| www.avoidcrooked.sa.com/rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV | 104.21.47.131 | 200 OK | 569 B |
URL User Request GET HTTP/2www.avoidcrooked.sa.com/rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV IP104.21.47.131:443
CertificateIssuerLet's Encrypt Subjectavoidcrooked.sa.com Fingerprint5C:FA:AC:D7:08:EB:47:0E:7D:E4:1A:85:80:8B:8D:FD:AD:A2:7E:D3 ValidityWed, 08 May 2024 04:31:40 GMT - Tue, 06 Aug 2024 04:31:39 GMT
File typeHTML document, ASCII text Hashd01c35167ec849df9dfb4c34f37d8ce8 5061acc7ce6c9a76a04b7ed51c94d8c8d9584257 0b8a5bdc49f4860a9b6fe9505a1d6f28d0887627445dd5f18facdf7ae6274833
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV HTTP/1.1
Host: www.avoidcrooked.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 10:51:08 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5FWQ%2FGJhTd0XgzAvF%2F0JRhTsypy0dYtFgz474Qh22Il6GD4IRTMyI0n64VL9bpLB6RijRdXlShtpKm2pc4BxPgAcNh7H2qqwvcGLjakiZuLpbc3oXnKBOpXmdBzEM5B18xb%2BX2yLuu62Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88195f4f89335685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| www.googletagmanager.com/gtag/js?id=UA-22484186-3 | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-22484186-3 IP142.250.74.168:443
Requested byhttps://www.avoidcrooked.sa.com/rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashd9f662ab3cc390b74c7e2e3bb6ae35cd 873af99f04a18be481fe5e55a7944ef4ff365df1 1225003224e12ee984ead8e398267341b4d33ffb8ad03059f5f4724e4297eed4
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.avoidcrooked.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 10:51:08 GMT
expires: Fri, 10 May 2024 10:51:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74909
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| www.avoidcrooked.sa.com/jquery-1.11.0.min.js | 104.21.47.131 | 200 OK | 40 kB |
URL GET HTTP/3www.avoidcrooked.sa.com/jquery-1.11.0.min.js IP104.21.47.131:443
Requested byhttps://www.avoidcrooked.sa.com/rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV CertificateIssuerLet's Encrypt Subjectavoidcrooked.sa.com Fingerprint5C:FA:AC:D7:08:EB:47:0E:7D:E4:1A:85:80:8B:8D:FD:AD:A2:7E:D3 ValidityWed, 08 May 2024 04:31:40 GMT - Tue, 06 Aug 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (32341) Hash8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /jquery-1.11.0.min.js HTTP/1.1
Host: www.avoidcrooked.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.avoidcrooked.sa.com/rebrwoae/qfkk3919dxgta/oLZy-69jVl8D_l_uPUTEyIo6QE36zFxcSfli9Dwb41w/NbLradEkrMIfscXWdvwXFNm-q7Y8LSvkiY8erVj88Lq3GDyMsJ6f2g3mmmW5syqV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 10:51:08 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 23:51:44 GMT
etag: W/"66342710-1787d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNAPyVbGRioP3zHP%2FQivlCIupzl5VKS3bveYx4U8j5dSpFmCUjadGN3ep248wLbLnKOmnzedwxbF4Na0pXUWeVEhxdoxll%2Fe43zcbSsN1hFr5ioPWLvS1iPnNJTlFX9qilfoktWK3J%2Bm%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88195f53a9ba56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
| mail.google.com/favicon.ico | 142.250.74.133 | | 8.6 kB |
URL mail.google.com/favicon.ico IP142.250.74.133:0
File typegzip compressed data, max compression Hashb76b5aac78228785f0bdd4cb4a42ad99 1cb9ade770eb6f3c5c31abecff902eed2cbf92a4 a80504ec5c77b85cf2910de82bd995ce7ddb63d884fa9a07737ae5f5a4dec662
GET /favicon.ico HTTP/1.1
Host: mail.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 10:51:09 GMT
strict-transport-security: max-age=10886400; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: clear
X-Firefox-Spdy: h2
|