Report - the-gandhara.com/hunny

Report Overview

Submitted URL
the-gandhara.com/hunny_bunny24
IP
172.67.128.84
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 23:58:43
Access
public
Website Title
EatCells.com
Final URL
eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-26	431 B	32 kB	142.250.74.170
i0.wp.com	3021	1997-03-28	2013-09-17	2024-04-25	5.0 kB	42 kB	192.0.77.2
go.cbro.win	unknown	2023-12-01	2023-12-01	2024-04-22	505 B	863 B	188.114.96.1
magnificent-listen.com	unknown	2023-09-11	2023-09-11	2024-04-22	2.1 kB	10 kB	88.85.68.219
eatcells.com	438054	2018-08-16	2018-08-23	2024-04-24	4.4 kB	184 kB	94.130.177.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	magnificent-listen.com	Sinkholed
2024-04-26	medium	magnificent-listen.com	Sinkholed
2024-04-26	medium	magnificent-listen.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	eatcells.com/land/?token=5f17726a29711160fd18860afba4c068	0 B	2023-03-07	2024-05-08
Pretty URL eatcells.com/land/?token=5f17726a29711160fd18860afba4c068 IP 94.130.177.84 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 05:44:09 Times Seen37428062 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (24)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:03:38 GMT
expires: Sat, 26 Apr 2025 06:03:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 64480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i0.wp.com/ilikecomix.com/comic/2022/08/Forbidden-Love-01-CrazyDad3D-1.jpg?resize=40%2C40&ssl=1

192.0.77.2

724 B

URL
i0.wp.com/ilikecomix.com/comic/2022/08/Forbidden-Love-01-CrazyDad3D-1.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
724 B (724 bytes)
Hash
beec20f42aa4de197bc066f1a7af194d
65da9ec974ebc3358a85fc455fafc140678b3948
ae37d915452aab86612a4638709105497c4539ca772798a0ec5282d126d12d6f

HTTP Headers

GET /ilikecomix.com/comic/2022/08/Forbidden-Love-01-CrazyDad3D-1.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 724
last-modified: Mon, 08 Apr 2024 17:54:05 GMT
expires: Thu, 09 Apr 2026 05:54:05 GMT
cache-control: public, max-age=63115200
link: <https://ilikecomix.com/comic/2022/08/Forbidden-Love-01-CrazyDad3D-1.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "38d47029475e5946"
vary: Accept
x-nc: HIT arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/www.elog-ch.net/media/wp-content/uploads/2023/01/eyecatch-2.jpg?resize=40%2C40&ssl=1

192.0.77.2

654 B

URL
i0.wp.com/www.elog-ch.net/media/wp-content/uploads/2023/01/eyecatch-2.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
654 B (654 bytes)
Hash
501715d188869162f603ae331f2450c2
bcb28348ebab557fb8f2d7aae0b4e08490b8e050
5e4614186fdf63b99deeefc8c0aa8447afbb56a25799c14f057ac366d5964c41

HTTP Headers

GET /www.elog-ch.net/media/wp-content/uploads/2023/01/eyecatch-2.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 654
last-modified: Sat, 20 Apr 2024 19:04:43 GMT
expires: Tue, 21 Apr 2026 07:04:43 GMT
cache-control: public, max-age=63115200
link: <https://www.elog-ch.net/media/wp-content/uploads/2023/01/eyecatch-2.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e459f9d0220b94ce"
vary: Accept
x-nc: MISS arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/static.pornhat.com/contents/videos_screenshots/112000/112645/preview.jpg?resize=40%2C40&ssl=1

192.0.77.2

698 B

URL
i0.wp.com/static.pornhat.com/contents/videos_screenshots/112000/112645/preview.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
698 B (698 bytes)
Hash
3dc80eb13ce2de19d78b915693936a5c
e8685c32ad0158e4d23bcd7b600eddd4109a3919
6cde7d37569707d5538ce083d8974b0000f14027dec5d488a2d5a9d5cb18103c

HTTP Headers

GET /static.pornhat.com/contents/videos_screenshots/112000/112645/preview.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 698
last-modified: Mon, 11 Mar 2024 17:15:04 GMT
expires: Thu, 12 Mar 2026 05:15:04 GMT
cache-control: public, max-age=63115200
link: <https://static.pornhat.com/contents/videos_screenshots/112000/112645/preview.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "618918c3b6dd0be6"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/i.ytimg.com/vi/78bSLupGu7c/maxresdefault.jpg?resize=40%2C40&ssl=1

192.0.77.2

138 B

URL
i0.wp.com/i.ytimg.com/vi/78bSLupGu7c/maxresdefault.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /i.ytimg.com/vi/78bSLupGu7c/maxresdefault.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: text/html
content-length: 138
location: https://i.ytimg.com/vi/78bSLupGu7c/maxresdefault.jpg
x-nc: MISS arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/porndeals.com/media/django-summernote/2021-06-02/0424b051-4e1c-4e7e-bc9b-73e61fbb8b38.jpg?resize=40%2C40&ssl=1

192.0.77.2

806 B

URL
i0.wp.com/porndeals.com/media/django-summernote/2021-06-02/0424b051-4e1c-4e7e-bc9b-73e61fbb8b38.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
806 B (806 bytes)
Hash
49776c6b8cd15eddc9e3e8015f544742
400642e6519100deda9083d4fe6ef24a158b4422
076a385c3981ebc76677dac37534bdd5f23d2262eaa1ed13d2071689fc9dac46

HTTP Headers

GET /porndeals.com/media/django-summernote/2021-06-02/0424b051-4e1c-4e7e-bc9b-73e61fbb8b38.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 806
last-modified: Thu, 28 Mar 2024 16:15:44 GMT
expires: Sun, 29 Mar 2026 04:15:44 GMT
cache-control: public, max-age=63115200
link: <https://porndeals.com/media/django-summernote/2021-06-02/0424b051-4e1c-4e7e-bc9b-73e61fbb8b38.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b1a7cac491effea4"
vary: Accept
x-nc: MISS arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/img.itch.zone/aW1nLzM5ODg2NzYuZ2lm/original/stg8Vb.gif?resize=40%2C40&ssl=1

192.0.77.2

24 kB

URL
i0.wp.com/img.itch.zone/aW1nLzM5ODg2NzYuZ2lm/original/stg8Vb.gif?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image
Size
24 kB (23934 bytes)
Hash
520bbf8b69f50f601817c482c2bad8ab
2959a0dfb69e775a99c83ecafaa3a518753864da
61839fa20c921b026f3430145c68d0a80af2e2b135b26196e39b1f4d7aaae857

HTTP Headers

GET /img.itch.zone/aW1nLzM5ODg2NzYuZ2lm/original/stg8Vb.gif?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 23934
last-modified: Tue, 23 Apr 2024 15:16:46 GMT
expires: Fri, 24 Apr 2026 03:16:46 GMT
cache-control: public, max-age=63115200
link: <https://img.itch.zone/aW1nLzM5ODg2NzYuZ2lm/original/stg8Vb.gif>; rel="canonical"
x-content-type-options: nosniff
etag: "1c7fce071d2a5b99"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nukemanga.com/wp-content/uploads/2021/02/02-133.jpg?resize=40%2C40&ssl=1

192.0.77.2

806 B

URL
i0.wp.com/nukemanga.com/wp-content/uploads/2021/02/02-133.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
806 B (806 bytes)
Hash
8812179e387331c7d58078b1f5b6429e
59172e4452c618381bb13f4ca0ab79c8d7cad75c
da1bf27ab3883c9d87349bcd24f47dc62be57f5d30e7aa66728d416300645a96

HTTP Headers

GET /nukemanga.com/wp-content/uploads/2021/02/02-133.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 806
last-modified: Fri, 26 Apr 2024 23:58:18 GMT
expires: Mon, 27 Apr 2026 11:58:18 GMT
cache-control: public, max-age=63115200
link: <https://nukemanga.com/wp-content/uploads/2021/02/02-133.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "9b05668b0c3c3f7e"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/img.manga18h.com/brawling-go/chapter-1/001.jpg?resize=40%2C40&ssl=1

192.0.77.2

492 B

URL
i0.wp.com/img.manga18h.com/brawling-go/chapter-1/001.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
492 B (492 bytes)
Hash
4b52547bb50edc7fc7d98d91aa140944
bc555e06d73ee1a87bf513c7960e90dc3b3222c4
e8972042804af8cdf48d602f62b4be67609f67b89914b3130793fa35a14520ec

HTTP Headers

GET /img.manga18h.com/brawling-go/chapter-1/001.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 492
last-modified: Fri, 26 Apr 2024 23:58:18 GMT
expires: Mon, 27 Apr 2026 11:58:18 GMT
cache-control: public, max-age=63115200
link: <https://img.manga18h.com/brawling-go/chapter-1/001.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a742995a38cde06d"
vary: Accept
x-nc: MISS arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images2.imgbox.com/81/c2/48lpks5P_o.jpg?resize=40%2C40&ssl=1

192.0.77.2

636 B

URL
i0.wp.com/images2.imgbox.com/81/c2/48lpks5P_o.jpg?resize=40%2C40&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 40x40, Scaling: [none]x[none], YUV color, decoders should clamp
Size
636 B (636 bytes)
Hash
04bb1c26e8c52f3855c7d6d8b186c877
0fdd00345cf769a494f1987f974288fc09370823
60acb12acecae0ba2c214d129ff68ddbfbd62ad56500b1d7678d11627c8b0671

HTTP Headers

GET /images2.imgbox.com/81/c2/48lpks5P_o.jpg?resize=40%2C40&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: image/webp
content-length: 636
last-modified: Fri, 26 Apr 2024 23:58:18 GMT
expires: Mon, 27 Apr 2026 11:58:18 GMT
cache-control: public, max-age=63115200
link: <https://images2.imgbox.com/81/c2/48lpks5P_o.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "07531c761eb4734a"
vary: Accept
x-nc: MISS arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

go.cbro.win/dtc

188.114.96.1

188 B

URL
go.cbro.win/dtc
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with no line terminators
Size
188 B (188 bytes)
Hash
6412befd45719f97e7bf51aaa60c158a
2b4932b15dbb367d22d8f4afd66ae5dac9fdd1fc
93b4a04d8a45f8aa8600e7cb18429e38be2d6c00fce601390260ffe57489d791

HTTP Headers

GET /dtc HTTP/1.1
Host: go.cbro.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eyx%2F77Wog4rDh6dr3MyX8xu%2F5JPIo9Cpo6wy9DuNYOLNlJT8vc9DzZwHNZX%2BzZZ0FWDdr30RTvsGujdRoSrBLG%2Fu50drZ5dOvyHGsZwq5DyJHkTgs%2FWw2yOlUtVX7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa85288bd6712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

magnificent-listen.com/bO3_VQ0RP.3SJTy-aVWWQX9YN_WaYbxcNdz-cfygNhmiE_ykOlTmcnx-MpTqEr2sM_GuZvkwMxT-gz4ANBjCB_hEZFmGJHh-NJGKMLwMN_jOgPmQcRn-NTyUYVzW1_vYdZXaQbm-cd2elfkgP_TiQj4kNlD-kn4oNpzqU_msdtHuZvy-PxTyAzmAe_mC9DuEZFW-lHkIPJTKI_1MMNTOQP5-MRDSET

88.85.68.219

0 B

URL
magnificent-listen.com/bO3_VQ0RP.3SJTy-aVWWQX9YN_WaYbxcNdz-cfygNhmiE_ykOlTmcnx-MpTqEr2sM_GuZvkwMxT-gz4ANBjCB_hEZFmGJHh-NJGKMLwMN_jOgPmQcRn-NTyUYVzW1_vYdZXaQbm-cd2elfkgP_TiQj4kNlD-kn4oNpzqU_msdtHuZvy-PxTyAzmAe_mC9DuEZFW-lHkIPJTKI_1MMNTOQP5-MRDSET
IP
88.85.68.219:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bO3_VQ0RP.3SJTy-aVWWQX9YN_WaYbxcNdz-cfygNhmiE_ykOlTmcnx-MpTqEr2sM_GuZvkwMxT-gz4ANBjCB_hEZFmGJHh-NJGKMLwMN_jOgPmQcRn-NTyUYVzW1_vYdZXaQbm-cd2elfkgP_TiQj4kNlD-kn4oNpzqU_msdtHuZvy-PxTyAzmAe_mC9DuEZFW-lHkIPJTKI_1MMNTOQP5-MRDSET HTTP/1.1
Host: magnificent-listen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 23:58:19 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
referrer-policy: no-referrer
location: https://magnificent-listen.com/bQ3.VR0SPT3-JVyWaXWYQ_9aNbWcYdx-NfzgchyiN_mkElymOnT-cpxqMrTsE_2uMvGwZxk-MzTAgB4CN_jEBFhGZHm-JJhKNLGMM_wONPjQgRm-cTnUNVyWY_zY1ZvadbX-Qdmecf2gl_kiPjTkIl1-MnToQp5qM_DsEtmudvH-ZxyyPzTAA_mCeDmE9Fu-ZHWIlJkKP_TMQN2OMPz-ER3SOTDUM_
x-content-type-options: nosniff
X-Firefox-Spdy: h2

magnificent-listen.com/bQ3.VR0SPT3-JVyWaXWYQ_9aNbWcYdx-NfzgchyiN_mkElymOnT-cpxqMrTsE_2uMvGwZxk-MzTAgB4CN_jEBFhGZHm-JJhKNLGMM_wONPjQgRm-cTnUNVyWY_zY1ZvadbX-Qdmecf2gl_kiPjTkIl1-MnToQp5qM_DsEtmudvH-ZxyyPzTAA_mCeDmE9Fu-ZHWIlJkKP_TMQN2OMPz-ER3SOTDUM_

88.85.68.219

0 B

URL
magnificent-listen.com/bQ3.VR0SPT3-JVyWaXWYQ_9aNbWcYdx-NfzgchyiN_mkElymOnT-cpxqMrTsE_2uMvGwZxk-MzTAgB4CN_jEBFhGZHm-JJhKNLGMM_wONPjQgRm-cTnUNVyWY_zY1ZvadbX-Qdmecf2gl_kiPjTkIl1-MnToQp5qM_DsEtmudvH-ZxyyPzTAA_mCeDmE9Fu-ZHWIlJkKP_TMQN2OMPz-ER3SOTDUM_
IP
88.85.68.219:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bQ3.VR0SPT3-JVyWaXWYQ_9aNbWcYdx-NfzgchyiN_mkElymOnT-cpxqMrTsE_2uMvGwZxk-MzTAgB4CN_jEBFhGZHm-JJhKNLGMM_wONPjQgRm-cTnUNVyWY_zY1ZvadbX-Qdmecf2gl_kiPjTkIl1-MnToQp5qM_DsEtmudvH-ZxyyPzTAA_mCeDmE9Fu-ZHWIlJkKP_TMQN2OMPz-ER3SOTDUM_ HTTP/1.1
Host: magnificent-listen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 23:58:19 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
referrer-policy: no-referrer
x-frame-options: DENY
location: https://magnificent-listen.com/bT3.VU0VPW3_JYyZaaWbQ-9dNeWfYgx_NizjckylN-mnEoypOqT_csxtMuTvE-2xMyGzZAk_MCTDgE4FN-jHBIhJZKm_JMhNNOGPM-wRNSjTgUm_cWnXNYyZY-zb1cvddeX_Qgmhci2jl-klPmTnQo2_MqzrEs3tO-DvMwmxdyH_ZAyBPCTDA-mFeGmH9Iu_ZKWLlMkNP-TPQQxRNSz_kUwVNWjXI-
x-content-type-options: nosniff
X-Firefox-Spdy: h2

eatcells.com/land/css/styles.min.css?2444

94.130.177.84

200 OK

8.0 kB

URL GET HTTP/2
eatcells.com/land/css/styles.min.css?2444
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
ASCII text, with very long lines (8034), with no line terminators
Size
8.0 kB (8034 bytes)
Hash
e8de8e719a4e8f350294a7c204e3f3f9
c66efa11e08dcc0d77d820a9d954c9ecb981c279
989c0b5c0ffc841e5a27c89336a87fb54b14712406adaafa9dd239a51ef9645a

HTTP Headers

GET /land/css/styles.min.css?2444 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: text/css
content-length: 8034
last-modified: Mon, 18 Mar 2019 07:57:46 GMT
etag: "5c8f4f7a-1f62"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/images/fire.png

94.130.177.84

200 OK

733 B

URL GET HTTP/2
eatcells.com/land/images/fire.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 17 x 22, 8-bit/color RGBA, non-interlaced
Size
733 B (733 bytes)
Hash
75c3092c28d1699eeabd752dd5bd3f17
c57ca82128ae8b89a950c10778e19d79b6be6d3b
fde5580100131b735cf3bf3cf3fba3a59c18aea68c6ad20bffc69dac0815f490

HTTP Headers

GET /land/images/fire.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 733
last-modified: Mon, 18 Mar 2019 07:57:47 GMT
etag: "5c8f4f7b-2dd"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/?token=5f17726a29711160fd18860afba4c068

94.130.177.84

200 OK

20 kB

URL User Request GET HTTP/2
eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 kB (20263 bytes)
Hash
72af770b188e0d79aadab129f0078118
bb034db48f56c1a964798400f1f51a5fb47bf8c6
a48071b8a0c51259537c63ae4c4bd43a3a4d1b81627a8b232300e6ce5e2a1d86

HTTP Headers

GET /land/?token=5f17726a29711160fd18860afba4c068 HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2

eatcells.com/land/images/monster-02.png

94.130.177.84

200 OK

34 kB

URL GET HTTP/2
eatcells.com/land/images/monster-02.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 438 x 334, 8-bit colormap, non-interlaced
Size
34 kB (34216 bytes)
Hash
7a6ce3ad0c184398c5f330adb2b5c36e
5e3ab82d8a7cb1f4b38c2caebe2d696ffbcbf135
46d43223ccbda0c345bbddd3a4a4d67f1e0c1a6f3eff2f24d756da663b56e9e3

HTTP Headers

GET /land/images/monster-02.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 34216
last-modified: Mon, 18 Mar 2019 07:57:49 GMT
etag: "5c8f4f7d-85a8"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/images/monster-01.png

94.130.177.84

200 OK

16 kB

URL GET HTTP/2
eatcells.com/land/images/monster-01.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 236 x 243, 8-bit colormap, non-interlaced
Size
16 kB (15905 bytes)
Hash
45205dd02d5a4d032a43a731109dae30
a380604b350682a56849d213bbe1c6ddb7fc74bd
cf1815bd1ad125d1ffeb4a415af49dddca07913e919abb102ba26ef682c4d922

HTTP Headers

GET /land/images/monster-01.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 15905
last-modified: Mon, 18 Mar 2019 07:57:50 GMT
etag: "5c8f4f7e-3e21"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/images/monster-03.png

94.130.177.84

200 OK

51 kB

URL GET HTTP/2
eatcells.com/land/images/monster-03.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 489 x 445, 8-bit colormap, non-interlaced
Size
51 kB (50568 bytes)
Hash
6f0406baa25b609af344ef52e922accd
c3514dc3fc1c9e4a7e27fb7af638fffc17f91428
95e062edfc9194d9ad1abbb7d752842a84278f52f780b8f9d8486a9e0503ea84

HTTP Headers

GET /land/images/monster-03.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 50568
last-modified: Mon, 18 Mar 2019 07:57:47 GMT
etag: "5c8f4f7b-c588"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/images/background@2x.png

94.130.177.84

200 OK

1.0 kB

URL GET HTTP/2
eatcells.com/land/images/background@2x.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1033 bytes)
Hash
16356bcb89c4056b582760b7d8948b3f
5b70d2ebcf6ea9773f86c0cdbf488c1d995a0441
dd4ceb64bf9395a2e5400a0790430b29b4328b54fcd249439e0f54395af31835

HTTP Headers

GET /land/images/background@2x.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/css/styles.min.css?2444
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 1033
last-modified: Mon, 18 Mar 2019 07:57:48 GMT
etag: "5c8f4f7c-409"
accept-ranges: bytes
X-Firefox-Spdy: h2

eatcells.com/land/favicon.ico

94.130.177.84

200 OK

32 kB

URL GET HTTP/2
eatcells.com/land/favicon.ico
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
32 kB (32347 bytes)
Hash
86a61de6ab87b83d46a4873affaa717a
8863fa661cf2a1561a7ea19261f0980010d20eac
04e2c050285112bcd703f8765b5104c8dcf2c5b7b463f47802ccbd1933b57adf

HTTP Headers

GET /land/favicon.ico HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/x-icon
content-length: 32347
last-modified: Mon, 18 Mar 2019 07:57:47 GMT
etag: "5c8f4f7b-7e5b"
accept-ranges: bytes
X-Firefox-Spdy: h2

i0.wp.com/cdn.camwhores.tv/contents/videos_screenshots/12720000/12720236/preview.jpg?resize=195%2C195&ssl=1

192.0.77.2

7.8 kB

URL
i0.wp.com/cdn.camwhores.tv/contents/videos_screenshots/12720000/12720236/preview.jpg?resize=195%2C195&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
data
Size
7.8 kB (7754 bytes)
Hash
69a86c5ff819aad3a1cd27b23d2bcea6
a83c1f5632a364e3c1e0b3dea0831931aa178b74
ccfa1b814e2f7c9bf31063ff2cda4920f0a6f80c6eab7cf4cddb46ee5285ae21

HTTP Headers

GET /cdn.camwhores.tv/contents/videos_screenshots/12720000/12720236/preview.jpg?resize=195%2C195&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://the-gandhara.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
server: nginx
date: Fri, 26 Apr 2024 23:58:18 GMT
content-type: text/html; charset=utf-8
x-nc: MISS arn 3
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

magnificent-listen.com/bT3.VU0VPW3_JYyZaaWbQ-9dNeWfYgx_NizjckylN-mnEoypOqT_csxtMuTvE-2xMyGzZAk_MCTDgE4FN-jHBIhJZKm_JMhNNOGPM-wRNSjTgUm_cWnXNYyZY-zb1cvddeX_Qgmhci2jl-klPmTnQo2_MqzrEs3tO-DvMwmxdyH_ZAyBPCTDA-mFeGmH9Iu_ZKWLlMkNP-TPQQxRNSz_kUwVNWjXI-

88.85.68.219

6.0 kB

URL
magnificent-listen.com/bT3.VU0VPW3_JYyZaaWbQ-9dNeWfYgx_NizjckylN-mnEoypOqT_csxtMuTvE-2xMyGzZAk_MCTDgE4FN-jHBIhJZKm_JMhNNOGPM-wRNSjTgUm_cWnXNYyZY-zb1cvddeX_Qgmhci2jl-klPmTnQo2_MqzrEs3tO-DvMwmxdyH_ZAyBPCTDA-mFeGmH9Iu_ZKWLlMkNP-TPQQxRNSz_kUwVNWjXI-
IP
88.85.68.219:0
ASN
#35415 Webzilla B.V.

File type
HTML document, ASCII text
Size
6.0 kB (6044 bytes)
Hash
8fb41efa74c011dea6ed5998445657e1
e51eb02110aa96b1de3e912f8bbc667e14164e65
4462a209002001dda49470084ee8f2db44e2be2baab01eb20293484dee68efeb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bT3.VU0VPW3_JYyZaaWbQ-9dNeWfYgx_NizjckylN-mnEoypOqT_csxtMuTvE-2xMyGzZAk_MCTDgE4FN-jHBIhJZKm_JMhNNOGPM-wRNSjTgUm_cWnXNYyZY-zb1cvddeX_Qgmhci2jl-klPmTnQo2_MqzrEs3tO-DvMwmxdyH_ZAyBPCTDA-mFeGmH9Iu_ZKWLlMkNP-TPQQxRNSz_kUwVNWjXI- HTTP/1.1
Host: magnificent-listen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:58:19 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Fri, 26 Apr 2024 23:58:19 GMT
x-frame-options: DENY
referrer-policy: no-referrer
set-cookie: uniqCookie=4d03ce72fdb82158688072dca0946e23; max-age=1716767899; path=/
kadCCap=172036:1:1709828111;299449:1:1705926986;202595:1:1709992005;306059:1:1710654081;306061:1:1710731070;275289:1:1713507831;299350:1:1706555990;304628:1:1710655006;92483:1:1710872369;187148:1:1713464170;177035:1:1706501169;167396:1:1710688139;194136:1:1713036790;72756:1:1713074935;302235:2:1713686924;300232:1:1712519628;304964:1:1710654478;297598:1:1709010601;172538:1:1710694090;302693:1:1710565607;302229:1:1708471967; max-age=1745711899; path=/
kadACap=562522:1:1713118668;573687:1:1713593561;570849:1:1711832651;424443:1:1709761550;346327:1:1714087309;552534:1:1708914590;520642:1:1706196894;568563:1:1710656089;507635:1:1708697267;384014:2:1707787885;554020:1:1708898241;390509:1:1712296979;560695:1:1708788656;401659:1:1713565739;419291:1:1709495068;549268:1:1708902007;423696:1:1706446332;311465:1:1706407641;564809:1:1708121502;556978:1:1706563203;437741:2:1708788989;446878:1:1708355888;569002:1:1710652356;507067:1:1712370307;543470:1:1707943142;410254:1:1705906571;512686:1:1708976361;555457:1:1712029120;541894:1:1708818399;389299:1:1707044221;384007:1:1708465107;450323:1:1710655621;571344:1:1712690771;568897:1:1710655416;546469:1:1712521499;419293:1:1709163865;527756:1:1706321074;568153:1:1710656213;543468:1:1707996438;538572:1:1709244744;569003:1:1710683861;446716:1:1708572237;556979:1:1706484191;549263:1:1708567453;568171:1:1710656151;560123:1:1706598707;563768:1:1708494601;571367:1:1712479497;567383:1:1710655103;521688:1:1706405390;534545:1:1708573127;555251:1:1710732541;535727:1:1709155560;527586:1:1706524805;554022:1:1708580619;568887:1:1710655509;560125:1:1710731318;549476:1:1706118432;476401:1:1711816317;485314:1:1713565748;554019:1:1705360254;538554:1:1709054072;568907:1:1710655326; max-age=1745711899; path=/
kadRPixJ=bnVsbA==; max-age=1745711899; path=/
kadUnP3=CA0Qva+tsQYaCwi1CBADGNDDrrEGGg0IqfrsARABGJKPsLEGGg0I9oj/ARAHGN2wrbEGGg0IyLn+ARABGK/HsLEGIgoIAxANGL2vrbEGKgwIkNEeEAEYko+wsQYqDAj0liUQARivx7CxBioMCLiOJRAHGN2wrbEGKgsI6QIQAxjQw66xBg==; max-age=1745711899; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

eatcells.com/land/images/logo.png

94.130.177.84

200 OK

19 kB

URL GET HTTP/2
eatcells.com/land/images/logo.png
IP
94.130.177.84:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Certificate
IssuerLet's Encrypt
Subjecteatcells.com
FingerprintD4:8A:30:30:2F:AB:06:2D:90:C7:A1:EF:09:7D:E4:5C:24:46:1C:DF
ValidityThu, 28 Mar 2024 09:48:38 GMT - Wed, 26 Jun 2024 09:48:37 GMT

File type
PNG image data, 359 x 135, 8-bit/color RGBA, non-interlaced
Size
19 kB (18661 bytes)
Hash
afd19fc7285d88ba97604b97a2a7cb8b
9252c308b5c30cd289cddbbc81bd3e3a30405c54
0f9ac57272de3b968c2d8325248adaef7130acd9f0841d999ccda5242390b3c3

HTTP Headers

GET /land/images/logo.png HTTP/1.1
Host: eatcells.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eatcells.com/land/?token=5f17726a29711160fd18860afba4c068
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 23:43:15 GMT
content-type: image/png
content-length: 18661
last-modified: Mon, 18 Mar 2019 07:57:49 GMT
etag: "5c8f4f7d-48e5"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type