| |  192.124.249.113 | 403 Forbidden | 2.1 kB |
URL User Request GET HTTP/1.1IP192.124.249.113:80
File typeHTML document, ASCII text, with very long lines (406) Hashf80ff418c461e24109132dbdf0c15c55 3f12c29c2ffe71cf3cb81d719fa042906c5f278c ea1e081be430e0d3f0316ddc50babe9f8ee3c59e996c7bb3e59a29d272e16195
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /22.exe HTTP/1.1
Host: bishopberrian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: Sucuri/Cloudproxy
Date: Fri, 26 Apr 2024 12:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Sucuri-ID: 19013
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Sucuri-Block: CUST02
|
|
| cdn.sucuri.net/css/websitesecurity.css | 192.124.249.16 | 200 OK | 24 kB |
URL GET HTTP/2cdn.sucuri.net/css/websitesecurity.css IP192.124.249.16:443
Requested byhttp://bishopberrian.com/22.exe CertificateIssuerGoDaddy.com, Inc. Subject*.sucuri.net Fingerprint89:47:F7:0B:72:C2:8C:FA:91:5A:D3:E5:25:AB:F5:BA:EC:AD:DE:3E ValidityFri, 08 Sep 2023 16:18:23 GMT - Wed, 09 Oct 2024 16:18:23 GMT
File typeassembler source, Unicode text, UTF-8 text, with very long lines (336) Hash39cac9c8e10fb30cef652134f68339db 6bb2e52eaa19c8cee49c7048d83f4684fd415f1a c3f780f7386c358e5b3d303abc5086e9cf92740fd965278fbf5f4e66bbc2d3ab
GET /css/websitesecurity.css HTTP/1.1
Host: cdn.sucuri.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://bishopberrian.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 12:34:27 GMT
content-type: text/css
content-length: 23669
x-sucuri-id: 19016
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 28 Nov 2017 20:17:38 GMT
etag: "5c75-55f10b5d05c80"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.sucuri.net/css/websitesecurity.css | 192.124.249.16 | 200 OK | 24 kB |
URL GET HTTP/2cdn.sucuri.net/css/websitesecurity.css IP192.124.249.16:443
Requested byhttp://bishopberrian.com/22.exe CertificateIssuerGoDaddy.com, Inc. Subject*.sucuri.net Fingerprint89:47:F7:0B:72:C2:8C:FA:91:5A:D3:E5:25:AB:F5:BA:EC:AD:DE:3E ValidityFri, 08 Sep 2023 16:18:23 GMT - Wed, 09 Oct 2024 16:18:23 GMT
File typeassembler source, Unicode text, UTF-8 text, with very long lines (336) Hash39cac9c8e10fb30cef652134f68339db 6bb2e52eaa19c8cee49c7048d83f4684fd415f1a c3f780f7386c358e5b3d303abc5086e9cf92740fd965278fbf5f4e66bbc2d3ab
GET /css/websitesecurity.css HTTP/1.1
Host: cdn.sucuri.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://bishopberrian.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 12:34:27 GMT
content-type: text/css
content-length: 23669
x-sucuri-id: 19016
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 28 Nov 2017 20:17:38 GMT
etag: "5c75-55f10b5d05c80"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img1.wsimg.com/ux/fonts/1.4/woff2/Boing-Bold.woff2 |  23.36.79.43 | 200 OK | 28 kB |
URL GET HTTP/2img1.wsimg.com/ux/fonts/1.4/woff2/Boing-Bold.woff2 IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttp://bishopberrian.com/22.exe CertificateIssuerStarfield Technologies, Inc. Subject*.wsimg.com FingerprintB7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD ValidityTue, 19 Sep 2023 21:06:14 GMT - Sun, 20 Oct 2024 21:06:14 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28220, version 6.131 Hash22cf6a168a01f8976174639a3a7cb90f 766d2b985aa4dba7d46184b2e8b5ffd4f1ff7c36 49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
GET /ux/fonts/1.4/woff2/Boing-Bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://bishopberrian.com
DNT: 1
Connection: keep-alive
Referer: https://cdn.sucuri.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Wed, 04 May 2016 22:29:16 GMT
accept-ranges: bytes
etag: "59c6cd6454a6d11:0"
content-length: 28220
cache-control: max-age=31536000
expires: Sat, 26 Apr 2025 12:34:28 GMT
date: Fri, 26 Apr 2024 12:34:28 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| bishopberrian.com/favicon.ico | 192.124.249.113 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1bishopberrian.com/favicon.ico IP192.124.249.113:80
Requested byhttp://bishopberrian.com/22.exe
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: bishopberrian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bishopberrian.com/22.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: Sucuri/Cloudproxy
Date: Fri, 26 Apr 2024 12:34:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Sucuri-ID: 19013
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Redirect-By: WordPress
Location: https://bishopberrian.com/favicon.ico
Vary: Accept-Encoding
X-Sucuri-Cache: MISS
|
|
| bishopberrian.com/favicon.ico | 192.124.249.113 | 301 Moved Permanently | 1 B |
URL GET HTTP/1.1bishopberrian.com/favicon.ico IP192.124.249.113:80
Requested byhttp://bishopberrian.com/22.exe
File typevery short file (no magic) Hasheccbc87e4b5ce2fe28308fd9f2a7baf3 77de68daecd823babbb58edb1c8e14d7106e83bb 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: bishopberrian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bishopberrian.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 12:34:28 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://bishopberrian.com/wp-includes/images/w-logo-blue-white-bg.png
x-sucuri-id: 19013
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
link: <https://bishopberrian.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
|
|
| bishopberrian.com/wp-includes/images/w-logo-blue-white-bg.png | 192.124.249.113 | 200 OK | 4.1 kB |
URL GET HTTP/2bishopberrian.com/wp-includes/images/w-logo-blue-white-bg.png IP192.124.249.113:443
Requested byhttp://bishopberrian.com/22.exe CertificateIssuerStarfield Technologies, Inc. Subjectbishopberrian.com Fingerprint1F:A8:48:79:B5:32:40:51:7E:0A:EB:F6:9E:25:C2:10:A9:37:0E:AC ValidityMon, 04 Mar 2024 07:34:29 GMT - Tue, 04 Mar 2025 07:34:29 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hash000bf649cc8f6bf27cfb04d1bcdcd3c7 d73d2f6d74ec6cdcbae07955592962e77d8ae814 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: bishopberrian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bishopberrian.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 12:34:28 GMT
content-type: image/png
content-length: 4119
x-sucuri-id: 19013
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 02 Jan 2024 19:38:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|