyz/2/files/script/myjs.js	28 kB	2023-10-31	2024-05-16
Pretty URL goheruds.xyz/2/files/script/myjs.js IP 45.141.156.113 ASN #206776 Ophidian Network Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 06:51:57 Last Seen2024-05-16 10:42:23 Times Seen44 Hash 8de3ee6051018487cda3b87c5377827c 3e859cc6d316f85e919c38e6102cec21c957bb1c 8056f21d9161a95ae08dc4973afc97579acd958c7bf8ac368ebc4993f956a366 Loading...

	goheruds.xyz/2/7.html	38 B	2023-10-31	2024-05-20
Pretty URL goheruds.xyz/2/7.html IP 45.141.156.113 ASN #206776 Ophidian Network Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-31 06:51:57 Last Seen2024-05-20 09:26:42 Times Seen118 Hash 518779926bc5658ade8df84ea2f8b0e9 197b9ce340aae95551312b3ca7d41902e8c1ca53 854037d3c6e773ef2e0a8dc82efd78c0d9bca0bdbb62a92fb324c12e831cb16b Loading...

	goheruds.xyz/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=BgM/d=1/rs=AN8SPfrGKYiUpf2D4rD3e1LdSba2rkEwsw/m=el_conf	89 kB	2024-05-10	2024-05-10
Pretty URL goheruds.xyz/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=BgM/d=1/rs=AN8SPfrGKYiUpf2D4rD3e1LdSba2rkEwsw/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:40:09 Last Seen2024-05-10 08:59:34 Times Seen5 Hash 7d87881970bfeb88e706ac20ffcebdfe f5edafdd2a651f1b3d6569118fa46acaf703d8a7 b6a5be0580975bea06c4f15de1c15226509b00f0286508fd76c4173b1e9a2ba7 Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfqJ0Hz8ni9nrsAXHpntm0qqHgqQCw/m=el_main	210 kB	2024-05-08	2024-05-13
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfqJ0Hz8ni9nrsAXHpntm0qqHgqQCw/m=el_main IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 22:33:47 Last Seen2024-05-13 19:21:17 Times Seen225 Hash bf47475b5b52d458f577a3413e6643a5 97bc58b845b8be59fb4914a52f22ab23e83e60f1 3a4153a0531933048ae28d84e5426a3d725e89b6d41e6206c03cc5965280d8a4 Loading...

	use.fontawesome.com/f182237388.js	9.5 kB	2023-03-08	2024-05-20
Pretty URL use.fontawesome.com/f182237388.js IP 172.67.142.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:08:25 Last Seen2024-05-20 09:26:42 Times Seen196 Hash 642925e489914ab3dd425cb843636667 b1e9f31c4ef9543e82467d88db7b63933cd67556 5fc81f26f3ae5cce9fffb7bf98e91a71210defe0a685ba8eff16ce863524a131 Loading...

	goheruds.xyz/2/files/script/smart.js	2.2 kB	2023-03-07	2024-05-20
Pretty URL goheruds.xyz/2/files/script/smart.js IP 45.141.156.113 ASN #206776 Ophidian Network Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:48 Last Seen2024-05-20 09:26:42 Times Seen699 Hash c9e9a54501fc6f6e8918b2c0f2a53981 3d530e6c830ccba6284e79c7245bb45d6f4f2197 491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454 Loading...

HTTP Transactions (35)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.170

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 02:27:35 GMT
expires: Sat, 10 May 2025 02:27:35 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 16286
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/logo.png

45.141.156.113

200 OK

27 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/logo.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 3613 x 837, 8-bit/color RGBA, non-interlaced
Size
27 kB (27222 bytes)
Hash
6dbd4cf1b21aceda886cbc606941f19f
5027ef4c4fe9edb85caca6825fae724a48b35688
3e59b10052f76fac8fcad3662a9c154806854a8f5f45f2ec4649203712a81793

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/logo.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 27222
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-6a56"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/7.html

45.141.156.113

200 OK

11 kB

URL User Request GET HTTP/2
goheruds.xyz/2/7.html
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10671 bytes)
Hash
27b2e678a982a2ea4d996cf8e5e99a7f
eabd66c8f19db15aa23f7f86066efc466094f6bd
f16c0d79ecb61284916e67ee94e583e711c55ab1231af2cb09b16c351ff55308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/7.html HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: text/html
last-modified: Sat, 04 May 2024 09:56:43 GMT
vary: Accept-Encoding
etag: W/"6636065b-3b5c"
content-encoding: gzip
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/icon_1.png

45.141.156.113

200 OK

1.1 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/icon_1.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1137 bytes)
Hash
d4d69630de198f952456bd95946cff99
63666fc0c400af0789069bcf8fb5ec3092e3c7b5
3bc79b2b43c6496e7be7ea2cc22838c9e14bd7d4ab27d049d8a01a6423607e87

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/icon_1.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 1137
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-471"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/icon_2.png

45.141.156.113

200 OK

2.4 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/icon_2.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Size
2.4 kB (2431 bytes)
Hash
fd22397dfe5d6d7349164ce82847fd53
dcc678c0c3c6d91d88b021081f280377fa65ee01
3c6902c5acb08e21fef1afb46bcf770245b6b942f0613d8063a5032065c4d317

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/icon_2.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 2431
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-97f"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/together.png

45.141.156.113

200 OK

13 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/together.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 300 x 69, 8-bit/color RGBA, non-interlaced
Size
13 kB (12762 bytes)
Hash
8d83d6935654a967d1f4ea40514ac20d
be33a079fa8c663596aa676a941fe2f90761e752
0775e8b55c2afa00085a61be539d65c123055ace00e957eeee28200859fb8780

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/together.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 12762
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-31da"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/atten.png

45.141.156.113

200 OK

2.5 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/atten.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced
Size
2.5 kB (2453 bytes)
Hash
73ee5f5a65419cdae683e3ce557667c5
c63479fd67f9bcf0ff867e518ed12dbb223929fb
beaf85377ddd403e8beb6772e27ef87608e0da79d09e3080798c339d9b822135

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/atten.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 2453
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-995"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/icon_3.png

45.141.156.113

200 OK

1.0 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/icon_3.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1010 bytes)
Hash
118f0c5583f13e7f2e42ac3c34d54a4a
aca14f746b4889df053494c8fa043f8a4b22a511
746872277e95c813f0720fb138d445af664d09b0e9968bb2dfc453a4f30f75da

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/icon_3.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 1010
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-3f2"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/icon_4.png

45.141.156.113

200 OK

1.3 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/icon_4.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1288 bytes)
Hash
d4ce6e3f44d5ddcc50f3f1e88107b886
1b1969cff7e88bce4b1196551d6a44bef0ef6dcf
2d21436c30be8369abd4dcbf6b26d1c5d9db2f039c398d5c8aeba3db93d7d7a5

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/icon_4.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/png
content-length: 1288
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-508"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/action_1.gif

45.141.156.113

200 OK

69 B

URL GET HTTP/2
goheruds.xyz/2/files/images/action_1.gif
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
GIF image data, version 89a, 16 x 16
Size
69 B (69 bytes)
Hash
3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/action_1.gif HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/gif
content-length: 69
last-modified: Sat, 04 May 2024 09:56:43 GMT
etag: "6636065b-45"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/action_2.gif

45.141.156.113

200 OK

377 B

URL GET HTTP/2
goheruds.xyz/2/files/images/action_2.gif
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
GIF image data, version 89a, 16 x 16
Size
377 B (377 bytes)
Hash
c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/action_2.gif HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/gif
content-length: 377
last-modified: Sat, 04 May 2024 09:56:43 GMT
etag: "6636065b-179"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/action_3.gif

45.141.156.113

200 OK

234 B

URL GET HTTP/2
goheruds.xyz/2/files/images/action_3.gif
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
GIF image data, version 89a, 16 x 16
Size
234 B (234 bytes)
Hash
9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/action_3.gif HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: image/gif
content-length: 234
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-ea"
accept-ranges: bytes
X-Firefox-Spdy: h2

goheruds.xyz/2/files/script/myjs.js

45.141.156.113

200 OK

6.7 kB

URL GET HTTP/2
goheruds.xyz/2/files/script/myjs.js
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
gzip compressed data, from Unix
Size
6.7 kB (6673 bytes)
Hash
783777e6e65749c38b3684578c07bc65
c400914da28a5a860bb6f58f03b3497cef8e50e3
85c14037b7f042bf0ac336cec50bed6a4d927b10cea26470cfa6712fbdceff69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/script/myjs.js HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: application/javascript
last-modified: Sat, 04 May 2024 09:56:44 GMT
vary: Accept-Encoding
etag: W/"6636065c-6e92"
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 525560
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 525560
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 525560
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.131

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 525560
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2

172.67.142.245

200 OK

77 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /releases/v4.7.0/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:59:02 GMT
content-type: application/font-woff2
content-length: 77160
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 42074
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqRcOgIQmUFwUYUV0EHbFc8yCC8BYf4nB1tZJ7W5jhtGf81ZrZhwpNKGujYKzExi3IzVD3rEtwvVtK2fL8no3E1H0jdwxzJ96Tbrm56m%2Bz8dTMrxbYrdY2Rv%2BCWCAMWsk6rKANW%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88180b5329f75684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

goheruds.xyz/2/files/images/favicon.png

45.141.156.113

200 OK

8.6 kB

URL GET HTTP/2
goheruds.xyz/2/files/images/favicon.png
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
PNG image data, 100 x 99, 8-bit/color RGBA, non-interlaced
Size
8.6 kB (8557 bytes)
Hash
c0b2a7a01b35e3f59eeacd4b91763b3c
1f649ec2ccfaca14d173f972da45a445e0471e8e
48f3ab486da957035f63cc1aae2f95219dbaa2de0499fe874c1a386b280ef8ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/images/favicon.png HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:02 GMT
content-type: image/png
content-length: 8557
last-modified: Sat, 04 May 2024 09:56:44 GMT
etag: "6636065c-216d"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css

142.250.74.35

200 OK

4.0 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 19:04:03 GMT
expires: Tue, 06 May 2025 19:04:03 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 302099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfqJ0Hz8ni9nrsAXHpntm0qqHgqQCw/m=el_main

142.250.74.42

200 OK

73 kB

URL GET HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfqJ0Hz8ni9nrsAXHpntm0qqHgqQCw/m=el_main
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2297)
Size
73 kB (72582 bytes)
Hash
bf47475b5b52d458f577a3413e6643a5
97bc58b845b8be59fb4914a52f22ab23e83e60f1
3a4153a0531933048ae28d84e5426a3d725e89b6d41e6206c03cc5965280d8a4

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.ScQnttr3jIk.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfqJ0Hz8ni9nrsAXHpntm0qqHgqQCw/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 72582
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 17:15:50 GMT
expires: Fri, 09 May 2025 17:15:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 May 2024 17:11:28 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 49392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.131

200 OK

3.3 kB

URL GET HTTP/3
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 23:45:27 GMT
expires: Fri, 09 May 2025 23:45:27 GMT
cache-control: public, max-age=31536000
age: 26015
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.35

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 May 2024 16:55:18 GMT
expires: Thu, 08 May 2025 16:55:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 137024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.42

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 10 May 2024 06:59:02 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=514=umUmLg00wdHmxTQ0fjXXipsq5huoWH3g1O9pdTzsvgeb_vW2LHvauPdDnNqxVnQivQu-XauUUCVmc3U3z2oFGHVqUA7__AlVRSQzwU2TJk0PSfq6lksIJAM7-QXeEF7tnWZU8vOj0IhBx0R7E-fDHk8P3uhKxRroeUHt5QhUR2w; expires=Sat, 09-Nov-2024 06:59:02 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
expires: Fri, 10 May 2024 06:59:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

threatdetect.org/fonts/?font=aHR0cHM6Ly9nb2hlcnVkcy54eXovMi83Lmh0bWw=

188.114.96.1

200 OK

15 kB

URL GET HTTP/2
threatdetect.org/fonts/?font=aHR0cHM6Ly9nb2hlcnVkcy54eXovMi83Lmh0bWw=
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectthreatdetect.org
FingerprintF6:23:B8:9E:08:03:83:36:F4:82:1C:31:29:E6:F5:FC:ED:66:02:14
ValidityThu, 18 Apr 2024 10:28:31 GMT - Wed, 17 Jul 2024 10:28:30 GMT

File type
data
Size
15 kB (15218 bytes)
Hash
8f0192624a2564a90da048e507829d86
ab93a737d0acc6588366263c2918673299bd7f4b
9af2cf9ae165da5620ad5aa4c7e5622ec43ddac7e0f2d9f8e1a0be3cb087159f

HTTP Headers

GET /fonts/?font=aHR0cHM6Ly9nb2hlcnVkcy54eXovMi83Lmh0bWw= HTTP/1.1
Host: threatdetect.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:59:02 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQRQl108%2Bi5UBSGq8G8Nv%2FnMfyptWHCluVM09HLdJybmExiTiKH3WqTh6gxtRFqUfhUgKqKIL2VsF0Xg0Nn1ZpGKhewEC81Jkeva4SBLpmVD5DLxO46qoMOXRRnvQULh9ZGT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88180b524ee01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.42

200 OK

0 B

URL POST HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://goheruds.xyz/
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://goheruds.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 May 2024 06:59:12 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.42

200 OK

131 B

URL POST HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JSON text data
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goheruds.xyz/
X-Goog-AuthUser: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1183
Origin: https://goheruds.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://goheruds.xyz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Fri, 10 May 2024 06:59:12 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

172.67.142.245

200 OK

30 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30343)
Size
30 kB (30344 bytes)
Hash
36082410df2ef7f83932219089dc1443
7961402d7d01e19387fe609a38454b0bc8c6cca4
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

HTTP Headers

GET /releases/v4.7.0/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/f182237388.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:59:02 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"36082410df2ef7f83932219089dc1443"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 826354
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FTOXHlxvNJHq0OHbU6dWRu2CG7J2ag418nCBbhLfxDJxWsiLpabAaTfo9v7QYfbw1ZLxNuB8AoLBD6uhuHJHp1wNfz1MXctv%2By7IRoSW3CrBmzVJiPRSIyhGkJn%2Fs0ovTt1KkvR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88180b5258ca5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

142.250.74.142

200 OK

89 kB

URL GET HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (2064)
Size
89 kB (89376 bytes)
Hash
7d87881970bfeb88e706ac20ffcebdfe
f5edafdd2a651f1b3d6569118fa46acaf703d8a7
b6a5be0580975bea06c4f15de1c15226509b00f0286508fd76c4173b1e9a2ba7

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 06:59:02 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/f182237388.css

172.67.142.245

200 OK

1.0 kB

URL GET HTTP/2
use.fontawesome.com/f182237388.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1054), with no line terminators
Size
1.0 kB (1033 bytes)
Hash
38ab6981f2d275f63d6a5e13e551e2ae
fed5822d1194a5965a5012005fa4dafd5be9ae2e
b029b512b28b1f42efe25a07a756b0d6bd97a071e0845129c8fae7fe288c18a8

HTTP Headers

GET /f182237388.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:59:02 GMT
content-type: text/css
etag: W/"c34c69a9993e345a33d3899b6f063f04"
last-modified: Fri, 22 Sep 2023 01:40:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 6072
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FafshocYiUlYDlfoLBt2qMsdERiS%2Fn9AVFMDCZJ2qXH6MRHYhNOM%2BxBR50T%2F5uBN%2B5fexso3PB0irPSGk92WstSdM7eDp9y3%2FrzwqLVWh4OrjQxV8HzQpVDl2WQ2BNWZ5%2BBtc%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88180b51e8465684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

goheruds.xyz/2/files/styles/default.css

45.141.156.113

200 OK

8.6 kB

URL GET HTTP/2
goheruds.xyz/2/files/styles/default.css
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
ASCII text, with very long lines (9676), with no line terminators
Size
8.6 kB (8557 bytes)
Hash
3756cefa618febccfef305d22d11a2a2
e7e08ba24a2e0abab536d1503eedcf16ebb57ab1
49982b36996817bd0df79b3bfeef286e58e109051b1994c2a17051c4a9481ed0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/styles/default.css HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: text/css
last-modified: Sat, 04 May 2024 09:56:44 GMT
vary: Accept-Encoding
etag: W/"6636065c-216d"
content-encoding: gzip
X-Firefox-Spdy: h2

goheruds.xyz/2/files/script/smart.js

45.141.156.113

200 OK

2.2 kB

URL GET HTTP/2
goheruds.xyz/2/files/script/smart.js
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
JavaScript source, ASCII text, with very long lines (2304), with no line terminators
Size
2.2 kB (2198 bytes)
Hash
79218c8e4d6b9589da61b4daddd1d721
c8bdf2b44db9327ac24f0d02e2aa0bfc69097ab5
db4e31aaf6f2022d9cd8c052537ee237b0b69cd49ab27d6d29913bf401b1ea5a

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/script/smart.js HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: application/javascript
last-modified: Sat, 04 May 2024 09:56:44 GMT
vary: Accept-Encoding
etag: W/"6636065c-896"
content-encoding: gzip
X-Firefox-Spdy: h2

goheruds.xyz/2/files/script/lang.js

45.141.156.113

200 OK

1.2 kB

URL GET HTTP/2
goheruds.xyz/2/files/script/lang.js
IP
45.141.156.113:443
ASN
#206776 Ophidian Network Limited

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerLet's Encrypt
Subjectgoheruds.xyz
Fingerprint82:9A:E1:88:4A:53:CF:AA:97:29:95:C3:4A:EA:7A:4D:3D:58:B7:71
ValiditySat, 04 May 2024 08:52:23 GMT - Fri, 02 Aug 2024 08:52:22 GMT

File type
JavaScript source, ASCII text, with very long lines (1223), with no line terminators
Size
1.2 kB (1157 bytes)
Hash
00d68d5fcbe959205761ae2eb92bda5a
e70670eba70fd9428d8ee7d8acacea623bd72d4f
994454fb2f960994c4f0721e63734138eb06498b18f1236e39d4c66de579b054

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2/files/script/lang.js HTTP/1.1
Host: goheruds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/2/7.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:59:01 GMT
content-type: application/javascript
last-modified: Sat, 04 May 2024 09:56:44 GMT
vary: Accept-Encoding
etag: W/"6636065c-485"
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300&display=swap

142.250.74.106

200 OK

35 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1572)
Size
35 kB (35102 bytes)
Hash
182576db773a08b463febf1b07aa0e2f
b868a708dae6373057a7732089e6093b67243774
626507f0b1a1d350bed3be0e5776dbcaad507a31356d23ba5ad189c1230a3c59

HTTP Headers

GET /css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 06:59:01 GMT
date: Fri, 10 May 2024 06:59:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/f182237388.js

172.67.142.245

200 OK

9.5 kB

URL GET HTTP/2
use.fontawesome.com/f182237388.js
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goheruds.xyz/2/7.html
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (9731), with no line terminators
Size
9.5 kB (9496 bytes)
Hash
2cacb88151a513dc4eaf4bde78faff7b
a4c63129b001af45bd8c1e60a462a87edd9be8e9
2cfdf34668c0492fe9303c1210943aa7f4a5353e4674812bb96c79542802ebf7

HTTP Headers

GET /f182237388.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goheruds.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:59:01 GMT
content-type: text/javascript
etag: W/"642925e489914ab3dd425cb843636667"
last-modified: Fri, 22 Sep 2023 01:40:28 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 6973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUsgADZl9LlRzPklmsenNK4eV034xVVBs5qN2QFwY%2BzEZYYtX131FL%2FFMdhwJ9bVrLCZ9Y944v9ykydbqv9mWEJIpOlU8zM15L8Noy3VDgBAz8wGMeMRj%2Fbd5CZrqu5j0AyfmDpa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88180b508e005684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML