| fonts.googleapis.com/css2?family=Unbounded:wght@300;400;600;700&display=swap | 142.250.74.74 | 200 OK | 1.1 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Unbounded:wght@300;400;600;700&display=swap IP142.250.74.74:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash13ad2992d6106e80cd6313e1b6b5b09b 44ae061d9217ac727e1713425681f29498a18c21 8aa0fc3d44a888dfe12964ddfeb556cc78f062e22895ccb80c4faa4e8fa9338d
GET /css2?family=Unbounded:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 16:45:44 GMT
date: Sat, 04 May 2024 16:45:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| gts794.com/images/education-online-books.png | 172.67.136.150 | 200 OK | 310 kB |
URL GET HTTP/3gts794.com/images/education-online-books.png IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typePNG image data, 725 x 905, 8-bit/color RGBA, non-interlaced Size310 kB (310455 bytes) Hasheffbcadb714b24e2cabb8d64097c8dcc 239e471a633629d027c050e19b441a6ce9fa77b4 3752073371d57443834b6693c146073d90c52015eff88f241fe2e1df21b8b203
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/education-online-books.png HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:45 GMT
content-type: image/png
content-length: 310455
last-modified: Thu, 29 Dec 2022 05:38:02 GMT
etag: "4bcb7-5f0f0e36de280"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLL295ecNUrwGX7Ar5yWBxfk39RNVsG0gdiPanjJXpR8x6FU1DVL%2BgogGpFfR0dI2u0MA%2B%2B8fMhkAV4Gan6q8M06ZSdxe4BrtqB14Xion2HuKGf6l4V5er8ac0Ak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb85b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg | 172.67.136.150 | 200 OK | 24 kB |
URL GET HTTP/3gts794.com/images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 Hash2b00b22d0fc9400405e0a93d2c32581d 9ccb0bcdab3c25027740217df2a64ee2dc18ec93 1b5d07b73321be8f54ea2281e6f6520f4d730df706676895c99d7e988cb96ffc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/avatar/portrait-beautiful-young-woman-standing-grey-wall.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:45 GMT
content-type: image/jpeg
content-length: 24232
last-modified: Tue, 15 Mar 2022 05:33:50 GMT
etag: "5ea8-5da3b24454b80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULHWx1PrY8S8m3%2FLZX4pVtQS5Z8uufP3WtnyNITgpkGlQt%2B58YtJXpoCICIJKLHsNs524kvu4sLZSsDi%2BPTYmfdDf%2FQBMojplWxdE%2FKVZTSBQxr5RGsYIsrEHLU9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb8bb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/avatar/portrait-young-redhead-bearded-male.jpg | 172.67.136.150 | 200 OK | 26 kB |
URL GET HTTP/3gts794.com/images/avatar/portrait-young-redhead-bearded-male.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 Hash71e947fcdeaa5cf2a2a5dfb28e4921ec cfa6b029f4437f5687bcd64227597584c47b7ab7 c3df7f5fc1f27d7f400fb7ec2fce0b202d0101c56f8251a3de2c9d3b580d0122
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/avatar/portrait-young-redhead-bearded-male.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:45 GMT
content-type: image/jpeg
content-length: 25921
last-modified: Tue, 15 Mar 2022 08:21:34 GMT
etag: "6541-5da3d7c21bf80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSdJt6YVR6YAPfataHk%2BrsZMY8Bu4LouzukqVmDjL6OlueEhth4BzsgbruqEspY3BcvSe2qnBPwmyBrUozpv3XuQS1l4rNeC2Iw37CdHYTHefhXrCrhieHYL13kU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb90b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/avatar/pretty-blonde-woman.jpg | 172.67.136.150 | 200 OK | 30 kB |
URL GET HTTP/3gts794.com/images/avatar/pretty-blonde-woman.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 Hash83251e8a0f137b34118d0eba449b5471 c8971e020d6ecc4fda7559ef7dfa1c64e7f36d62 b5c8cd944dd5dad57ce0672dfca04123aabd9e35b03052467610d34536518411
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/avatar/pretty-blonde-woman.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: image/jpeg
content-length: 30052
last-modified: Mon, 14 Mar 2022 02:47:18 GMT
etag: "7564-5da24b2dc1980"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xm1W8DmrjS43HSU9qY2Bu75f1MWQTTEo0tOU3h5JHtW389LIoriW6Z%2FroCMhbJmoTv%2FpqMhMdjH%2BMg7Zuy%2F8xBNR0gSZhUI6uA1QB%2BHjTzj95CfmAS0nxFGrI473"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb93b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg | 172.67.136.150 | 200 OK | 26 kB |
URL GET HTTP/3gts794.com/images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=667, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 500x334, components 3 Hash2c1eba2ef33f5d5dff9e8dd2b04073ce cb767536742c4844448bb69aa3da8858c77dcf63 f253622fdd5a4f20f46b85f188de785b08302a62164f82721070535a4c9acf04
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/avatar/studio-portrait-emotional-happy-funny-smiling-boyfriend.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: image/jpeg
content-length: 26473
last-modified: Mon, 14 Mar 2022 02:47:36 GMT
etag: "6769-5da24b3eec200"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BYAOOKVK1%2F4%2B4DbkCZMz%2BeXmFY3qIVX70ZbgxPR6ks3gLO1lwrpG0fRSRf9RGvbhA0Ti%2Fxx1H9atZ%2F%2FQOCrDBf70%2B7lxOH%2BuYsVwzb8%2BXv4%2BDVUziThfNS9vmFV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb94b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/tablet-screen-contents.jpg | 172.67.136.150 | 200 OK | 220 kB |
URL GET HTTP/3gts794.com/images/tablet-screen-contents.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, progressive, precision 8, 1836x1280, components 3 Size220 kB (219556 bytes) Hash7cf6f9cbec501581b78c4c8e82f8b20d c9bbda23f7cd24eca42a77a6961745abdbdc6c73 d70adc38af1c7c886564b0c2de6eeccb8e3ada43b4e4c9ae365a9491ac8a54a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/tablet-screen-contents.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: image/jpeg
content-length: 219556
last-modified: Mon, 02 Jan 2023 01:08:26 GMT
etag: "359a4-5f13d96a13680"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBb7zAQ%2BDfjNIOxMPBkPJ7cOR99jRPsmWtrUn2d%2FiXDWEJE3jS5n9Mez9mTmXZEQpLYsMdTYuxE0XhZGRMC5wJxdplOrD%2B0fKkdlgHmOBTwyAth9C9vacVaiUFs4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb96b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf | 172.67.136.150 | 200 OK | 112 kB |
URL GET HTTP/3gts794.com/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 112440, version 1.0 Size112 kB (112440 bytes) Hash31e1300d419245fd27614630601dc74d 3a284b0618771f29da8eb6be900e99439253dce0 c69bf1ccae5f13b5aa4345dcfeb209a8148ad0bfa1e0678b93792aae0429c764
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/css/bootstrap-icons.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: font/woff2
content-length: 112440
last-modified: Sat, 16 Jul 2022 21:30:40 GMT
etag: "1b738-5e3f2d8a78000"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NafdvsqXnJ5i%2B6KLLcbSFRNlSG9o65A1klYVYX2TcZwZw%2F2k6NNcsUC8wZc6uHaqSMcBGffaONUYUCT9u7%2BL7zT4FGg7UBDaM9rFNAmHuom7o9rqgvwcPha2U%2BwZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f68f0a7fb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/js/click-scroll.js | 172.67.136.150 | 200 OK | 867 B |
URL GET HTTP/3gts794.com/js/click-scroll.js IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJavaScript source, ASCII text Hash4ff6c9d82db0002b541259399e9790a9 716fda992f18b6265cbcfc38b57bf7909180074a cb9f115efd1f6edc979913d2479a5536ad9eaa1d66636538214e626cca2a683c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/click-scroll.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: text/javascript
last-modified: Sat, 31 Dec 2022 03:08:52 GMT
etag: W/"4f3-5f11709a67900"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mNAumGklmIg8bi216jm3ttSJpc%2Boh%2FmBfEQB%2BUu%2BWnE02tnsNxL3rjyI9NjrIfYr%2BL1yKjWwTkLHbXtBBjbZRvvEIlNAh5wepzc9C9dHQLaX90ULBdHJqKUxDrm1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0bb1b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 | 216.58.207.227 | 200 OK | 51 kB |
URL GET HTTP/2fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 IP216.58.207.227:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 51316, version 1.0 Hashfb0970515acfd8ed361ac0c20d238229 0bd17b15e9711ea19cd30dc93a64249966f23860 49bec9b3339d0007b61e3553f9f5eeb8e28bf6472071a7fa1e1ab72fc006abad
GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gts794.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 15:13:49 GMT
expires: Fri, 02 May 2025 15:13:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:18:12 GMT
content-type: font/woff2
age: 178317
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 | 216.58.207.227 | 200 OK | 51 kB |
URL GET HTTP/2fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 IP216.58.207.227:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 51316, version 1.0 Hashfb0970515acfd8ed361ac0c20d238229 0bd17b15e9711ea19cd30dc93a64249966f23860 49bec9b3339d0007b61e3553f9f5eeb8e28bf6472071a7fa1e1ab72fc006abad
GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gts794.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 15:13:49 GMT
expires: Fri, 02 May 2025 15:13:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:18:12 GMT
content-type: font/woff2
age: 178317
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 | 216.58.207.227 | 200 OK | 51 kB |
URL GET HTTP/2fonts.gstatic.com/s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 IP216.58.207.227:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 51316, version 1.0 Hashfb0970515acfd8ed361ac0c20d238229 0bd17b15e9711ea19cd30dc93a64249966f23860 49bec9b3339d0007b61e3553f9f5eeb8e28bf6472071a7fa1e1ab72fc006abad
GET /s/unbounded/v7/Yq6W-LOTXCb04q32xlpwu8Zf.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gts794.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 15:13:49 GMT
expires: Fri, 02 May 2025 15:13:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:18:12 GMT
content-type: font/woff2
age: 178317
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| gts794.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg | 172.67.136.150 | 200 OK | 246 kB |
URL GET HTTP/3gts794.com/images/portrait-mature-smiling-authoress-sitting-desk.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, progressive, precision 8, 1200x800, components 3 Size246 kB (245913 bytes) Hashc2145d3454a8746683132d9e811983f1 8370e814fdff455fa198d7acb0842ef4f99e5911 0cb646bdf34b06c9bd365078812099e41aae0de5d75d71e6f822be0e76e64fa4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/portrait-mature-smiling-authoress-sitting-desk.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: image/jpeg
content-length: 245913
last-modified: Mon, 02 Jan 2023 01:10:16 GMT
etag: "3c099-5f13d9d2fae00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbpPSY%2F3lIKlzBINYJhoKjNiQnMbY%2FSFpkBm%2F%2F0AGgLbBqcyREkT%2FhhKB2Tj9KLQpi%2BaHGOtfIcE1sUBck75qCHL4ZfXUil1VhNRqsoIGQvqXDPTYPLed1gttjcA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0b98b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/businessman-sitting-by-table-cafe.jpg | 172.67.136.150 | 200 OK | 271 kB |
URL GET HTTP/3gts794.com/images/businessman-sitting-by-table-cafe.jpg IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJPEG image data, progressive, precision 8, 1920x1280, components 3 Size271 kB (271312 bytes) Hash51dc9f63ce344cc166d6f2ae3f9c998e 079bcd439c8959ab809d38a8d739fb04b6e83fcf 061f46b2950582a059e667f2123474063a59a4422aadfd25c84ff007a45b8b14
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/businessman-sitting-by-table-cafe.jpg HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: image/jpeg
content-length: 271312
last-modified: Mon, 02 Jan 2023 01:09:46 GMT
etag: "423d0-5f13d9b65ea80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOqUmLvJ7cNmH6dSAYSq5hmdPrbSsRxo7hVfhylEp5YzY7N%2FUe47rxzNBocRh%2FQa44WjbQOibz50TRgde76DCuNNYmxsnydfyrKETx%2BeV%2BpjX854QYTq7UxMwWdl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0ba0b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/css/bootstrap.min.css | 172.67.136.150 | 200 OK | 57 kB |
URL GET HTTP/3gts794.com/css/bootstrap.min.css IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeUnicode text, UTF-8 text, with very long lines (65305) Hash025df1ec88740cad5ff14bb3380da6dd 7abed070e37ce060c0a561575f1d41a7f248fc74 2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/bootstrap.min.css HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:46 GMT
content-type: text/css
last-modified: Sun, 02 Oct 2022 08:07:38 GMT
etag: W/"2f955-5ea08b867c680"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdiHsGidw96m6NsxiNenFJ1%2FY0bs%2Fr4TJoq0fHiOEdynoK3gbIo4gY1FmTrVo%2BzjNKj3h7FB1s13VDxUrci5xCocYrvI5w0fRxVgHWyKBdWdC9z85cvJyuu4VVyn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb77b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/css/templatemo-ebook-landing.css | 172.67.136.150 | 200 OK | 11 kB |
URL GET HTTP/3gts794.com/css/templatemo-ebook-landing.css IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeUnicode text, UTF-8 text, with very long lines (348), with CRLF line terminators Hash32e58598f66eb8e3a283314f8690e9e2 681e6d5ed8d69293dba27833c7bd0344bd6380f3 2540a5dde18a5f70241cc5845e742d90dc6d100b7605037a19df006cc7e3798f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/templatemo-ebook-landing.css HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:45 GMT
content-type: text/css
last-modified: Wed, 29 Mar 2023 05:06:56 GMT
etag: W/"5705-5f802f1ecbc00"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1e0AFc%2Fv%2BavM%2B0ukWd0fZnNLQ0JJ8CUDa91%2BzdhV%2BDh6SImpnd9M2mLum8C%2FmBXWCaw8cge%2F3y2x%2BnSlTFK3FHJ2AmCM5FSf8apMKb03vwQ%2FzsdkPs5qmIcJ2DY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb80b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/favicon.ico | 172.67.136.150 | 200 OK | 7.8 kB |
IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Hashb6c73ae62e00835248f973cf44a3f90e ef6c7df7a3b27a94eac873774638fafbb097b8fe 18671e56bd33c77b70a2d4d99cb03bdb7bc821bcf9caa8c013120c710931059a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:49 GMT
content-type: text/html;charset=UTF-8
x-powered-by: PHP/8.2.12
cache-control: no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8j1oS%2BVFneyB%2FLslPR8EudpSXwJQdTu4FdzPVKBBeGF5TwVfZwb7DXODEVyExTUqBZbzx9br3znC4jhR99JDtQdrSNLURuzGqq4x3i%2FrFfRc2%2Fsgbggba5H9%2FK3B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f69658c9b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/js/bootstrap.bundle.min.js | 172.67.136.150 | 200 OK | 80 kB |
URL GET HTTP/3gts794.com/js/bootstrap.bundle.min.js IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJavaScript source, ASCII text, with very long lines (65299) Hashd2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: text/javascript
last-modified: Sun, 02 Oct 2022 08:07:38 GMT
etag: W/"13a70-5ea08b867c680"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89acRlLkCYq1LwRNuOZLB2IevfdeSfap1MCo6mAOiN0qhWWaSyKK280Axv7Ga1eK7%2BogYzKaI2o96kDcm22g837tUiPtBIuCL5nCLqLkl0Czim9mkN6NH6HNMd5s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0babb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/css/bootstrap-icons.css | 172.67.136.150 | 200 OK | 89 kB |
URL GET HTTP/3gts794.com/css/bootstrap-icons.css IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
Hash00220fe2fa340d5502e177032cf423c2 1ce683e78b48dfd6a85e2b4314d85c9a52388f25 4fa72a297d7c91658cf15d00ef0a9e4e83d9a62bf29d34e5f6092e531256567c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/bootstrap-icons.css HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:45 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 11:47:26 GMT
etag: W/"15a0b-5eb4da7eeaf80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7doR07KRqpGx%2F%2BGgFdV7mH67Vb8UUtdzSaVfWRoYHNrPnlrlyt6nsaEa1NMELz2manFXfOapKThCjyEkv95bMfmqFWBhw%2Fp0kQOiUwSqLHIz%2By0vV%2FD57aQG5L%2B5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67dfb7cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/js/custom.js | 172.67.136.150 | 200 OK | 701 B |
IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJavaScript source, ASCII text, with very long lines (738), with no line terminators Hash5e65e49da9882605e11cdf4c0acbd1d2 e2e98901d8427986df4b4f733be5677c4d93eda1 e03a84014b7ee65f4957b39f75a2755442afe6edc165606818545936542b8746
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/custom.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: text/javascript
last-modified: Wed, 04 Jan 2023 08:57:34 GMT
etag: W/"2bd-5f16c60105b80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QCIoVleLqyZydK7OaKmHo9GOowd%2FjXLivMw78ASYiWSO2ne2WnYkGyUdTLBBF8JNL9raAU0eMxiE0B5pLHuJLp0UmtJYySmAKgqBlOwtvzqR2NHmEBSWtd1GZ9ys"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0bb4b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip | 172.67.136.150 | 200 OK | 26 kB |
URL User Request GET HTTP/2gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip IP172.67.136.150:443
CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 16:45:43 GMT
content-type: text/html;charset=UTF-8
x-powered-by: PHP/8.2.12
cache-control: no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fKFhw1iFMomK%2BShnIHbwoeJr%2B1t3pr0Tq%2BMzzor1no8Zch%2B9ulusO0b2H69J4Ahunu4Tlm9WeU5CskAcq4QjSpXyTVixQkUN5kuiNQmIC7Wzd%2B4lybUEfOZCVGeT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f66bae1a56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gts794.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | 172.67.136.150 | 200 OK | 1.2 kB |
URL GET HTTP/3gts794.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeHTML document, ASCII text, with very long lines (1271), with no line terminators Hash40d981045a7516cdadd00e8dccc9c58d 8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3 71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:44 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 15:20:25 GMT
etag: W/"66310c39-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7z7QaHKTkCtPmzDSGNEZnty3fPKsQvSF9r8VKIyS7shYvs0jO2h3zXf8GQs5ZMUkMXbJ%2BKFyyOyDwVXuth354PS273oxnM3YCIEB4TaeSjJFb8bzC%2F3Sz%2FE6rBBd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0ba6b4eb-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 06 May 2024 16:45:44 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| gts794.com/js/jquery.sticky.js | 172.67.136.150 | 200 OK | 7.3 kB |
URL GET HTTP/3gts794.com/js/jquery.sticky.js IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJavaScript source, ASCII text, with very long lines (7537), with no line terminators Hashb56b3bee849a018d23510cb95455ba08 0ec834957053271b601af39ec300705cbc793d92 a437a496b2c57953d1d35389a1da0c0741b382330a7ae1f465df374b63c07409
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.sticky.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: text/javascript
last-modified: Thu, 11 Aug 2022 05:36:54 GMT
etag: W/"1c85-5e5f08d97c980"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jNMqARWrUztzkqXZw0w2WXSrDJauouRyHmmSRkX9GyABVCwx8qEdxS03Qjr3NexJ0%2F52W1Rlq2pdxJX5vldDQbD0U%2FzKuEgFe3y15PhsNuNZ1NhlUG1kGUKOKbtg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0bafb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/js/jquery.min.js | 172.67.136.150 | 200 OK | 86 kB |
URL GET HTTP/3gts794.com/js/jquery.min.js IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typeJavaScript source, ASCII text, with very long lines (32065) Hash48abd2372de119dfd7ffb96c8f307bfe da49460a365d995ef121403cece389dafe496505 04685bdefed2099cae5f544505b8319ee7ae4d0a7f90a93b2e764bde5cad1de6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.min.js HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:47 GMT
content-type: text/javascript
last-modified: Wed, 06 Oct 2021 05:11:36 GMT
etag: W/"14e9a-5cda82e261200"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIz5c7EdsyvSCNDhKZmnfTZ2ZVMNjLJRL%2FHQzp8bIiNuCVedqt5jf%2F%2F%2FM4e5lqAKlZ6QL913bwaC7LPmpSd%2FYWB4hbh%2FN6Q6dg2exz8%2FVwb1qYOxetnjT9Eci6Rp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f67e0ba8b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| gts794.com/images/circle-scatter-haikei.png | 172.67.136.150 | 200 OK | 28 kB |
URL GET HTTP/3gts794.com/images/circle-scatter-haikei.png IP172.67.136.150:443
Requested byhttps://gts794.com/IwZXh0bgNhZW0CMTAAAR3iirwqqk-XT9_LhugjS81tUOm1Lxh5V06WmGZAIjqa5nt-OQ3WjjI4fKQ_aem_Ab6mTfXT6v0VdcaKH3gyoZLMyGld3-9kCEIL2XbB1gcYEq8kPwjXIN6O1y8CJnvJ7HB0L6PNUSdXCfCCe_h3c4gE.zip CertificateIssuerLet's Encrypt Subjectgts794.com Fingerprint4A:EE:38:44:7C:47:BD:9E:74:95:59:D9:43:A5:DE:43:CA:C9:BF:30 ValidityFri, 12 Apr 2024 06:29:03 GMT - Thu, 11 Jul 2024 06:29:02 GMT
File typePNG image data, 562 x 1000, 8-bit/color RGBA, non-interlaced Hash00fa544a8f7b68ecd2fa2269a8b29baf f95d1fba2ca79d9eb64003c72b6d4124284b8006 6b1341f874cd118bc840c9e3d0095605718088a53c324caeed4c30381b88de61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/circle-scatter-haikei.png HTTP/1.1
Host: gts794.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gts794.com/css/templatemo-ebook-landing.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 16:45:49 GMT
content-type: image/png
content-length: 27975
last-modified: Mon, 02 Jan 2023 00:34:34 GMT
etag: "6d47-5f13d1d835a80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0KZ2jwxvY71iE3nBSG6vOpiSxnG8T9GtwHg0z1KdEtkSP4l6EEF3twsdZiouBdF62CITOl56hGLBdjvrglr0p%2B5nv1sJjy5bCZM8h7sf6Xfr36%2BFwJmSPcPDjH0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9f68eea54b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|