| castorndpollux.com/R9283762154.zip | 184.168.116.67 | 302 Found | 236 B |
URL User Request GET HTTP/2castorndpollux.com/R9283762154.zip IP184.168.116.67:443 ASN#26496 AS-26496-GO-DADDY-COM-LLC
CertificateIssuerLet's Encrypt Subjectwww.castorndpollux.com Fingerprint24:C6:1C:CC:7D:8E:E1:DC:B4:C8:09:E0:3C:50:C0:5E:EF:C3:64:58 ValiditySun, 24 Mar 2024 01:45:55 GMT - Sat, 22 Jun 2024 01:45:54 GMT
File typeHTML document, ASCII text Hashec8efcb25f265480f434aed31206ae59 fe205b6a8df1e51b52f9eca3e874b38a72ae5edc 6fef88012b251ac1bdf94b519473b20238b84640e0634f9bbd70ca12f48b9746
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /R9283762154.zip HTTP/1.1
Host: castorndpollux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://castorndpollux.com/cgi-sys/suspendedpage.cgi
content-length: 236
content-type: text/html; charset=iso-8859-1
date: Wed, 24 Apr 2024 10:24:13 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| castorndpollux.com/cgi-sys/suspendedpage.cgi | 184.168.116.67 | 200 OK | 3.8 kB |
URL User Request GET HTTP/2castorndpollux.com/cgi-sys/suspendedpage.cgi IP184.168.116.67:443 ASN#26496 AS-26496-GO-DADDY-COM-LLC
CertificateIssuerLet's Encrypt Subjectwww.castorndpollux.com Fingerprint24:C6:1C:CC:7D:8E:E1:DC:B4:C8:09:E0:3C:50:C0:5E:EF:C3:64:58 ValiditySun, 24 Mar 2024 01:45:55 GMT - Sat, 22 Jun 2024 01:45:54 GMT
File typeHTML document, ASCII text, with very long lines (4070) Hash676b76ac7446b2bbe91e823222eef901 da7150efe60d7dc43dfd914f12c39e8dbf3b1f35 b931c5b38fed9bb27c5c4886e4b65a691d2a03081bb623db4e8e0c9c9c4b3f68
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: castorndpollux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-length: 3825
content-type: text/html
date: Wed, 24 Apr 2024 10:24:13 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2 | 104.21.27.152 | 200 OK | 39 kB |
URL GET HTTP/2use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2 IP104.21.27.152:443
Requested byhttps://castorndpollux.com/cgi-sys/suspendedpage.cgi CertificateIssuerCloudflare, Inc. Subjectuse.fontawesome.com FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 38784, version 1.0 Hashf9b85c9463af7103b9b24bbbf09a06ed d28d7222bcbeb8ea701a771e85f7efe006e62fb1 62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://castorndpollux.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 10:24:14 GMT
content-type: application/font-woff2
content-length: 38784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "f9b85c9463af7103b9b24bbbf09a06ed"
last-modified: Fri, 22 Sep 2023 01:44:10 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPcyXLx647L5ois579ydJkIFSFFzoDOqIM7vw6fFtBP0t%2BOyWswYEuvRlN8DfRo91HpRVjpImTKelGqC6OcRChX73fhReFJy6MGu1ykher%2BZdHjF1nwGv8cAK5z%2B0lVQybSWtO58"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879561e99b95568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| use.fontawesome.com/releases/v5.0.6/css/all.css | 104.21.27.152 | 200 OK | 7.9 kB |
URL GET HTTP/2use.fontawesome.com/releases/v5.0.6/css/all.css IP104.21.27.152:443
Requested byhttps://castorndpollux.com/cgi-sys/suspendedpage.cgi CertificateIssuerCloudflare, Inc. Subjectuse.fontawesome.com FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File typeASCII text, with very long lines (34556) Hash42eaa52604673b64d6b356c2fd7f87e3 6b59cb703b2d4a7a2691f13008062b46a6bc7fdb ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://castorndpollux.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 10:24:14 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
last-modified: Fri, 22 Sep 2023 01:44:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2434957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oDAjbIRd0I%2F0WGjiIuhfgjYbu4X7MBYasFwfaZ2GtfMsFcG%2FbHCSMf%2B0MqDMEbDZPWmRNcFA4CWAyOh9Q7UvTzxZUUWYiGZf9z97BA7qCPTSf%2F6RlQvNRe1FVhnTRh8Mi%2FqUrkkj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879561e92b13568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| castorndpollux.com/cgi-sys/suspendedpage.cgi | 184.168.116.67 | 200 OK | 3.8 kB |
URL User Request GET HTTP/2castorndpollux.com/cgi-sys/suspendedpage.cgi IP184.168.116.67:443 ASN#26496 AS-26496-GO-DADDY-COM-LLC
CertificateIssuerLet's Encrypt Subjectwww.castorndpollux.com Fingerprint24:C6:1C:CC:7D:8E:E1:DC:B4:C8:09:E0:3C:50:C0:5E:EF:C3:64:58 ValiditySun, 24 Mar 2024 01:45:55 GMT - Sat, 22 Jun 2024 01:45:54 GMT
File typeHTML document, ASCII text, with very long lines (4070) Hash676b76ac7446b2bbe91e823222eef901 da7150efe60d7dc43dfd914f12c39e8dbf3b1f35 b931c5b38fed9bb27c5c4886e4b65a691d2a03081bb623db4e8e0c9c9c4b3f68
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: castorndpollux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://castorndpollux.com/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-length: 3825
content-type: text/html
date: Wed, 24 Apr 2024 10:24:15 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| castorndpollux.com/favicon.ico | 184.168.116.67 | 302 Found | 7.6 kB |
URL GET HTTP/2castorndpollux.com/favicon.ico IP184.168.116.67:443 ASN#26496 AS-26496-GO-DADDY-COM-LLC
Requested byhttps://castorndpollux.com/cgi-sys/suspendedpage.cgi CertificateIssuerLet's Encrypt Subjectwww.castorndpollux.com Fingerprint24:C6:1C:CC:7D:8E:E1:DC:B4:C8:09:E0:3C:50:C0:5E:EF:C3:64:58 ValiditySun, 24 Mar 2024 01:45:55 GMT - Sat, 22 Jun 2024 01:45:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: castorndpollux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://castorndpollux.com/cgi-sys/suspendedpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://castorndpollux.com/cgi-sys/suspendedpage.cgi
content-length: 236
content-type: text/html; charset=iso-8859-1
date: Wed, 24 Apr 2024 10:24:14 GMT
server: Apache
X-Firefox-Spdy: h2
|
|