URL User Request GET HTTP/2IP141.95.84.120:443
CertificateIssuerLet's Encrypt Subject1.citynews.stgy.ovh FingerprintB0:49:AF:50:02:13:D3:94:AD:5C:4E:8B:46:2F:A8:A3:F0:44:63:5E ValidityMon, 29 Apr 2024 13:44:16 GMT - Sun, 28 Jul 2024 13:44:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 141.95.84.120
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 308 Permanent Redirect
content-length: 0
location: https://141.95.84.120/
|
URL User Request GET HTTP/2IP141.95.84.120:443
CertificateIssuerLet's Encrypt Subject1.citynews.stgy.ovh FingerprintB0:49:AF:50:02:13:D3:94:AD:5C:4E:8B:46:2F:A8:A3:F0:44:63:5E ValidityMon, 29 Apr 2024 13:44:16 GMT - Sun, 28 Jul 2024 13:44:15 GMT
File typeHTML document, ASCII text Hashe3eb0a1df437f3f97a64aca5952c8ea0 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 141.95.84.120
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 13:18:22 GMT
last-modified: Fri, 08 Oct 2021 08:12:05 GMT
etag: "615ffd55-264"
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-varnish-backend: ovh130
x-ua-device: desktop
x-varnish: 1025081585 1022361816
age: 6
via: 1.1 varnish02-ovh.img (Varnish/7.5)
accept-ranges: bytes
vary: User-Agent
x-varnish-beresp: 200
x-varnish-cache: HIT
x-varnish-cache-hits: 4
remote-ip: 91.90.42.154
server-hostname: varnish02-ovh.img
set-cookie: __cc=NO; path=/; Max-Age=300; SameSite=none; Secure
content-length: 384
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| 141.95.84.120/favicon.ico | 141.95.84.120 | 200 OK | 20 B |
URL GET HTTP/2141.95.84.120/favicon.ico IP141.95.84.120:443
CertificateIssuerLet's Encrypt Subject1.citynews.stgy.ovh FingerprintB0:49:AF:50:02:13:D3:94:AD:5C:4E:8B:46:2F:A8:A3:F0:44:63:5E ValidityMon, 29 Apr 2024 13:44:16 GMT - Sun, 28 Jul 2024 13:44:15 GMT
File typegzip compressed data, max speed, from Unix Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 141.95.84.120
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://141.95.84.120/
Cookie: __cc=NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 12:42:52 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-varnish-backend: ovh130
x-varnish: 999856070 985044545
age: 2136
via: 1.1 varnish02-ovh.img (Varnish/7.5)
accept-ranges: bytes
vary: Accept-Encoding
x-varnish-beresp: 200
x-varnish-cache: HIT
x-varnish-cache-hits: 1
remote-ip: 91.90.42.154
server-hostname: varnish02-ovh.img
set-cookie: __cc=NO; path=/; Max-Age=300; SameSite=none; Secure
content-length: 20
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|