Report - www.xoslab.com/download/EFL2.2

Report Overview

Submitted URL
www.xoslab.com/download/EFL2.2_Setup.exe
IP
172.67.184.79
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-09 12:01:53
Access
public
Website Title
GOPAY303 : SITUS GACOR TERBARU GAMPANG JAKCPOT DAFTAR PAKAI LINK GACOR GOPAY303
Final URL
152.42.194.138/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-05-08	336 B	1.2 kB	172.64.149.23
cdn.ampproject.org	329	2015-08-31	2015-10-09	2024-05-08	1.3 kB	90 kB	142.250.74.161
152.42.194.138	unknown	unknown	No data	No data	3.1 kB	315 kB	152.42.194.138
www.xoslab.com	unknown	2008-07-28	2017-02-02	2023-08-17	494 B	839 B	104.21.43.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed
2024-05-09	medium	152.42.194.138	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	cdn.ampproject.org/v0.js	285 kB	2024-05-08	2024-05-14
Pretty URL cdn.ampproject.org/v0.js IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:41:33 Last Seen2024-05-14 18:51:25 Times Seen45 Hash 3b2111f019d104164d5a800eeae7abf9 019b3e772fada2bb1772df0f8ff3de71ccf392aa b3d6c26e864ccd4da281f37b50f9acf8508c504780be13a0e8094ae3e557ac8a Loading...

	cdn.ampproject.org/v0/amp-carousel-0.2.js	34 kB	2024-05-09	2024-05-09
Pretty URL cdn.ampproject.org/v0/amp-carousel-0.2.js IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 12:38:08 Last Seen2024-05-09 14:02:00 Times Seen4 Hash 7e9aa180ec0deaa15bb4e939361b0711 7f4ab062428ace9727729ea8317c0c64d59af73c e6a71321c2cb60bde4c253ae9f192abf9d05e4bfaa3356739df76de51e811f57 Loading...

	cdn.ampproject.org/rtv/012404230718000/v0/amp-auto-lightbox-0.1.js	7.8 kB	2024-05-08	2024-05-14
Pretty URL cdn.ampproject.org/rtv/012404230718000/v0/amp-auto-lightbox-0.1.js IP 142.250.74.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:41:33 Last Seen2024-05-14 18:51:25 Times Seen39 Hash 2f5409797573545ef00da57189731689 20ac241032e56151958c680707209c9c298868e3 9c2ac126d439f7e51f5ab6961f5a4d567bcad323ee2450998df29515cf0ad765 Loading...

HTTP Transactions (12)

URL IP Response Size

www.xoslab.com/download/EFL2.2_Setup.exe

104.21.43.191

301 Moved Permanently

167 B

URL User Request GET HTTP/2
www.xoslab.com/download/EFL2.2_Setup.exe
IP
104.21.43.191:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectxoslab.com
Fingerprint34:D6:0A:B2:EE:3F:84:86:B0:43:96:78:B4:D1:E7:B2:70:3A:86:E1
ValiditySun, 14 Apr 2024 01:39:07 GMT - Sat, 13 Jul 2024 01:39:06 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /download/EFL2.2_Setup.exe HTTP/1.1
Host: www.xoslab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 09 May 2024 12:01:28 GMT
content-type: text/html
content-length: 167
location: https://152.42.194.138
cache-control: max-age=3600
expires: Thu, 09 May 2024 13:01:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg4zM7%2FlldiULlMdLSRonU2sQKDbbnY3xFu74pPut6fd%2FwlYRZam3CR7xP9kY3b55g9Y%2Bbfc%2B35o2vGe%2BNbjjnpaJOUUYUkcLsWKaswPWYt0pcAV5N2uJnZ1fq642%2B80IA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881188f7fbdfb527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zerossl.ocsp.sectigo.com/

172.64.149.23

728 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
0823e843094c84fb67abbbb822d68870
3c6f8b7e77adb5a71daa7631fdd4e25b884e2dbb
629aa438113253ce1285bf85f3bb3c4350b4107e8e4ee19a7a93328517c5a31a

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 09 May 2024 12:01:28 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 10:04:09 GMT
Expires: Tue, 14 May 2024 10:04:08 GMT
Etag: "3c6f8b7e77adb5a71daa7631fdd4e25b884e2dbb"
Cache-Control: max-age=424359,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 881188fbda3c0b69-OSL

cdn.ampproject.org/v0.js

142.250.74.161

200 OK

73 kB

URL GET HTTP/2
cdn.ampproject.org/v0.js
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://152.42.194.138/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64654)
Size
73 kB (73084 bytes)
Hash
3b2111f019d104164d5a800eeae7abf9
019b3e772fada2bb1772df0f8ff3de71ccf392aa
b3d6c26e864ccd4da281f37b50f9acf8508c504780be13a0e8094ae3e557ac8a

HTTP Headers

GET /v0.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 73084
date: Thu, 09 May 2024 12:01:29 GMT
expires: Thu, 09 May 2024 12:01:29 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "5fd6afb7d4b2d5d6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-carousel-0.2.js

142.250.74.161

200 OK

9.6 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-carousel-0.2.js
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://152.42.194.138/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (33698)
Size
9.6 kB (9554 bytes)
Hash
7e9aa180ec0deaa15bb4e939361b0711
7f4ab062428ace9727729ea8317c0c64d59af73c
e6a71321c2cb60bde4c253ae9f192abf9d05e4bfaa3356739df76de51e811f57

HTTP Headers

GET /v0/amp-carousel-0.2.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 9554
date: Thu, 09 May 2024 12:01:29 GMT
expires: Thu, 09 May 2024 12:01:29 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "21a0d8216f7ac0c1"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

152.42.194.138/img/gopay303.png

152.42.194.138

200 OK

39 kB

URL GET HTTP/2
152.42.194.138/img/gopay303.png
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
PNG image data, 300 x 68, 8-bit/color RGBA, non-interlaced
Size
39 kB (39028 bytes)
Hash
9ef343eeee38df5bc124c4c7da721733
7a6cd2748468478d7671b59f22b5506dc0a71e70
aa029acacf87cce405108a5dfbba8ab8f9258e268fd36e0364970837452bd52e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gopay303.png HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: image/png
content-length: 39028
last-modified: Sun, 24 Mar 2024 01:35:14 GMT
etag: "65ff8352-9874"
expires: Sat, 08 Jun 2024 12:01:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012404230718000/v0/amp-auto-lightbox-0.1.js

142.250.74.161

200 OK

3.0 kB

URL GET HTTP/2
cdn.ampproject.org/rtv/012404230718000/v0/amp-auto-lightbox-0.1.js
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://152.42.194.138/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint15:D1:F9:FD:F4:47:59:FF:66:C1:EB:18:18:71:8F:7D:9A:38:20:14
ValidityTue, 16 Apr 2024 03:24:35 GMT - Tue, 09 Jul 2024 03:24:34 GMT

File type
JavaScript source, ASCII text, with very long lines (7690)
Size
3.0 kB (2976 bytes)
Hash
2f5409797573545ef00da57189731689
20ac241032e56151958c680707209c9c298868e3
9c2ac126d439f7e51f5ab6961f5a4d567bcad323ee2450998df29515cf0ad765

HTTP Headers

GET /rtv/012404230718000/v0/amp-auto-lightbox-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://152.42.194.138
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2976
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 May 2024 09:50:08 GMT
expires: Thu, 08 May 2025 09:50:08 GMT
cache-control: public, max-age=31536000
etag: "7e4a961a3c2d0fa7"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 94282
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

152.42.194.138/img/home.png

152.42.194.138

200 OK

19 kB

URL GET HTTP/2
152.42.194.138/img/home.png
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
PNG image data, 298 x 282, 8-bit/color RGBA, non-interlaced
Size
19 kB (18993 bytes)
Hash
b6f00a2c0b2193b92584521e3478a00f
24dbb77c5ec746e3b7c24e4e7087dc1b75e96d66
7a47d3091139a77e49a187f99d827d57272b85ee82d74b8ec36643cd88e769de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home.png HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: image/png
content-length: 18993
last-modified: Sun, 24 Mar 2024 01:35:14 GMT
etag: "65ff8352-4a31"
expires: Sat, 08 Jun 2024 12:01:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

152.42.194.138/img/login.webp

152.42.194.138

200 OK

12 kB

URL GET HTTP/2
152.42.194.138/img/login.webp
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12020 bytes)
Hash
4bbca1e2842983613dbdfbee1d31470c
ff8f1cbe5ff88075bef7b496605b21b7a2cf7d35
17d22c9647c7a172ae9aa0370a25e3dbcaf2c1d937efd81a02d28b7e52ff294e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login.webp HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: image/webp
content-length: 12020
last-modified: Sun, 24 Mar 2024 01:35:15 GMT
etag: "65ff8353-2ef4"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

152.42.194.138/img/livechat.png

152.42.194.138

200 OK

15 kB

URL GET HTTP/2
152.42.194.138/img/livechat.png
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
15 kB (14932 bytes)
Hash
a5791a5a720c12e36ba3ab99d71d5a82
ac2417c0893722fa9d82c76130c2866899feaf85
22fdb4c9e8eef23163f4973e97889cd329052c57a86af2c483f83a73064149f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/livechat.png HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: image/png
content-length: 14932
last-modified: Sun, 24 Mar 2024 01:35:15 GMT
etag: "65ff8353-3a54"
expires: Sat, 08 Jun 2024 12:01:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

152.42.194.138/

152.42.194.138

200 OK

112 kB

URL User Request GET HTTP/2
152.42.194.138/
IP
152.42.194.138:443
ASN
#0

Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
112 kB (112518 bytes)
Hash
db2b19cb57ef5d250f1fe68d1bab6f81
3a5b74a801071f93c5aec494a30ab2dad151d463
6a5bedd756fad1c590d9f3a7fb4e566988dfcc88cef554817a09283538df410c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: text/html
last-modified: Sat, 04 May 2024 12:36:49 GMT
vary: Accept-Encoding
etag: W/"66362be1-21d2"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

152.42.194.138/img/icon-gopay303.png

152.42.194.138

200 OK

5.4 kB

URL GET HTTP/2
152.42.194.138/img/icon-gopay303.png
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
Size
5.4 kB (5364 bytes)
Hash
2a1cbffa2c7650374bd156647d37fa9e
e1bb55cbbe0640400650639751492d63e45ccf2f
f5c5637c9926ef036cb6b099b5c21e0999ff01eee387c3abeb6d3921962fdcf0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icon-gopay303.png HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:30 GMT
content-type: image/png
content-length: 5364
last-modified: Sun, 24 Mar 2024 01:35:15 GMT
etag: "65ff8353-14f4"
expires: Sat, 08 Jun 2024 12:01:30 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

152.42.194.138/img/gopay303.jpg

152.42.194.138

200 OK

110 kB

URL GET HTTP/2
152.42.194.138/img/gopay303.jpg
IP
152.42.194.138:443
ASN
#0

Requested by
https://152.42.194.138/
Certificate
IssuerZeroSSL
Subject152.42.194.138
Fingerprint59:2B:D7:7F:D8:06:A4:D4:7F:61:20:90:4D:7E:61:B5:6A:C4:E0:74
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
PNG image data, 236 x 210, 8-bit/color RGBA, non-interlaced
Size
110 kB (109955 bytes)
Hash
b68083d63d4d84f944cd8005335be597
66890b9b7dc22be6d1e565b9edbf6894e25697dd
78f8388a6baf4efd8a75e23f737cbcdf4f17ba1e15f8dfb1f0a7365b30b8e2b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gopay303.jpg HTTP/1.1
Host: 152.42.194.138
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://152.42.194.138/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 12:01:29 GMT
content-type: image/jpeg
content-length: 109955
last-modified: Sun, 24 Mar 2024 01:35:14 GMT
etag: "65ff8352-1ad83"
expires: Sat, 08 Jun 2024 12:01:29 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash