| | 3.98.42.122 | | 2.7 kB |
IP3.98.42.122:0
File typeXML 1.0 document, ASCII text Hashff718e048a360ae335f945502ebf91c1 f03c830fb883c58cf78e0e8fcbcc7b527b8ec9b0 0f007ffe77b34bc1ba206ca2be95f00f3f439f74b62d8518865b43eb5801a754
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:53 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: AWSALB=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/
AWSALBCORS=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/; SameSite=None
JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0; Path=/
Server: nginx/1.20.0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Content-Encoding: gzip
|
|
| ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 142.250.74.106 | 200 OK | 33 kB |
URL GET HTTP/1.1ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP142.250.74.106:80
File typeJavaScript source, ASCII text, with very long lines (32089) Hash397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33018
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 02:01:16 GMT
Expires: Fri, 02 May 2025 02:01:16 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 196957
|
|
| www.paypalobjects.com/en_GB/i/scr/pixel.gif | 192.229.221.25 | 200 OK | 43 B |
URL GET HTTP/2www.paypalobjects.com/en_GB/i/scr/pixel.gif IP192.229.221.25:443
CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /en_GB/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Sat, 04 May 2024 08:43:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "642b3574-2b"
expires: Sat, 04 May 2024 09:43:53 GMT
last-modified: Mon, 03 Apr 2023 20:22:12 GMT
paypal-debug-id: 4e1274f87cdfc
server: ECAcc (ska/F6D5)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000004e1274f87cdfc-e0107403974d3e40-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
|
|
| 3.98.42.122/css/ducky-16.css | 3.98.42.122 | 200 OK | 33 kB |
URL GET HTTP/1.13.98.42.122/css/ducky-16.css IP3.98.42.122:80
File typeASCII text, with very long lines (827) Hash16158a2bbe227c5ab561ce74116cf4ea 6a719e74c3b256debbd05fea9c6a0ac7e6012051 b2c13da205db542cd261bb0b2b55b0df149c22c126a2f88c785ae14ada51e933
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/ducky-16.css HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:53 GMT
Content-Type: text/css
Content-Length: 32989
Connection: keep-alive
Set-Cookie: AWSALB=Vprb1s9d1JAt4rdYpTuXOtA199XVkHfmgIpVeV7r6qWzdt2ChqqZ/zQCR2jiXbTU21rLuW8V0L1bSnGmBNZ8vRQDoApvviyzavRHdpzYf/3e3PMDWIyXauXruhwB; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/
AWSALBCORS=Vprb1s9d1JAt4rdYpTuXOtA199XVkHfmgIpVeV7r6qWzdt2ChqqZ/zQCR2jiXbTU21rLuW8V0L1bSnGmBNZ8vRQDoApvviyzavRHdpzYf/3e3PMDWIyXauXruhwB; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-80dd"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/js/ducky-12.js | 3.98.42.122 | 200 OK | 13 kB |
URL GET HTTP/1.13.98.42.122/js/ducky-12.js IP3.98.42.122:80
File typeJavaScript source, ASCII text Hashe0cb6e6dd0d33e6fa9fa2e3fbf9e1df5 6d8483e4ebaba0f5e5bca42e5b5b374adc822549 545502765154235d34258d22cefefd3a09beb756d162e26895cfbf584f177380
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/ducky-12.js HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:53 GMT
Content-Type: application/javascript
Content-Length: 13024
Connection: keep-alive
Set-Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/
AWSALBCORS=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; Expires=Sat, 11 May 2024 08:43:53 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-32e0"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| www.googletagmanager.com/gtag/js?id=G-JSXTWPPW05 | 142.250.74.168 | 200 OK | 92 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-JSXTWPPW05 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hashff7f066057dc9c250d6a0984b962ee3a 8418fb18458a6ff741073c7d6bbffacd3459f7bb 2d66c428dfbbe0935b873d7d643e5ee48c719d5c6745ee97bda68ee4a4679aad
GET /gtag/js?id=G-JSXTWPPW05 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 08:43:53 GMT
expires: Sat, 04 May 2024 08:43:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91836
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 3.98.42.122/img/ggroups_icon.png | 3.98.42.122 | 200 OK | 1.7 kB |
URL GET HTTP/1.13.98.42.122/img/ggroups_icon.png IP3.98.42.122:80
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashd96605848527a2012f61a126ae7881b5 b0869b103b1ad78fc572e89000303607ef995437 72eabb3e0bd6f4829a7c2e11d9467616f7a79c5886f82d06a5ac44483cc050b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ggroups_icon.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 1654
Connection: keep-alive
Set-Cookie: AWSALB=WXX02FZ6+C5fJWAtzQ58Kug52BKd40jfgwTrfXTRcq/PBri3GFhyGq1iqJrtNjhQQ9pFhs6XjxuHKiNdsC6oitvXiAndcZQvyCajWn1A5wZK3zNNXeoNJHC5dvtB; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=WXX02FZ6+C5fJWAtzQ58Kug52BKd40jfgwTrfXTRcq/PBri3GFhyGq1iqJrtNjhQQ9pFhs6XjxuHKiNdsC6oitvXiAndcZQvyCajWn1A5wZK3zNNXeoNJHC5dvtB; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-676"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| www.paypalobjects.com/en_GB/i/btn/btn_donate_LG.gif | 192.229.221.25 | 200 OK | 1.7 kB |
URL GET HTTP/2www.paypalobjects.com/en_GB/i/btn/btn_donate_LG.gif IP192.229.221.25:443
CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 92 x 26 Hash6af1d16ff6e3e380016c8fedfa4d35bb 25453f3007653dacb40e4dffb1f1f7aadcb0186c 4df41d841402fedbee9fb11981ccbc96eb3143097a2a1fcd741e81a6366e1a6c
GET /en_GB/i/btn/btn_donate_LG.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Sat, 04 May 2024 08:43:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "642b3570-6b2"
expires: Sat, 04 May 2024 09:43:54 GMT
last-modified: Mon, 03 Apr 2023 20:22:08 GMT
paypal-debug-id: e14c59428edd5
server: ECAcc (ska/F6DD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000e14c59428edd5-5337bbd7ed276401-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 1714
X-Firefox-Spdy: h2
|
|
| 3.98.42.122/img/login_reddit_plain.png | 3.98.42.122 | 200 OK | 4.9 kB |
URL GET HTTP/1.13.98.42.122/img/login_reddit_plain.png IP3.98.42.122:80
File typePNG image data, 161 x 34, 8-bit/color RGB, non-interlaced Hashf9295fd98fa22d55178850f90ea5dbbb 93c3f615acc08ad2cfa0d497f2115085374ed52f 58f1c6150bfdb82f8c2a84aa604fa1f99a1c859f091a0c1a97ddd3bf21493393
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/login_reddit_plain.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 4919
Connection: keep-alive
Set-Cookie: AWSALB=/Y0Gv7pB6ARohIrZeDjaiuL6FToFjCJyK0d4bhEDMaZNhTxGst5BuHNyiSjUbVGdHLaH49BuLFulNwiekl90AuDS1ZZ75MipQa7UTXp7B7AAnQ8bMvV3O9IlpWw5; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=/Y0Gv7pB6ARohIrZeDjaiuL6FToFjCJyK0d4bhEDMaZNhTxGst5BuHNyiSjUbVGdHLaH49BuLFulNwiekl90AuDS1ZZ75MipQa7UTXp7B7AAnQ8bMvV3O9IlpWw5; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Fri, 19 Feb 2021 23:29:02 GMT
ETag: "603049be-1337"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/google_signin_dark.png | 3.98.42.122 | 200 OK | 3.6 kB |
URL GET HTTP/1.13.98.42.122/img/google_signin_dark.png IP3.98.42.122:80
File typePNG image data, 157 x 34, 8-bit/color RGBA, non-interlaced Hash7ae499ec1bc5562cd663b590d6ba1a87 c797731b04a8b482658e16eb488da397282f5a74 3412e469eaa34fe456767fe7998410f369847535314738b5c0b19ed9e2e276bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/google_signin_dark.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 3626
Connection: keep-alive
Set-Cookie: AWSALB=r9cTTsZmZesK7Ysy40zZyDZLc5QeiC5RLKGlDyk4SGNfrj+VoZvGx8k9/5pBgYM1KI1pKwg6V3dxKgCW1tVfBHk1/EopkBzlvdpujgyfUuKn464I243rBlcb8S/s; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=r9cTTsZmZesK7Ysy40zZyDZLc5QeiC5RLKGlDyk4SGNfrj+VoZvGx8k9/5pBgYM1KI1pKwg6V3dxKgCW1tVfBHk1/EopkBzlvdpujgyfUuKn464I243rBlcb8S/s; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-e2a"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/patreon.png | 3.98.42.122 | 200 OK | 54 kB |
URL GET HTTP/1.13.98.42.122/img/patreon.png IP3.98.42.122:80
File typePNG image data, 1680 x 385, 8-bit/color RGBA, interlaced Hashe252d36c28de00f80b486fa37ddeb2d7 4574598d299934babe52a99395f2c88c00bdcaf7 9eeca98dd92573401a4c43ec46232a0880e9b340682e2b6fe4ef6a29113469c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/patreon.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=TNZ74sCCs4vPM4BqFk3odw3qLXvBwaHoIETCXBKrUJPabDPtTm8UqZHUdoSkvF3fpRn8j/tqFrCjb3fQdjxhLGYbqePzVYJDILlaWmlWo1sWuFuCaQPiFK8sqU4p; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 54101
Connection: keep-alive
Set-Cookie: AWSALB=CyUiBVENILgt/Ow2Vorbi1vZmmx9sbXtQDYwWJ+VmLu9J5cTdIhkBMfGTT3QYwqEgYTY38i8zJ/GWNt4TPi4vVS7UF0Dl056zWw330ZQUXofnatsgqKiXcAnmh4m; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=CyUiBVENILgt/Ow2Vorbi1vZmmx9sbXtQDYwWJ+VmLu9J5cTdIhkBMfGTT3QYwqEgYTY38i8zJ/GWNt4TPi4vVS7UF0Dl056zWw330ZQUXofnatsgqKiXcAnmh4m; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-d355"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/github_button.png | 3.98.42.122 | 200 OK | 3.9 kB |
URL GET HTTP/1.13.98.42.122/img/github_button.png IP3.98.42.122:80
File typePNG image data, 182 x 34, 8-bit/color RGBA, non-interlaced Hash773772592dca7120b10717124a597def 18dc1874f25d31d43f13fab848db0378368f33a1 58a3d7d3ada31ffe060318a15ef9713b73eb92ef3af16ddae60f68e7aeb9153a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/github_button.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 3945
Connection: keep-alive
Set-Cookie: AWSALB=2jBjdIUgIbz4gFcOovn9NQgnSajNTyeKh6hwi7vm7mYhJx9WVCmA7H9QPfWoezFA3PFaUdHJ6EV1yYhKS6/BJUGGLWy8Ff+nGAc3Xx5neFbM7PYMbOVLdYlA08Aw; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=2jBjdIUgIbz4gFcOovn9NQgnSajNTyeKh6hwi7vm7mYhJx9WVCmA7H9QPfWoezFA3PFaUdHJ6EV1yYhKS6/BJUGGLWy8Ff+nGAc3Xx5neFbM7PYMbOVLdYlA08Aw; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-f69"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/ducky_icon.png | 3.98.42.122 | 200 OK | 9.0 kB |
URL GET HTTP/1.13.98.42.122/img/ducky_icon.png IP3.98.42.122:80
File typePNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced Hash085aa7ceb27cca766e494736ed2f7b65 f8a19ed5ba16e579f93ed0b579b81b5b3da73fa9 7c276d8e5351e74910ad73e28f52510836708097976b4b8253508c42027501c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ducky_icon.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/css/ducky-16.css
Cookie: AWSALB=WXX02FZ6+C5fJWAtzQ58Kug52BKd40jfgwTrfXTRcq/PBri3GFhyGq1iqJrtNjhQQ9pFhs6XjxuHKiNdsC6oitvXiAndcZQvyCajWn1A5wZK3zNNXeoNJHC5dvtB; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 8964
Connection: keep-alive
Set-Cookie: AWSALB=9xSgCVvs2HaNWq8eMnSz2tCR8jovzp6npKojajS/8rdxjWwB72swv8I+tT/1piWXGl1aQ291jk5HDoygVnMmpsSPSA4uUyHhyIXkWmR3OJiJtAngtpleTMHyNlhV; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=9xSgCVvs2HaNWq8eMnSz2tCR8jovzp6npKojajS/8rdxjWwB72swv8I+tT/1piWXGl1aQ291jk5HDoygVnMmpsSPSA4uUyHhyIXkWmR3OJiJtAngtpleTMHyNlhV; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-2304"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| www.google.com/recaptcha/api.js | 142.250.74.132 | 200 OK | 5.2 kB |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.132:443
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
Hashe7855f12e7add67a556aa143aab60a68 077eb3f53d0e9fb56767bac6502106abbea83a37 96a74422869568e00cb235eca775f144a285e44018016e9aa92d1de17db56a89
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 08:43:53 GMT
date: Sat, 04 May 2024 08:43:53 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 3.98.42.122/img/login_twitter.png | 3.98.42.122 | 200 OK | 3.4 kB |
URL GET HTTP/1.13.98.42.122/img/login_twitter.png IP3.98.42.122:80
File typePNG image data, 158 x 34, 8-bit/color RGBA, non-interlaced Hashb830f0f2f3624ec26dd53d28eb0de91f 936ebc1b2daf3c6f3aa0f3fabc53de5ffaefb788 666bcda6e73a3de0c302c6f6b2b55e8159e01f10af9d8db5197e4dc0706ff47e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/login_twitter.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 3390
Connection: keep-alive
Set-Cookie: AWSALB=ZfNpXf+/ozcssbEcTiwzEjrK3GYoxPPRuvvSw2reaGKsPBCxzWZjMuVoq1enp15cYABbsAQ5n0EPMHqjxk0T9tLknw4SrpXnRHeb+WpSTGxL8JzRtwZz6Z+28q4q; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=ZfNpXf+/ozcssbEcTiwzEjrK3GYoxPPRuvvSw2reaGKsPBCxzWZjMuVoq1enp15cYABbsAQ5n0EPMHqjxk0T9tLknw4SrpXnRHeb+WpSTGxL8JzRtwZz6Z+28q4q; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-d3e"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/favicon.ico | 3.98.42.122 | 200 OK | 1.6 kB |
URL GET HTTP/1.13.98.42.122/img/favicon.ico IP3.98.42.122:80
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash3e373ef84050582225df0f0ee63689ed 1bc0abc5e101c4025c6d44ccf20a96bea6fde8c2 b77eb982d43e0d418e69a854c6de6a8d928cabc5a51309a93f9fbd5975c67acc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/favicon.ico HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=ZfNpXf+/ozcssbEcTiwzEjrK3GYoxPPRuvvSw2reaGKsPBCxzWZjMuVoq1enp15cYABbsAQ5n0EPMHqjxk0T9tLknw4SrpXnRHeb+WpSTGxL8JzRtwZz6Z+28q4q; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0; _ga_JSXTWPPW05=GS1.1.1714812234.1.0.1714812234.0.0.0; _ga=GA1.1.1115666736.1714812234
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/x-icon
Content-Length: 1631
Connection: keep-alive
Set-Cookie: AWSALB=xaA57qiZZAutI8aAOKK51O1hyZd2ksIR/3rEuSI3EfFwl76ah8PDQ9aYpS3QPP0vOdmOePYJLA7NGncHabKlBVvtvRPnJ4Hzc7/wGILSHkYbdiLbC9740mi8vuFh; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=xaA57qiZZAutI8aAOKK51O1hyZd2ksIR/3rEuSI3EfFwl76ah8PDQ9aYpS3QPP0vOdmOePYJLA7NGncHabKlBVvtvRPnJ4Hzc7/wGILSHkYbdiLbC9740mi8vuFh; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-65f"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| 3.98.42.122/img/ducky_icon.png | 3.98.42.122 | 200 OK | 9.0 kB |
URL GET HTTP/1.13.98.42.122/img/ducky_icon.png IP3.98.42.122:80
File typePNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced Hash085aa7ceb27cca766e494736ed2f7b65 f8a19ed5ba16e579f93ed0b579b81b5b3da73fa9 7c276d8e5351e74910ad73e28f52510836708097976b4b8253508c42027501c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ducky_icon.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=ZfNpXf+/ozcssbEcTiwzEjrK3GYoxPPRuvvSw2reaGKsPBCxzWZjMuVoq1enp15cYABbsAQ5n0EPMHqjxk0T9tLknw4SrpXnRHeb+WpSTGxL8JzRtwZz6Z+28q4q; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0; _ga_JSXTWPPW05=GS1.1.1714812234.1.0.1714812234.0.0.0; _ga=GA1.1.1115666736.1714812234
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 8964
Connection: keep-alive
Set-Cookie: AWSALB=aipcGrKvGz3Fwfa6NICWqDcED/IQppYpFq6ohLygHj/FYGP4i90yvV/Pr2X1KW15argX9w6x3y9345pTZ51VFiHuNiGQieEN4EFdRMyQMGzm3q1LiFLLT7MGoQvt; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=aipcGrKvGz3Fwfa6NICWqDcED/IQppYpFq6ohLygHj/FYGP4i90yvV/Pr2X1KW15argX9w6x3y9345pTZ51VFiHuNiGQieEN4EFdRMyQMGzm3q1LiFLLT7MGoQvt; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-2304"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.99 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://3.98.42.122
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 197046
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 3.98.42.122/img/login_persona.png | 3.98.42.122 | 200 OK | 4.7 kB |
URL GET HTTP/1.13.98.42.122/img/login_persona.png IP3.98.42.122:80
File typePNG image data, 185 x 30, 8-bit/color RGBA, non-interlaced Hasha10ef820edaa604796b816b01d63b3e9 4204a1e20547ba9402d27b23fccc7c0a3d94967b e1d4db4890efe95fdf6b49f3f0391def4cccaeb7cddcd1880a45bcf8fb76f5ca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/login_persona.png HTTP/1.1
Host: 3.98.42.122
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://3.98.42.122/
Cookie: AWSALB=rvzGxoPqwD3uQ7su0WZX4p+dStYX9pAupKDOatBGmQh6KyrE8+IhEtCU6mMZNL0uAgcDf2Np8BJxMzqhF+PXJRJBjHfZbEmrZltbDYQ3lA4MOm86PF12AHYnbQjx; JSESSIONID=node0s3dlklx556pn9oh4fcoesfch67360.node0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:43:54 GMT
Content-Type: image/png
Content-Length: 4683
Connection: keep-alive
Set-Cookie: AWSALB=+G45O8rJBcg4lbyEcE6Rs8/rIx+dG76QG1+RuBISYVufw/8kd00MzhJqKcSAuFp4lmZVYbAaAXz1f9y3gtMwDtyCyqOW6EkwJnGJT1Or2nH3X7Lamv9UPYKz/AbR; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/
AWSALBCORS=+G45O8rJBcg4lbyEcE6Rs8/rIx+dG76QG1+RuBISYVufw/8kd00MzhJqKcSAuFp4lmZVYbAaAXz1f9y3gtMwDtyCyqOW6EkwJnGJT1Or2nH3X7Lamv9UPYKz/AbR; Expires=Sat, 11 May 2024 08:43:54 GMT; Path=/; SameSite=None
Server: nginx/1.20.0
Last-Modified: Sun, 31 Jan 2021 22:25:34 GMT
ETag: "60172e5e-124b"
X-Clacks-Overhead: GNU Terry Pratchett
X-Frame-Options: DENY
Accept-Ranges: bytes
|
|