Report - palacifolwarklochow.place.sh

Report Overview

Submitted URL
palacifolwarklochow.place.sh
IP
172.67.75.163
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 16:10:05
Access
public
Website Title
Your Digital GuestBook
Final URL
palacifolwarklochow.place.sh/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
o321561.ingest.sentry.io	unknown	2012-04-07	2024-01-29	2024-03-28	661 B	518 B	34.120.195.249
palacifolwarklochow.place.sh	unknown	unknown	No data	No data	15 kB	1.7 MB	104.26.8.59
smart-core-api.smarthotelapi.com	unknown	2021-09-17	2022-05-23	2024-03-05	7.3 kB	115 kB	35.244.144.63
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	901 B	318 kB	142.250.74.40
pub.shfiles.co	unknown	2021-09-10	2021-09-16	2024-03-05	6.2 kB	1.7 MB	104.26.9.99
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	484 B	5.6 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed
2024-04-18	medium	place.sh	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-P8XQ6HC	220 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-P8XQ6HC IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-18 18:10:14 Times Seen2 Hash db502c4e9595798cb1e27264862774ef 1624c54be331276b43000104a4ca1dc1a6ef0102 0737322499a3cf47c900a2bbe267ebb996deec2bd1ac71edb9ce3b87068850d3 Loading...

	palacifolwarklochow.place.sh/973.f3a8adfec8b74ebd.js	4.4 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/973.f3a8adfec8b74ebd.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-29 16:24:20 Times Seen3 Hash 4afc87b5bc92cc6e0e5bdda5e338313f 725e68914d2a6320d1d8d8712e84d4d092b046c5 197390ab488cff63bb9e4ec1e2f73b94d8dde887aadfe5f9d855984ff657b9cf Loading...

	palacifolwarklochow.place.sh/39.19e78d19980bb7ed.js	250 kB	2024-04-18	2024-04-18
Pretty URL palacifolwarklochow.place.sh/39.19e78d19980bb7ed.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-18 18:10:14 Times Seen2 Hash e2eb69ab1ef333469830c58b42667938 6a4a1df6d78d26af0ea55c60bfdaccbd6967b0bb 5fd1b95592529eac0c59c584e193ef1ad13c8261020b1efd1343f25158623ba2 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-01
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-01 20:08:39 Times Seen343306 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	16 B	2023-04-10	2024-05-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57:29 Last Seen2024-05-01 19:45:28 Times Seen34073 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	palacifolwarklochow.place.sh/sandbox%20eval%20code	147 B	2023-04-11	2024-05-01
Pretty URL palacifolwarklochow.place.sh/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-01 20:08:39 Times Seen343811 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	palacifolwarklochow.place.sh/333.d49c0ee1db3b8698.js	53 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/333.d49c0ee1db3b8698.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-29 16:24:21 Times Seen6 Hash f42b3882e903ef993575fe26183d1683 0b29f47812c5049b77649f889f84cbca963e3995 5b95090728d3dab57540f74af91e0c5ad5cd88e80d0545d31b7604b1b7c10686 Loading...

	palacifolwarklochow.place.sh/969.bf8d9d617f5d775a.js	1.6 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/969.bf8d9d617f5d775a.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-29 16:24:20 Times Seen2 Hash 23b0fc839bcc857f396c4156ba9af319 6e33d3bc46f95d47e0d6e229e5ede13147eaf4f2 3e517ac9e0ada26dd0fea6efc4a1981c0ecf6f3ff46428c03990844e6d59cf87 Loading...

	www.googletagmanager.com/gtag/js?id=G-3HE5NDF86G&l=dataLayer&cx=c	283 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=G-3HE5NDF86G&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-18 18:10:14 Times Seen2 Hash 47ecab44d5cd8255155f932808b56974 08bb8bc3d3c813313c490714b38ed455748e9c91 aeec1375ae2266b47d8f7e1376393ac93ad9ae2ff30a2314b8e51fa4cc95a5a7 Loading...

	palacifolwarklochow.place.sh/polyfills.d6ab8e6c5d4daaa0.js	35 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/polyfills.d6ab8e6c5d4daaa0.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-29 16:24:20 Times Seen6 Hash 69c7b86a9b4d99abe9fac0d7ac332467 183e08e46c94105dc620b8db72ace4d8b4e9a581 16d630c8ea4ed02740454b32f7263ddd5a1a65f3ca04cb73632edcd05abfee68 Loading...

	palacifolwarklochow.place.sh/main.28a03f10d02b0ca1.js	2.2 MB	2024-04-18	2024-04-18
Pretty URL palacifolwarklochow.place.sh/main.28a03f10d02b0ca1.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:13 Last Seen2024-04-18 18:10:14 Times Seen2 Hash 419f3ecef678a5e61ef76bec75fc63b8 96d9c4057ad2dd29b8991151140839c5f6013502 0d892a480e9c7cb1faa6246a02dd1225b829c1a673760285cafda775ddd650a7 Loading...

	palacifolwarklochow.place.sh/common.84e653089dc8346c.js	13 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/common.84e653089dc8346c.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:14 Last Seen2024-04-29 16:24:21 Times Seen6 Hash e3dd59e4f45680af527c2794d389678d d2fceabd1ffbef6635255208603957316b88f979 3e526d7820bd86e50d4745030fb3d445bc651eddc7510e52d9a87fb93862e03f Loading...

	palacifolwarklochow.place.sh/runtime.90f70725c8b343f8.js	3.3 kB	2024-04-18	2024-04-18
Pretty URL palacifolwarklochow.place.sh/runtime.90f70725c8b343f8.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:14 Last Seen2024-04-18 18:10:14 Times Seen1 Hash 4b93e9eaff5527dd4cb21a46f7a94e67 7ede336c535eaa143d52cde82255513412a55915 dd297b0a8d21e5720f78c2ba894c1bd9987c556b9111db1d77e6be3b3d99621f Loading...

	palacifolwarklochow.place.sh/999.b3a898170fa4a68e.js	8.4 kB	2024-04-18	2024-04-29
Pretty URL palacifolwarklochow.place.sh/999.b3a898170fa4a68e.js IP 104.26.8.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 18:10:14 Last Seen2024-04-29 16:24:20 Times Seen4 Hash e993ac6738c938e2a8373c22a148fbfa b17d669dbbc1429a43ea3f7e77bc89d156462f82 e1682ddcd655f219c0dbe930e67965196da68c70b2b770d81fd0576691f820dd Loading...

HTTP Transactions (56)

URL IP Response Size

o321561.ingest.sentry.io/api/4504957274161152/envelope/?sentry_key=4508fe64deec4aa69d7f8d133d4732b3&sentry_version=7&sentry_client=sentry.javascript.angular-ivy%2F7.107.0

34.120.195.249

200 OK

2 B

URL POST HTTP/2
o321561.ingest.sentry.io/api/4504957274161152/envelope/?sentry_key=4508fe64deec4aa69d7f8d133d4732b3&sentry_version=7&sentry_client=sentry.javascript.angular-ivy%2F7.107.0
IP
34.120.195.249:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
Fingerprint60:82:0B:58:64:CD:37:FD:3F:C0:84:4F:0B:69:CF:58:05:15:97:9A
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/4504957274161152/envelope/?sentry_key=4508fe64deec4aa69d7f8d133d4732b3&sentry_version=7&sentry_client=sentry.javascript.angular-ivy%2F7.107.0 HTTP/1.1
Host: o321561.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://palacifolwarklochow.place.sh/
Content-Type: text/plain;charset=UTF-8
Content-Length: 465
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/Manrope-Regular.bec1aa639f5c3551.woff2

104.26.8.59

200 OK

40 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/Manrope-Regular.bec1aa639f5c3551.woff2
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39288, version 4.131
Size
40 kB (39760 bytes)
Hash
cbe1fe9093ffa89a1865bdf8e77d74c8
597feee236c441803055de0192ab306b21571157
162bee87ccee4673d4f90174c7d30a4dcc67c4f4a7d4bf9a5607663e8db06b8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Manrope-Regular.bec1aa639f5c3551.woff2 HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: application/x-font-woff
etag: "QGSRag"
x-cloud-trace-context: 1f2cb3b483e0ae2be45da637070a57cf;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POQ5xbkK916LOKI8VvtcVdmYrDzJnXh%2BDD1NblphJQGBUQI%2BBZcXDFRMebCxCPdr41ckzuEUnNMNmJwVQ9e%2B95nZR5GnZsOF%2FOf4sCvnlXyRPt8TcPSc5G6SCInX%2BphSywXHVN%2Ffp5XcMY%2B6sHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb98ae427129-OSL
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh

35.244.144.63

204 No Content

0 B

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /visitors-area/public?domain=palacifolwarklochow.place.sh HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: baggage,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: 535334669775b180f71282dac2f94503
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzgwMzJlM2QxYzAyYWQ3YWJmOWE0ZDcwNzVmMDhkY2I0MDMxM2VhZjYyYTJjOTVlZjIyNjI1YTIxOTg5MTNlMTE2YjQyMjcxZDljZWJhM2M0ZjMxNjcxYzBkYWY3OWRjYWQzYTk1YjNkYTc0N2U4Mzk1M2UyNDg2ZDRjEM_34Y_vMQ; expires=Sat, 18-May-2024 16:09:37 GMT; path=/
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/main.28a03f10d02b0ca1.js

104.26.8.59

200 OK

557 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/main.28a03f10d02b0ca1.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
557 kB (556613 bytes)
Hash
419f3ecef678a5e61ef76bec75fc63b8
96d9c4057ad2dd29b8991151140839c5f6013502
0d892a480e9c7cb1faa6246a02dd1225b829c1a673760285cafda775ddd650a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.28a03f10d02b0ca1.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:36 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: b064490bcc7a4289d6c912d9ae4472cc
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DA9IqGv9Xnd7%2F0peXpu5swRyNtupiXniJ4knkpjyfF90m%2FcS0ImilD2G8SIClryR7Ho%2BEnm94ilpXT74876XhwPsRC%2FdHPEg7A1FfEwRhR6%2BhKJfv5mi%2FexGVUpsByuB%2FknRCmSkw%2FL158t6jUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb95288a7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/translate/app/ga/en

35.244.144.63

204 No Content

0 B

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/translate/app/ga/en
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /translate/app/ga/en HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: baggage,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: c9b501d26de4469e214ec32893dadc11
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzE3OWFjZTQ5ODA2NTZkMDE5ZWVhN2Y1OTcwZmMzYTA3ZGE2YzZkMmNmZjg1NmY5MDFkYjcyZDY3ZDAxZDA5YTk4MWNkZjFjYmU3Yjk0ZWY5ZWU5YjlhZTExYmQ5Y2Y1MGVmNGNlZDJjYjQ4ZDk5NTYyMTU2MGMxZGQyEND44Y_vMQ; expires=Sat, 18-May-2024 16:09:37 GMT; path=/
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh

35.244.144.63

204 No Content

0 B

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /visitors-area/public?domain=palacifolwarklochow.place.sh HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: baggage,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: 12f810c69d0a124e808adaf3982092b7
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzgwMzJlM2QxYzAyYWQ3YWJmOWE0ZDcwNzVmMDhkY2I0MDMxM2VhZjYyYTJjOTVlZjIyNjI1YTIxOTg5MTNlMTE2YjQyMjcxZDljZWJhM2M0ZjMxNjcxYzBkYWY3OWRjYWQzYTk1YjNkYTc0N2U4Mzk1M2UyNDg2ZDRjEMP64Y_vMQ; expires=Sat, 18-May-2024 16:09:37 GMT; path=/
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/translate/app/ga/en

35.244.144.63

204 No Content

84 kB

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/translate/app/ga/en
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type
gzip compressed data, from Unix
Size
84 kB (84306 bytes)
Hash
cec7f110de74d2200bb2c60c7068e403
886fc796e30aa5d31775e3676e4b2241f091b836
10102480e3b053bcf7ec390c5122cf4965a8529ceafc0e2f201d2bdfc9c33afd

HTTP Headers

GET /translate/app/ga/en HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
sentry-trace: 03dc1d51de7248cf95b1b859fe2b4935-b2ab74471a751860-0
baggage: sentry-environment=production,sentry-release=guest-area%40f41202314f419a930c9ca0e853fc987f34ce2648,sentry-public_key=4508fe64deec4aa69d7f8d133d4732b3,sentry-trace_id=03dc1d51de7248cf95b1b859fe2b4935,sentry-sample_rate=0.3,sentry-sampled=false
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin, accept-encoding
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 0
content-type: application/json; charset=utf-8
set-cookie: GAESA=CoIBMDBhMjI0MDRkYzBhYWIwODlhNjg4MGVjYWFkZWI2MGI3MjJjYjFjZDBjZTAzNzY4MTc4OGQ1OTJlMGIwMjE5Yjg5YzM4ZDBhOTBlNjU2ZWJhZWExY2M4YzgzNDhjNjk5NWY2NDE1MDMxZDY2YjcwZTg3YjE5ZGY0ZTgxN2UwNzlmMhCk-eGP7zE; expires=Sat, 18-May-2024 16:09:37 GMT; path=/
content-encoding: gzip
date: Thu, 18 Apr 2024 16:09:37 GMT
server: Google Frontend
cache-control: private
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh

35.244.144.63

204 No Content

0 B

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /visitors-area/public?domain=palacifolwarklochow.place.sh HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: baggage,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: 9b61c0df07c07670e6f1ddfcf2906329
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzMyMjg1MjE0NzQ0MjQ4M2UyNTVmNzc4YTUyMTZiYzRmZjMyY2Y2YzQ2MjZlOTE1MjhjMmE3ZjNjNjMwMGI0NGI2ODhkMjczY2NmNzlmZTNjYTViYmNmZDM1NzBiMDQ2ODY3ODlhMThiODU1MTI1YTdhN2JjYmE3OWY3EPX74Y_vMQ; expires=Sat, 18-May-2024 16:09:38 GMT; path=/
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smart-core-api.smarthotelapi.com/public/metrics/ga-view

35.244.144.63

201 Created

0 B

URL POST HTTP/3
smart-core-api.smarthotelapi.com/public/metrics/ga-view
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /public/metrics/ga-view HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: baggage,content-type,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,content-type,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: 021f9b5d38d0ed1fe68655fa932fa587
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzgwMzJlM2QxYzAyYWQ3YWJmOWE0ZDcwNzVmMDhkY2I0MDMxM2VhZjYyYTJjOTVlZjIyNjI1YTIxOTg5MTNlMTE2YjQyMjcxZDljZWJhM2M0ZjMxNjcxYzBkYWY3OWRjYWQzYTk1YjNkYTc0N2U4Mzk1M2UyNDg2ZDRjEIP84Y_vMQ; expires=Sat, 18-May-2024 16:09:38 GMT; path=/
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-3HE5NDF86G&l=dataLayer&cx=c

142.250.74.40

200 OK

97 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-3HE5NDF86G&l=dataLayer&cx=c
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
97 kB (96602 bytes)
Hash
47ecab44d5cd8255155f932808b56974
08bb8bc3d3c813313c490714b38ed455748e9c91
aeec1375ae2266b47d8f7e1376393ac93ad9ae2ff30a2314b8e51fa4cc95a5a7

HTTP Headers

GET /gtag/js?id=G-3HE5NDF86G&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 16:09:38 GMT
expires: Thu, 18 Apr 2024 16:09:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96602
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smart-core-api.smarthotelapi.com/public/metrics/ga-view

35.244.144.63

201 Created

0 B

URL POST HTTP/3
smart-core-api.smarthotelapi.com/public/metrics/ga-view
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /public/metrics/ga-view HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
Content-Type: application/json
sentry-trace: 03dc1d51de7248cf95b1b859fe2b4935-9a6f2461931830c4-0
baggage: sentry-environment=production,sentry-release=guest-area%40f41202314f419a930c9ca0e853fc987f34ce2648,sentry-public_key=4508fe64deec4aa69d7f8d133d4732b3,sentry-trace_id=03dc1d51de7248cf95b1b859fe2b4935,sentry-sample_rate=0.3,sentry-transaction=%2F,sentry-sampled=false
Content-Length: 81
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 201 Created
vary: Origin
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
x-ratelimit-limit: 60
x-ratelimit-remaining: 57
x-ratelimit-reset: 30
x-cloud-trace-context: ba9d2b85930ac8a82a9df6fc4ce76357
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzMyMjg1MjE0NzQ0MjQ4M2UyNTVmNzc4YTUyMTZiYzRmZjMyY2Y2YzQ2MjZlOTE1MjhjMmE3ZjNjNjMwMGI0NGI2ODhkMjczY2NmNzlmZTNjYTViYmNmZDM1NzBiMDQ2ODY3ODlhMThiODU1MTI1YTdhN2JjYmE3OWY3EMj84Y_vMQ; expires=Sat, 18-May-2024 16:09:38 GMT; path=/
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh

35.244.144.63

204 No Content

10 kB

URL OPTIONS HTTP/2
smart-core-api.smarthotelapi.com/visitors-area/public?domain=palacifolwarklochow.place.sh
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type
gzip compressed data, from Unix
Size
10 kB (10326 bytes)
Hash
578dffd5942221d451f0a6d3baa5efc4
1bb910ccb7e043f1fad2b5f167228319a4585fbd
e1c283ef42ff54705617be7f2cb361f7ecc02a93b60250a861d98f05d918d6e2

HTTP Headers

GET /visitors-area/public?domain=palacifolwarklochow.place.sh HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
sentry-trace: 03dc1d51de7248cf95b1b859fe2b4935-952021617ddd160a-0
baggage: sentry-environment=production,sentry-release=guest-area%40f41202314f419a930c9ca0e853fc987f34ce2648,sentry-public_key=4508fe64deec4aa69d7f8d133d4732b3,sentry-trace_id=03dc1d51de7248cf95b1b859fe2b4935,sentry-sample_rate=0.3,sentry-sampled=false
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
vary: Origin, accept-encoding
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 0
content-type: application/json; charset=utf-8
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzgwMzJlM2QxYzAyYWQ3YWJmOWE0ZDcwNzVmMDhkY2I0MDMxM2VhZjYyYTJjOTVlZjIyNjI1YTIxOTg5MTNlMTE2YjQyMjcxZDljZWJhM2M0ZjMxNjcxYzBkYWY3OWRjYWQzYTk1YjNkYTc0N2U4Mzk1M2UyNDg2ZDRjEKL74Y_vMQ; expires=Sat, 18-May-2024 16:09:37 GMT; path=/
content-encoding: gzip
date: Thu, 18 Apr 2024 16:09:37 GMT
server: Google Frontend
cache-control: private
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pub.shfiles.co/656edaf176207c36c7316cd3/1707297745874_g8k7x5udf5m.png

104.26.9.99

200 OK

140 kB

URL GET HTTP/2
pub.shfiles.co/656edaf176207c36c7316cd3/1707297745874_g8k7x5udf5m.png
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
RIFF (little-endian) data, Web/P image
Size
140 kB (140152 bytes)
Hash
ab1f50b50d5abdb20b6430c4777d01b2
f93a64190e78576466bd658e01e9d54c45edd85c
4a543ef8f6320cf89a4ae59d2ce27729c947e0d78d65dddfc54a0ee4043a1e4a

HTTP Headers

GET /656edaf176207c36c7316cd3/1707297745874_g8k7x5udf5m.png HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/webp
content-length: 140152
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=254036
content-disposition: inline; filename="1707297745874_g8k7x5udf5m.webp"
vary: Accept
access-control-allow-origin: *
access-control-expose-headers: Origin, Accept, X-Requested-With, Authorization, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token
alt-svc: h3=":443"; ma=86400
etag: "04cc99d44208e93d53a05476e210503e"
last-modified: Wed, 07 Feb 2024 09:22:26 GMT
x-goog-generation: 1707297746753359
x-goog-hash: crc32c=A/wq4A==, md5=BMyZ1EII6T1ToFR24hBQPg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 254036
x-guploader-uploadid: ABPtcPoG5Xta83b3tZ6TIeFCIWmFPqdidRIsBnYrdnrM3s6Y47kb1bmd_ySE36AMaUC9g95xs90
cf-cache-status: HIT
age: 133
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OoGBQ%2FnIK756WKSI2R0T93LOXo9ncbu6k%2BvkMzHdwo3pyLpXho9qFcufNaCHzp0E4h33dTIp84CjZZrZE%2FQiP%2FVQGdB0RMnw%2FgfJKGsHGNz8vmw55Gg7KfKpj9KThjj6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8765eb9e2f3a569d-OSL
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/973.f3a8adfec8b74ebd.js

104.26.8.59

200 OK

12 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/973.f3a8adfec8b74ebd.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (4404), with no line terminators
Size
12 kB (11709 bytes)
Hash
4afc87b5bc92cc6e0e5bdda5e338313f
725e68914d2a6320d1d8d8712e84d4d092b046c5
197390ab488cff63bb9e4ec1e2f73b94d8dde887aadfe5f9d855984ff657b9cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /973.f3a8adfec8b74ebd.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 5c652df00abf5012b417b8ec0cadd8bf
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atQKHmVdYd5%2F%2FLxGUB%2FS8q0D83ePt41bjgG1yQI5iJioQiq5AiewzH7fzFteLlHu8sNEb8kn4I7IOUYRgJqj4un4nrlh02eoUUTOqr84TL%2BpIl2IeHKy7uDgLs5zlfvQ1VhUEZ4XOJ2LWqGoSqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b9b4b7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/656edaf176207c36c7316cd3/1707297391212_dhtq7ewvvei.jpg

104.26.9.99

200 OK

1.4 MB

URL GET HTTP/2
pub.shfiles.co/656edaf176207c36c7316cd3/1707297391212_dhtq7ewvvei.jpg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 MB (1371406 bytes)
Hash
57bbd8c8a4a66119612296c46fbe67e2
7708dd00028a37851955538c8572528e01443c12
58d2850405bacf09def6dacf176c309b0fd1fb6574ad894d1dac29ca1c0e695f

HTTP Headers

GET /656edaf176207c36c7316cd3/1707297391212_dhtq7ewvvei.jpg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/webp
content-length: 1371406
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=2160320
content-disposition: inline; filename="1707297391212_dhtq7ewvvei.webp"
vary: Accept
access-control-allow-origin: *
access-control-expose-headers: Origin, Accept, X-Requested-With, Authorization, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token
alt-svc: h3=":443"; ma=86400
etag: "01a796f0d85c738763df9363389077ba"
last-modified: Wed, 07 Feb 2024 09:16:32 GMT
x-goog-generation: 1707297392838612
x-goog-hash: crc32c=OeZcsA==, md5=AaeW8Nhcc4dj35NjOJB3ug==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2160320
x-guploader-uploadid: ABPtcPrznIs-VeMd-iPgRFyXi7ZhSSu1aRh44Z04gWWKN-fPr5-yVZizF0ryKRVah7ZkulnYPcg
cf-cache-status: HIT
age: 133
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4oNF4aj31qnmBeNX1hT4HwWSVm4wbfXYL86dBBFc4wytLDF6x0BKVRJFnpfid3zOlHvBtCO24nNjQvCdDLm3eIUbgdOWB95IYiN3OBAF17YUROBQVwWXuRIv6rd7sKr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8765eb9e2f45569d-OSL
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/favicon.ico

104.26.8.59

200 OK

21 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/favicon.ico
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
21 kB (20692 bytes)
Hash
eb08875bd61abe925b23fe1547299f2b
064ddeb72c66b0c52978ea4fe66cf8a597de44e9
503185956a8cc5f4cc8ec2f15086bf146d594c94e70905a4a1f108d428b8336d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: image/x-icon
etag: W/"QGSRag"
x-cloud-trace-context: bd4d44ac3845147626e5584d9a6e34d2
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mo%2BQOSp2sALdRY7g8cTEWN8QwIQxQA48SrbUITY6igcuATomrQAQ7eDtBFn3gCII56ChLOloXL%2F4B5ASoY3bSH7DDvGaeSY2kAGaWJwJ6DSwFz3EOUmrbhs5ykAOkc7e3cEE2IRIpE71H%2Bvo7%2Fg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ab9e37129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707332255171_6byby8udmyr.jpg

104.26.9.99

200 OK

36 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707332255171_6byby8udmyr.jpg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
36 kB (35515 bytes)
Hash
b785f641bde4b78095908aa6baeacc23
4eb73eb2697971c91b162f1a36e75753b503973c
0438d469083762b590c435a2cbc7ade2fd4a6e0f51235c1c540689abd1f7a1a2

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707332255171_6byby8udmyr.jpg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 35515
cf-ray: 8765eb9f887256c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfx3h5cR3mpuu-bf27W4fQXZ5GRE3XogPgbDJnB0w4DQ:fa29b41885e41ee03605e3a309130293"
last-modified: Wed, 07 Feb 2024 18:57:47 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=128+153 c=0+0 v=2024.2.2 l=35515
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OgyeYfb%2BDvxUjvJjCmlPHbcuUof87mEK9fq7CSsTYsdlsyfHfkIDzaOucTbkJQJ82KnrzhvP4S0QDtmCJEUMaAjD9oN%2Bb5MVxPZGNdoXL1UupUABct9RIgHqZnG8pCip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-animal.svg

104.26.8.59

200 OK

32 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-animal.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
32 kB (31904 bytes)
Hash
8fcc6916dde8d721d2ec2172292eed6f
405387fdb389fbd0ba2dd7140d064fd67cf8d1e2
1f66afc60fb6a3b3b1de5b633a2c8bcbe03358eafddf505abe233fba590eb86c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-color-animal.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 13fc4f4a2285a1aafde3de69bb9ffe92
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ezV8enHttLkyUTgenzUFXWupoCitOpYYmDK3scfzwIIZzfa4Qg%2F%2FoQU9uGURyQ8ew6XdaIbqy02PbBRUal7PQzj08bBfTU4b8MwE7mCUlxzhJ9a2rYu3VaqyVNhGGYRk%2BPQVt7tn%2BzftB1W6rdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ec93b7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-social-media-facebook-color.svg

104.26.8.59

200 OK

22 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-social-media-facebook-color.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
22 kB (21688 bytes)
Hash
bacebf8af34f0f737134c7c383f8f225
62fb3448e900344c71cb1eca6029023f8a86b74b
9ba426b3e8be0bfb4e0667c56a87af19d859a3634bf4ae1f5481ee5315008e6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-social-media-facebook-color.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: e7dbc9a8319a3eff16994477e8567229
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9MCv4yOTIp94%2BnrY3GzHy2uSi3bMNhFTH6Y6V7ThhYu96aaxcidCyncdBpci%2BnLIsJQ11p%2FTc9T2b7KnqDxnihEOGjqkf5wnREe87WFHzv4ijl7r6AfJQ32Tgvq%2FH9du9Fg7%2Bg1zfXiidscxjcY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9f5a427129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/Manrope-Bold.7b3dcb7aec1e0f96.woff2

104.26.8.59

200 OK

76 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/Manrope-Bold.7b3dcb7aec1e0f96.woff2
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39636, version 4.131
Size
76 kB (76213 bytes)
Hash
44e17126ebf506a9d1310170e3e455b1
6423416fbbd250b8f9df93d98f6210da70332ad6
97268530976bb8644b722ae7c1337bd553ea60428e3674e98e58859a5f67ef99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Manrope-Bold.7b3dcb7aec1e0f96.woff2 HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: application/x-font-woff
etag: "QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6CBs0lALUsiKRI63inaFYWVGaOVlfDnEiiwBS1cAq8kQXEmmUE7Ujr2S108hYJxVnDZReBX%2FY2xwPccx42AMexElkfjv036UhJQqVjp%2FVPmdxtJybpTOydkxFwRusI5Rwb%2Fz7vx7OgNje%2FxKSwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b2a787129-OSL
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/polyfills.d6ab8e6c5d4daaa0.js

104.26.8.59

200 OK

37 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/polyfills.d6ab8e6c5d4daaa0.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (34893), with no line terminators
Size
37 kB (37052 bytes)
Hash
69c7b86a9b4d99abe9fac0d7ac332467
183e08e46c94105dc620b8db72ace4d8b4e9a581
16d630c8ea4ed02740454b32f7263ddd5a1a65f3ca04cb73632edcd05abfee68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.d6ab8e6c5d4daaa0.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:36 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: b064490bcc7a4289d6c912d9ae4472cc
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2cqc19sWZOEXByHLV6f5dyGB%2BjUEbcikFvjkz6QimmvAXuESmt1eptxmRPluBF9hxmqDuzZzbdH0gqceSI5XCi95L%2F6C8KU2QY%2BmxY9j1qDYlOOZLGZ%2BzlEdJBKCbCwOqCXXVEtC6KQNXCaehuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9528897129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488450974_h8jt67fi57p.jpg

104.26.9.99

200 OK

21 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488450974_h8jt67fi57p.jpg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
21 kB (21210 bytes)
Hash
f0917986618f2759e69974f639c313d3
265b365acada21f85720a6b2c31634083890ac1f
2b6e1c1adc877a84ccbe3c60b97415d3570f6e9afe3f5bdf01005967901feeb0

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488450974_h8jt67fi57p.jpg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 21210
cf-ray: 8765eb9f989756c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfYQOudVcxgdXl_btanAkH8UuJRE3XogPgbDJnB0w4DQ:39be8494bd323f8f63522358e58d997c"
last-modified: Fri, 09 Feb 2024 14:20:52 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=136+109 c=20+493 v=2024.4.0 l=21210
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJMTEbKft7FTsInqas8sraEf6EuGXkXGybLCBMks6v0in8YwhpTsGq%2F7HcxjmY1%2FFYePnFD17KbwBd8a2tNVuf8aTmd6qK4%2FWI7xnOc0UslMr%2BRnJf7lYEYttjFeI5wK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488360348_15qcn5jp2s.JPG

104.26.9.99

200 OK

30 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488360348_15qcn5jp2s.JPG
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
30 kB (29666 bytes)
Hash
e4cca3667b5ac81eef525eed5aac7f94
cec19b35448584ea8ce94ecccbfc61d086ca23b6
4757d73cf990fa56e9b412ea54e806718456e03b62efd6a81d6a8f3d626050a7

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488360348_15qcn5jp2s.JPG HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 29666
cf-ray: 8765eb9fa89a56c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfkcVCuXrmyMZ-J6HODGF4HxdTRE3XogPgbDJnB0w4DQ:5b796378525c53c0a587e2085e38fecc"
last-modified: Fri, 09 Feb 2024 14:19:26 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=160+78 c=0+0 v=2024.3.2 l=29666
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NMGjrNEZtlXgBTbdr1ttgBDXB%2B6wcEw9rnxHIlNxdTADyDKgqDXrrgQiofa0X02U5C4JcaNhzaJ6p6kQhgnFBpqwcuk5zFt42X0o9skmrIm2X7Xc4LPadJ%2BvfRqvVIMm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/999.b3a898170fa4a68e.js

104.26.8.59

200 OK

12 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/999.b3a898170fa4a68e.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (8370), with no line terminators
Size
12 kB (11539 bytes)
Hash
e993ac6738c938e2a8373c22a148fbfa
b17d669dbbc1429a43ea3f7e77bc89d156462f82
e1682ddcd655f219c0dbe930e67965196da68c70b2b770d81fd0576691f820dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /999.b3a898170fa4a68e.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5kpP073SF5uNaiLUS1necW7Sv8hwZIidwd9MrYPvgNiwlRFLF9tOUVnchjX4NGWGZcUCPWUsG%2BMa3b3o4khod4H8bOvkd%2BaqFACg2E6YRArOhlQJf%2B8IPrx9sjFUwtmOAsMTZJIdKCxA8xtSDvg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b2a6c7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-parking.svg

104.26.8.59

200 OK

8.8 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-parking.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
8.8 kB (8843 bytes)
Hash
d656b94b801fbf9153104cf7fc7f6d7d
da2b2f85c20620b3d9212518f916477c2c6063f1
bd21c114755cedb1a77e468ac1162563e8edd570c49c49924f4792e6b931731d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-color-parking.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 872da9a7d3bb6b37a4518627b3d629d6
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qYUOXmtMnhIErpjgYhO1v0np0Fe3qOofJ5sEq0AoEoCLCZ%2FGiw2uS7YFphZX4y4%2FaEKJQG0kuMllEwhnEn9rMR%2Fyj1sDOzsddGRyXO%2BBT04hc4czI8KiE5jZ4rwJCQjOR1L82ZN%2Fr7SNElfZtdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9eb92a7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-info.svg

104.26.8.59

200 OK

9.0 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-info.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (9038 bytes)
Hash
3fa3e3dd38c7f15fe422b5ac4945b031
eca04d32a6bd0f4eef5a8fff1e033ccb5e66fcb3
dd9b2f7653a3dff90431fb48ff82d868094e1c9a55d994c70868cc7261999613

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-color-info.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 872da9a7d3bb6b37a4518627b3d629d6
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyQQkS1ZTmd%2F17wakkK%2FF02ezo5d7BAoN1Te3LSXWVvQ7gnTDzStEqA0TNgtydUssV40pJa%2BLDZkmXnWcs3cwLrPG8aPfT9vlMnvQvQvh3qezuhGH1uQ8OsN9IsDGFWjYeeU1pFQ11KrY6bRSSQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9e2ff57129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/widgets/icons-arrow-down.svg

104.26.8.59

200 OK

645 B

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-arrow-down.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
645 B (645 bytes)
Hash
b7dd91de39a2c799e1eafe9586a284f4
e56b299892727f82cf34608319b5e7bc66fdabb6
a7cad150f74cf82d0bface61a67c33d9fcaaab31060f5343d09c18454fe0f37d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-arrow-down.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 13fc4f4a2285a1aafde3de69bb9ffe92
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bxl25an2cbXXW8f2%2BXF6UpRDvXi%2FpjCnWEBrtOTBe15C%2BVXs3CSKgVHNsieEEinYxWPQ7qx0OKaxWXv6niQN%2B8rPlBQJu9cyTvZNpSD%2FidmiOb3wG0q4YXPu4J5%2FltXQ0ry34NdmB4IgnSMBUXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9f19dd7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1711636599790_5514prxo2c8.jpg

104.26.9.99

200 OK

24 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1711636599790_5514prxo2c8.jpg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
24 kB (24177 bytes)
Hash
0d734ab94bf344d8490301837b55c1b2
d1abadb55bb25a3bbd421cc02e8dc7882d10035b
1df67919c71b9a984936b321a1400bf48fad0d934de37fa934d00be00b78746d

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1711636599790_5514prxo2c8.jpg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 24177
cf-ray: 8765eb9f989256c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfxWP33EqxgUd_cF4_vQIA4tm-RE3XogPgbDJnB0w4DQ:01bb6dd84a9bda7ca684235b9127336c"
last-modified: Thu, 28 Mar 2024 14:36:43 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/m q=0 n=404+214 c=0+0 v=2024.3.2 l=24177
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnwiaJ4BuXMJMIzXBG9y7PmtYbVl7RWSgPuBninhe1HZFHGJmou%2FeOunhE75MJ5yfDPZmhnCJkheZt%2Fm9aRy5822e1p0PvjOSzIWwzKy6RlwxGH3B7yjIuESjk9Dtare"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/Manrope-Medium.74da7d79613ee577.woff2

104.26.8.59

200 OK

40 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/Manrope-Medium.74da7d79613ee577.woff2
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40064, version 4.131
Size
40 kB (40064 bytes)
Hash
ea437927769e21512f14d526087040aa
7077eac6df6588aeb1f2ac56c117f5374aa9e914
87cdfbe3171f48b831c55192f26c61c039ddb11ca053f1d46ba084cb6e6df6e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Manrope-Medium.74da7d79613ee577.woff2 HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: application/x-font-woff
etag: "QGSRag"
x-cloud-trace-context: 4e8cc8cc4e09935a212e373fad84700b
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GK%2BqwzwSSbUHX03H0Q5Op96YBgwuxwH1d6Hmq9PyiYItsyMv39RcSp5NCBBe%2FujdcotmTS1F5XXvLLYuS7vtcQ9AwwTgcrDvHrwRqZwO8jzJKuzWvIRNDy3cLO%2FRdMET8JAehLb3jOaKvqeuW4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9fab057129-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-P8XQ6HC

142.250.74.40

200 OK

220 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-P8XQ6HC
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (2476)
Size
220 kB (220429 bytes)
Hash
db502c4e9595798cb1e27264862774ef
1624c54be331276b43000104a4ca1dc1a6ef0102
0737322499a3cf47c900a2bbe267ebb996deec2bd1ac71edb9ce3b87068850d3

HTTP Headers

GET /gtm.js?id=GTM-P8XQ6HC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 16:09:37 GMT
expires: Thu, 18 Apr 2024 16:09:37 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 15:45:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78163
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-social-media-instagram-color.svg

104.26.8.59

200 OK

1.4 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-social-media-instagram-color.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1386 bytes)
Hash
a2ec319e29a6b030483a4b0df56b906c
fac1a6da57f04ddff9f3d6f4abb2161ab4591e4c
2eeb7e7c7f7d7095b816f828a046a218b1aaab96034c862ab42f898a1c6db09f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-social-media-instagram-color.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: e7dbc9a8319a3eff16994477e8567229
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owlk8EBEPj9NdpOvgAXSwYoP2B93pEpFzmsqsTSrcdfm56p7FNKPFMYh6wjBGpvqv3rIp0SQ5LHmh4N4R8npVb7kZ31AbLwk9FPtJjVsZ8dMoPSyITQ58DY4g16vnS3pssxgh0Afo%2FozncljuRo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9f5a367129-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Dancing+Script:wght@400;500;600;700&display=swap

142.250.74.106

200 OK

5.0 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Dancing+Script:wght@400;500;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (5076), with no line terminators
Size
5.0 kB (4968 bytes)
Hash
833c2d87393f146fbe1a38aee2bf2251
444da037c6953b78f01af6d75d349149c5ccc0d3
7c556caaaa80384f4c62605d6acf4bfb9267fe94ed5e0ad1629cff1d97d335c0

HTTP Headers

GET /css2?family=Dancing+Script:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 16:09:37 GMT
date: Thu, 18 Apr 2024 16:09:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/969.bf8d9d617f5d775a.js

104.26.8.59

200 OK

1.6 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/969.bf8d9d617f5d775a.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1655), with no line terminators
Size
1.6 kB (1627 bytes)
Hash
5de60b6c8fbeda83bdaf7ce25af4a082
155fb5185addc50286b391371bb2ebb7b52b23e1
b487924f077136adba7074fc11991fb2ef904c307d612b4448925472f2c67906

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /969.bf8d9d617f5d775a.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 7f23e261c410ae5e41584afbc30a1b79
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDRifJyJvK5URg%2BV%2Fh0wNlp7FWX8bZsAdxWaCgmdGfdS4Tc6QKfWbNIePIOWoFtYF51uBV3WI5UkIqCtcMWBV%2BZUuXKM4nBZ8QyDZh%2FFaRbaznHbbqOiLccMlGZrL4m9OZGaD%2BdLPMW1BkcwR4o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b5ad07129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-arrow-down.svg

104.26.8.59

200 OK

539 B

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-arrow-down.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
539 B (539 bytes)
Hash
d20625613c63fd82901bbc18e8414a2e
4fb1ec73e6f41aab29ea95239ce52d841d4ec198
fcdfaf3f8dbcfb0a6cb13906c964fb888c9c65a91f9cfe9b13652e5f23b91f45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-arrow-down.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: e7dbc9a8319a3eff16994477e8567229
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqzQDnBfHfPNpnzwH7nL5ZYubSzcgPjc%2BQfcEnbmzCQ%2BplPJsn45BxuNAQOpf9UxkE6h8G0nYUQv4Dn6Ii%2BHRg1bGafEtfgPx8UPpCTGw%2FQ%2BxymPAU5vgyGNmFC%2BPGMQOpEdhr55bm60Fpv2J8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9f3a027129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/gb.90bfbf6e60d2b604.svg

104.26.8.59

200 OK

535 B

URL GET HTTP/2
palacifolwarklochow.place.sh/gb.90bfbf6e60d2b604.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
535 B (535 bytes)
Hash
42917402d86d042ef17cbdd66f8e975d
21ed3c21a7d7314d52eed21136fd71fd8208b7bb
8128b994a967a7e38fd0a5a385c2e37d1901835fd0cea175a0ed23b73f60b088

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gb.90bfbf6e60d2b604.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
Cookie: _ga_3HE5NDF86G=GS1.1.1713456578.1.0.1713456578.0.0.0; _ga=GA1.1.527725109.1713456579
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: cab3a5196a71ffcc8ba6207ea0df9578
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2F3i%2BoMnCoYk9%2Bp9dvd9WEtzQEh8A2%2BFrBhE9iT2%2Bse56FbU%2Bg4BxWKyQykbedxTZnie7FK%2FF6y1M%2FYP0Wdpq5dRPwlVmoNsqQJhbqqvEZ7Rufm7B5v2diMvqgeEX%2BCfrQOiM7QBV%2FwHRvJYkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eba14d9e7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-arrow-right-small.svg

104.26.8.59

200 OK

533 B

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-arrow-right-small.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
533 B (533 bytes)
Hash
67c3da1e0994695711914adb2c4343da
fd3908f06610d91c4900746cf958e388a84aabe7
29c63edb2a9ebd999aab7d1d2553e27d0a56c7f90530c10c0de0d8cfe65019bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-arrow-right-small.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 13fc4f4a2285a1aafde3de69bb9ffe92
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ovVxenmHDd7c0niM%2Bnc8mK%2FNVuxSMMVMJqwERQQ8OpPVMiXiKTMTNULlIVMoDIhikXquxew5imBSwd2NnyU1n0CygbNRJ35%2FCZxnUi4tuTaRzcd49v9EFqPrrfj9OnTOHaonhyvPQwsmpbDdfE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ec94b7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/

104.26.8.59

200 OK

8.5 kB

URL User Request GET HTTP/2
palacifolwarklochow.place.sh/
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8695), with no line terminators
Size
8.5 kB (8475 bytes)
Hash
c91bd5d4181d72d4de295a1cebd952e6
9f47b5f48845a09910f2e90f2278987d96a9305f
1d92c1108975b44f251026ad85ab12d35ca8ad5b7109a86291abc2f6cafd12a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cloud-trace-context: 4c2e52a0643d32d3ccf80ec091159f6f;o=1
cache-control: private
via: 1.1 google, 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c2E8S9wBawmxPbfcbBTeyOOC3XVEaF%2F6M7KvRiGXW6OnnNbJo7ezC0rI112RWYMtng6y7xb8F01mLr0WNEE1toKBCIBWeXDvMa3AY%2Fq90X9tRw%2BII710%2Biyti6crve6nwq1Ok%2FIAaLlSgSsnu8g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8765eb929c367129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/39.19e78d19980bb7ed.js

104.26.8.59

200 OK

250 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/39.19e78d19980bb7ed.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
250 kB (250345 bytes)
Hash
e2eb69ab1ef333469830c58b42667938
6a4a1df6d78d26af0ea55c60bfdaccbd6967b0bb
5fd1b95592529eac0c59c584e193ef1ad13c8261020b1efd1343f25158623ba2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /39.19e78d19980bb7ed.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 5c652df00abf5012b417b8ec0cadd8bf
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZEgyNdUTXCT%2Fz%2BoMsb%2BdI4jdXaifjj9y1Z2dOF%2FSv2%2BtwnRVxi%2FIeEOr7mobMpkeT7%2Bq7ANSXWBgG4UPC1EdZFiKKG6nFs5%2Fp2MYYmUHcOAnmICqDwFvHtun6wu87la3Do33njLC49%2BwR1Hunc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b8b497129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-wi-fi.svg

104.26.8.59

200 OK

1.3 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-wi-fi.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1341 bytes)
Hash
5732d36c4ebfa221def6b318d9a8c217
b844c5af5330f2746392a3464f186920c22588aa
ae191a90501282a42ee35f7b64e9fd2f00ce71c2a047c2caef1652fe0a61a4de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-color-wi-fi.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 13fc4f4a2285a1aafde3de69bb9ffe92
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tR9XF1%2Fi5dvppMoLN9oIOWjMSISTxihG1I3KMdRdn6HkUMENMY5PvBabIm1wxC2K9YtVn%2BPsyUOlVI8BX1zw3yW7Jk5CNGlmPPqxv8WgGdEjcrC2WyEA6iZZSUZB6JKy5AQtaQVfuAZ8mNyTev4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ec9347129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/Manrope-SemiBold.0e5f0e6647ef51be.woff2

104.26.8.59

200 OK

40 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/Manrope-SemiBold.0e5f0e6647ef51be.woff2
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39784, version 4.131
Size
40 kB (39784 bytes)
Hash
2ea4dbc53badc8cf50e3a211353fd456
6440456eb9235f832189de9ceaf4f1f4e9c6835f
d5a85aa6cba953925aef41558a0a117c43249372e3b2ad33e14e2cc97406ba98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Manrope-SemiBold.0e5f0e6647ef51be.woff2 HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: application/x-font-woff
etag: "QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BHPbnq12BmM4%2FQE8skg462MeD2mslsMAbGPYLxnfWholtUbcCdXX8c7uz%2F4ToEJACmgGBFum2wCCjRgOSOUf1fn9dbHRWkJC13SJzC1IloVpZjMwHYIG0gg%2BjnRf3Fzmq%2F9pDu7xwXkym1CCZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b2a827129-OSL
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-facility.svg

104.26.8.59

200 OK

4.1 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/widgets/icons-color-facility.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
4.1 kB (4123 bytes)
Hash
942ed6a54bac1cc9762ce9f4cdd18db6
3a2798033128c905ef82275afd0e3cd1c7a2d7a8
8d670bb832312df3753ecd6cdb0d5a6917a70f4929a0136d70cdd7721d53bde6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/widgets/icons-color-facility.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 13fc4f4a2285a1aafde3de69bb9ffe92
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3xtm7VHh6QPf%2FqSGOl4I9jNup3bpWzqL%2B70N2M7RlJdVQra0mwuNdKOqk1Hja5mTsf5X%2Foy1Fk0iYiJh1nNWWLVXPeHre6aDhj%2BS3yrFES6IfbKGYjrL9FcLeGp%2B5f%2Fbah2I3Itxg1N1yrn4QM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ec9377129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-arrow-left-small.svg

104.26.8.59

200 OK

305 B

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-arrow-left-small.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
305 B (305 bytes)
Hash
9784fc0a4b7df522c50e57b38abe9614
5831392e68e690e8553724b954cd5cd9ae53a990
2a0c0d0d96b4c52dd5f061d5496b4d2015f9af660ca3d2dfb7542b9bac2dcb9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-arrow-left-small.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 872da9a7d3bb6b37a4518627b3d629d6
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FmVR2ra5qOJc9Csj5miH1y4%2BzS9s47%2FRJskP0dhQS4pERhJsL8q0rkybdNOAWMh2EPfnU9bpqJfFlhmUwvKR7zim6nswaN6rIL%2Fee59ZVHvK23AVBuk7yay%2BeK5OhiWmfPhAcxKTgJ1E7qVlTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9ec93f7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764968901_71rmu0eh6jt.jpeg

104.26.9.99

200 OK

22 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764968901_71rmu0eh6jt.jpeg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
22 kB (21875 bytes)
Hash
aeeb488c3442045e554d78f2e236335a
5b98dc4bc81f09022582d2c4e4f0f484fce8c14e
8a428c728637020bc822f3eec369483ca85776c5df4e77c79b8b340a3deaf9c5

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764968901_71rmu0eh6jt.jpeg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 21875
cf-ray: 8765eb9f988856c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfDwdHJZfMkCRwxZBMReEjPYZmRE3XogPgbDJnB0w4DQ:df5597993ecbd0dd3d7a1f5ec37bbb10"
last-modified: Tue, 05 Dec 2023 08:29:29 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/m q=0 n=166+77 c=21+342 v=2024.3.2 l=21875
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jyMJpZSXDZxNHen8hsNmxfJNTW2HX%2BJM2yjq%2Bjce5ehbpqwAWnCGGbxlK3dcoyAX25prMADak8Nu1qQqTX6fhgl9MOPZbx9MoXxv4YRF%2BS7wqRI6U5ZGnFUqo0yehwQf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css

104.26.8.59

200 OK

388 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/styles.c27dfdf0e4e4c468.css
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
388 kB (387580 bytes)
Hash
c3374e9ff800105f996b7235295c8b64
937eda80527aff0953a6246cab37c0d61a560053
f7b48a42ce2f7b85eb784b5c416350201ea6ab7d2e927c15217f1a36b8a87f6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles.c27dfdf0e4e4c468.css HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/css
cache-control: public, max-age=14400
cf-bgj: minify
cf-polished: origSize=387783
etag: W/"QGSRag"
via: 1.1 google, 1.1 google
x-cloud-trace-context: 1f2cb3b483e0ae2be45da637070a57cf;o=1
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FM1aAGmVIbzr14yCfc7TS040GbSzK11mBUYMReIgfXqCqqZviU1JFvT5NGlLwN6jddhSMgLovWAwLBqnIDDDY6vs9%2B1Inmokx%2FnMOmKNsHcxN7DSrQ9yfgIOQxuFksqIZZDdkjrBvZYroRmbmEo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb96fb5d7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/apple-touch-icon-ipad-retina-152x152.png

104.26.8.59

200 OK

5.3 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/apple-touch-icon-ipad-retina-152x152.png
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced
Size
5.3 kB (5259 bytes)
Hash
6548f5cb6bd0b9b24df0332fa761af27
ed749434dfbb443cb7683b4f8072983bb390e72c
9f4a368ad8ed9549c8abb0aed13986e633a215e6e6773795fb576c2739ff8312

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/apple-touch-icon-ipad-retina-152x152.png HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: image/png
etag: "QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNudlvp6jIxaZsWX48XEv%2BoGw%2Bh4yHpMf2PMVtfjLrZTZ8BbZWfJFObUHDVhO6dHgn6Psl2%2FYtQAQJnC2VQ0wNuW1x0O81SNbJYVkXLMvMqpg2BTKID1gMSMtqZMoYBhH%2FWWIevPL7ipOljkTzo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9a18917129-OSL
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/countries/languages/all

35.244.144.63

204 No Content

0 B

URL OPTIONS HTTP/3
smart-core-api.smarthotelapi.com/countries/languages/all
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /countries/languages/all HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: baggage,owner-path,sentry-trace
Referer: https://palacifolwarklochow.place.sh/
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
access-control-allow-methods: GET,PATCH,POST,PUT,DELETE
access-control-allow-headers: baggage,owner-path,sentry-trace
access-control-max-age: 300
x-cloud-trace-context: 4c8e5dcee20ac56b02259cd6569d7224
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzgwMzJlM2QxYzAyYWQ3YWJmOWE0ZDcwNzVmMDhkY2I0MDMxM2VhZjYyYTJjOTVlZjIyNjI1YTIxOTg5MTNlMTE2YjQyMjcxZDljZWJhM2M0ZjMxNjcxYzBkYWY3OWRjYWQzYTk1YjNkYTc0N2U4Mzk1M2UyNDg2ZDRjENb94Y_vMQ; expires=Sat, 18-May-2024 16:09:38 GMT; path=/
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: text/html
server: Google Frontend
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764083915_i9wyrvacopn.png

104.26.9.99

200 OK

20 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764083915_i9wyrvacopn.png
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
20 kB (20049 bytes)
Hash
87c29cd4ca4f512f0831be53bf43fb62
51e4340761aef60d18ad06d5971e8976bcb9c002
a299c43c60cc30f4d10ad8637de534e1834321fcd802e325c1b4911a38bfb92f

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764083915_i9wyrvacopn.png HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 20049
cf-ray: 8765eb9f886c56c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cf6bdPDRCIuQQKgVj5yUziNLGiRE3XogPgbDJnB0w4DQ:ae6bf085b83666b272ab826fc1eefd34"
last-modified: Tue, 05 Dec 2023 08:14:44 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=169+175 c=0+0 v=2024.2.2 l=20049
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qh39croMNhXzQSKX5%2BEm3RJ81RoWAUTmxZYszxjwuBtJSINfUoc18x6xJfqaJrhU5BmSFakZaRpLqXNSbrJTKepiqlFrrUkcg0JME9ozQEejAGo6s12hd2rLIO%2BzRxHR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/runtime.90f70725c8b343f8.js

104.26.8.59

200 OK

3.3 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/runtime.90f70725c8b343f8.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (3396), with no line terminators
Size
3.3 kB (3305 bytes)
Hash
b0d9d42987d6a3d0565e005dd993c3c0
1746e3d5082378fa606b093bf8d8dbb0227f91c2
102c5b9b0b84976e0ba303b86e893c37728286eabeb8b6ba9db71bb75b5c46cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /runtime.90f70725c8b343f8.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:36 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: b064490bcc7a4289d6c912d9ae4472cc
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMwH7g1WIlZC6umqBRyhUCTqvVF0PFFs4fmMeUV5p1RePiz%2FJy8H%2BXti7X3nYZWTiM%2BuD7%2Fhi474na65mxRaua88DqfD9jRHIK6vm6i9CN45rZ%2Bcvrjp9WmDf1VAz8Wld85Qymuv69pygGReko4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9518867129-OSL
content-encoding: br
X-Firefox-Spdy: h2

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488046014_j2dwhq10u4i.jpg

104.26.9.99

200 OK

31 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488046014_j2dwhq10u4i.jpg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
31 kB (30806 bytes)
Hash
0e4db508662b95faf77d13910e4ef268
c2f445dfae8613aaa5b15eae5a075b18e5f3a7c2
79662b6ff4a6d93163c677243cd6ae975abb06d04c957aa5435ca59fb3f06df8

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1707488046014_j2dwhq10u4i.jpg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 30806
cf-ray: 8765eb9f987556c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfVUPz49zo0J4nupNqBCEtdJUXRE3XogPgbDJnB0w4DQ:1769379a0a22fac10e871e5ba69c1dec"
last-modified: Fri, 09 Feb 2024 14:14:07 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=116+162 c=0+0 v=2024.2.2 l=30806
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GFLFwD%2FaUXFrfPq9SakJ2LL58jXaP3b1SKaJbPRf8eGIDg8m8WeFowTqx4CBWegDI4JEM%2BWl%2BXEJl81nwodWl8HpmCb3UHJeUl3qXL3kWTHK4V3Qh0szZ1qZFBH9e4lr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1706790285297_qs0vuond65.jpeg

104.26.9.99

200 OK

8.3 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1706790285297_qs0vuond65.jpeg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
8.3 kB (8288 bytes)
Hash
cefb69baadd560cb027a1e68f51ab189
937f6933e71dc2aaf48313c5c8da62b222a9ba84
95e55aef3d3da5787786d4f37c5395660e96ee94e9d3e5fdd7bd9568a31a4c13

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1706790285297_qs0vuond65.jpeg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 8288
cf-ray: 8765eb9fa8a056c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cf-JxW2tHomB-YJ-1xDzzSoJczRE3XogPgbDJnB0w4DQ:81fb517afd3e9912394f0ee5a63320e5"
last-modified: Thu, 01 Feb 2024 12:24:46 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/h q=0 n=19+71 c=10+298 v=2024.3.2 l=8288
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAp%2BNuVibGp7TMaHrdaZRocSWs6sGP2VbLECawdH2G8ZgEokgpJKsNHxgQI%2Fg0qE2mQp6%2Fdl9OcziOp7jRL3dAprXEYNoKt1GYgi30TgEx7wVjn%2BplNgvy9ApaszD7MS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764829981_zoyzj0g6xrp.jpeg

104.26.9.99

200 OK

21 kB

URL GET HTTP/3
pub.shfiles.co/cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764829981_zoyzj0g6xrp.jpeg
IP
104.26.9.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectshfiles.co
Fingerprint02:9F:15:1A:05:8A:7A:DE:C6:2D:6C:B5:E1:4F:16:17:85:DD:77:5D
ValiditySat, 16 Mar 2024 21:49:15 GMT - Fri, 14 Jun 2024 21:49:14 GMT

File type
ISO Media, AVIF Image
Size
21 kB (21248 bytes)
Hash
4c5306238dec5cbe5951ce03aee680f5
31cd43d91ce192d6dd7bbc0c7680f30beef657c0
331819ff2616f1b7add789443ef169675dbcc8e7a026e242b2e2b9373b964c0a

HTTP Headers

GET /cdn-cgi/image/width=459,quality=70,contrast=1.1,brightness=1.05,sharpen=1,gamma=1.05,format=auto/656edaf176207c36c7316cd3/1701764829981_zoyzj0g6xrp.jpeg HTTP/1.1
Host: pub.shfiles.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/avif
content-length: 21248
cf-ray: 8765eb9f988056c1-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=14400
etag: "cfpRJloo5A0v57EWtIFBuESBUwRE3XogPgbDJnB0w4DQ:a73fc33a4a7b001925f7d41f749f7420"
last-modified: Tue, 05 Dec 2023 08:27:11 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:70,h2pri
cf-resized: internal=ok/r q=0 n=93+104 c=0+0 v=2024.3.2 l=21248
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WDqCEtlqYvOV6AmG6x29wIKrQLLn0gWhKPrmEv2Bi3VF%2Bps4%2FmChlJts03qRtWfuelgKnBzVt3u0a9OYJdCUAHNBTcHIRuXLlLccYKHaPdoK%2B9e3d6kHxt2e2k%2BRO9J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

palacifolwarklochow.place.sh/common.84e653089dc8346c.js

104.26.8.59

200 OK

13 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/common.84e653089dc8346c.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (12952), with no line terminators
Size
13 kB (12952 bytes)
Hash
e3dd59e4f45680af527c2794d389678d
d2fceabd1ffbef6635255208603957316b88f979
3e526d7820bd86e50d4745030fb3d445bc651eddc7510e52d9a87fb93862e03f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.84e653089dc8346c.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wd5A7WNRrAtk0DUKF0o7rv87NLdY1JgvwETR2HJoHRPrHM2LwoXevuWJ0qfAB4PSuquxZwyYsmMVVeMe%2FZGxL%2FfEmybEmFpM0B3DYf4iHE%2BnqZNK5qMdutFh1AsqY7FCBl%2FK63syxw1MYMMDCUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b4ac67129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/333.d49c0ee1db3b8698.js

104.26.8.59

200 OK

53 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/333.d49c0ee1db3b8698.js
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
JavaScript source, ASCII text, with very long lines (53325), with no line terminators
Size
53 kB (53325 bytes)
Hash
f42b3882e903ef993575fe26183d1683
0b29f47812c5049b77649f889f84cbca963e3995
5b95090728d3dab57540f74af91e0c5ad5cd88e80d0545d31b7604b1b7c10686

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /333.d49c0ee1db3b8698.js HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: text/javascript
etag: W/"QGSRag"
x-cloud-trace-context: 7f23e261c410ae5e41584afbc30a1b79
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eK5RPR78%2FPWh0wUzukXW7G7wQflzjzMekSCBfeD1BnhOjVsdgWyQMVuigbQYBowSWEt3QNLXggos4rVbBEiAVIln73StFBlXY1jzV7nJcalWdd4At7upDFfqwfAkKXuo%2Bs9dp5WGHXKyd%2Fxhypo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b4ac47129-OSL
content-encoding: br
X-Firefox-Spdy: h2

palacifolwarklochow.place.sh/assets/icons/icons-cookies.svg

104.26.8.59

200 OK

796 B

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-cookies.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
796 B (796 bytes)
Hash
85add01e3367fc909163a6a6e02012b5
02a37c2fa222c7f1db11332f40a1e3baccf370a7
ae39a2c5efcecdb9879616fc7312788701745654672d6b930a48437dc88e1827

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-cookies.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:37 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: 0d53b950cb4e315f09fe9b1d97b3fb7c;o=1
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRLO6lsBz7uQyQgRPGSY95g8TNrOMzdM9Mk0AMyX7xLdAHoOXm1XwoPe5gMeepVr559tznZJyZSQKOQuh3XvtZs5C0kx1F8B7JBzgLP1iZaZ54Ic2gu6sBWZzGHOdyi8l7yHcDmZXHYLyVsAhkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9b0a4b7129-OSL
content-encoding: br
X-Firefox-Spdy: h2

smart-core-api.smarthotelapi.com/countries/languages/all

35.244.144.63

200 OK

13 kB

URL GET HTTP/3
smart-core-api.smarthotelapi.com/countries/languages/all
IP
35.244.144.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerGoogle Trust Services LLC
Subjectsmart-core-api.smarthotelapi.com
FingerprintD6:E0:03:C6:0D:17:3A:18:B4:AB:B1:74:04:33:96:D5:7B:60:7A:22
ValiditySat, 13 Apr 2024 19:44:48 GMT - Fri, 12 Jul 2024 20:39:02 GMT

File type

Size
13 kB (12698 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /countries/languages/all HTTP/1.1
Host: smart-core-api.smarthotelapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
sentry-trace: 03dc1d51de7248cf95b1b859fe2b4935-8f3b28ca110b9467-0
baggage: sentry-environment=production,sentry-release=guest-area%40f41202314f419a930c9ca0e853fc987f34ce2648,sentry-public_key=4508fe64deec4aa69d7f8d133d4732b3,sentry-trace_id=03dc1d51de7248cf95b1b859fe2b4935,sentry-sample_rate=0.3,sentry-transaction=%2F,sentry-sampled=false
Origin: https://palacifolwarklochow.place.sh
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
vary: Origin, accept-encoding
access-control-allow-origin: https://palacifolwarklochow.place.sh
access-control-allow-credentials: true
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 0
content-type: application/json; charset=utf-8
set-cookie: GAESA=CoQBMDBhMjI0MDRkYzMyMjg1MjE0NzQ0MjQ4M2UyNTVmNzc4YTUyMTZiYzRmZjMyY2Y2YzQ2MjZlOTE1MjhjMmE3ZjNjNjMwMGI0NGI2ODhkMjczY2NmNzlmZTNjYTViYmNmZDM1NzBiMDQ2ODY3ODlhMThiODU1MTI1YTdhN2JjYmE3OWY3EOj-4Y_vMQ; expires=Sat, 18-May-2024 16:09:38 GMT; path=/
content-encoding: gzip
date: Thu, 18 Apr 2024 16:09:38 GMT
server: Google Frontend
cache-control: private
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

palacifolwarklochow.place.sh/assets/icons/icons-social-media-www-color.svg

104.26.8.59

200 OK

3.2 kB

URL GET HTTP/2
palacifolwarklochow.place.sh/assets/icons/icons-social-media-www-color.svg
IP
104.26.8.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://palacifolwarklochow.place.sh/
Certificate
IssuerLet's Encrypt
Subjectplace.sh
Fingerprint07:38:92:B8:E1:0A:B7:7B:B2:0E:50:D2:84:3E:2C:0E:E2:75:6F:E9
ValidityThu, 29 Feb 2024 23:05:20 GMT - Wed, 29 May 2024 23:05:19 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3239 bytes)
Hash
5f4a3830fae9e2c72cd98e436922d782
1d229310e0a3e27a0a0c1a3757dcc3cc73819b08
d5e99e0819c5782808ba3fdb0715faea9ecbd7564f605f89c32b3dc48388e301

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/icons/icons-social-media-www-color.svg HTTP/1.1
Host: palacifolwarklochow.place.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
owner-path: /
DNT: 1
Connection: keep-alive
Referer: https://palacifolwarklochow.place.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 16:09:38 GMT
content-type: image/svg+xml
etag: W/"QGSRag"
x-cloud-trace-context: cab3a5196a71ffcc8ba6207ea0df9578
via: 1.1 google, 1.1 google
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 132
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bi5a2juj8%2BDEjs465PcX7QCF%2BQazzKGcZSFotBIbmJ182O7CsvMbztmZf4zR9csCwiBj3XaO4GMN1aB9TRerhirsfvFlTc2g7tuFV5z1odkm1uDfacD54PK89Hq7xNEBfQcGX%2B5qIwvGp2XONE8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765eb9f5a457129-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL