Report - 34.139.204.205/

Report Overview

Submitted URL
34.139.204.205/
IP
34.139.204.205
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-05-08 14:19:21
Access
public
Website Title
Trade View
Final URL
34.139.204.205/#/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
102

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
34.139.204.205	unknown	unknown	2022-01-11	2024-03-20	18 kB	10 MB	34.139.204.205
synapsex.tradeviewx.tech	unknown	unknown	No data	No data	2.0 kB	1.6 kB	34.139.204.205
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-07	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed
2024-05-08	medium	34.139.204.205	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	34.139.204.205/bundles/f322760c56df8d2bd835/bundle.js	7.1 kB	2024-05-08	2024-05-08
Pretty URL 34.139.204.205/bundles/f322760c56df8d2bd835/bundle.js IP 34.139.204.205 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:19:31 Last Seen2024-05-08 16:19:33 Times Seen2 Hash 601d33d81ff55620ea76b73ea8bd96e6 544203e3cac5a311138ed314f6089ef0bf3fd993 4286b22a6e53e2cafaaa5aac9ac1cb5497e48cf762ec7d4a5ae4766d30427f4e Loading...

	34.139.204.205/bundles/f322760c56df8d2bd835/init.js	2.0 MB	2024-05-08	2024-05-08
Pretty URL 34.139.204.205/bundles/f322760c56df8d2bd835/init.js IP 34.139.204.205 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:19:32 Last Seen2024-05-08 16:19:33 Times Seen2 Hash 380c0e79c3acb46b44710dc8e85723eb 15fbf3d796515f05cb2b0e763c9645003e00f0c8 9a34010fb84a70d423479619991a34964e1ac01f16902fe85b01959dcbe0a33a Loading...

	34.139.204.205/bundles/f322760c56df8d2bd835/vendors~init.js	2.8 MB	2024-05-08	2024-05-08
Pretty URL 34.139.204.205/bundles/f322760c56df8d2bd835/vendors~init.js IP 34.139.204.205 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:19:32 Last Seen2024-05-08 16:19:33 Times Seen2 Hash 15fa236b383c369061113ac112af0507 b7e11c92f88fa78efc85c8599a427925a873ea58 0b8aa02abf73c77a9955ef49619d61501e7ffb4c6f9791548619c1c2a58957c1 Loading...

	34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-component-index.js	3.0 kB	2024-05-08	2024-05-08
Pretty URL 34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-component-index.js IP 34.139.204.205 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:19:32 Last Seen2024-05-08 16:19:33 Times Seen2 Hash 365e7052fc432ac4b976132062d7f1dd e09338932fe992beed59d03f78ae58a603ac579a bd8f26788bc724a56d794df430bc7645a3116f466cbaca55acd983255a0ecd23 Loading...

	34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-app.js	2.8 kB	2024-05-08	2024-05-08
Pretty URL 34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-app.js IP 34.139.204.205 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:19:32 Last Seen2024-05-08 16:19:33 Times Seen2 Hash deb1b69eed8fdc9dd79d21572a6e8d64 092fefb9bbd00d3ccca35af1752cf74ec35b9c53 3003b4de0dde3caee51f7d6b79a11bf98021eb09a55c3a8cbfba801bc18614f2 Loading...

HTTP Transactions (56)

URL IP Response Size

34.139.204.205/

34.139.204.205

1.6 kB

URL User Request GET
34.139.204.205/
IP
34.139.204.205:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.6 kB (1592 bytes)
Hash
810fa00bf85b155e59f8cd903b8651f1
cb43be70e84ea519fec8c980435bf0e5a28a4e74
0aabd0a57ab393b0a0623677fc991cac471dd7017d7aa13733ac395290901ba1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:51 GMT
Content-Type: text/html
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65d3eb09-1838"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Encoding: gzip

34.139.204.205/bundles/f322760c56df8d2bd835/bundle.css

34.139.204.205

200 OK

5.4 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/bundle.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (5414), with no line terminators
Size
5.4 kB (5414 bytes)
Hash
d55253c7671e59ed9e1def28fd46eef5
5d50ab340667c8e2659af266efa1c313d2387590
9ff3f9072e1843e19b9e5d76dfdbd392905dfcae4e1b61e8b4cce2322ab4a81a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/bundle.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 5414
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1526"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-dark.css

34.139.204.205

200 OK

309 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-dark.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
309 kB (309039 bytes)
Hash
7d09e1f256c0cdd451d7af68cc1c9fcc
a06ea7e2412aad2808ec2d67627eee5dd360324c
fffce7457cb49c3f1b5dfe65569f2cc0010694d4cbb2bae4f89f1f28e7d9a8bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-dark.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 309039
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4b72f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css

34.139.204.205

200 OK

308 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
308 kB (308391 bytes)
Hash
c9d4cc4fce0df7afaed87d46d911bc65
7eb3fed4255bc1c53b03975c2c2fd18500f441fc
f143a27de97c817bcecebe8d05a7a88150f254f2b1640188b721351ec67a88ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-light.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 308391
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4b4a7"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-dark-custom.css

34.139.204.205

200 OK

320 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-dark-custom.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
320 kB (319475 bytes)
Hash
0643d8abb36c48bd7780fc64f5c1349f
6a413df162ccc9c0ccd011dc848a936e56654d9d
d686fd5c95f54681b764bbac916bcaf008bd76c6af3699cb7f2c4b1d897b1dcf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-dark-custom.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 319475
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4dff3"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-dark.css

34.139.204.205

200 OK

309 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-dark.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
309 kB (309125 bytes)
Hash
04632c95c9dbdbfdaa5d032eef515021
932079f016de445ffe3fcc17ad48033675c30067
e528ddee7131a2e67a36714e157a61c3d812eb79018eab520dd528d26fd6335b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-tvi-dark.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 309125
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4b785"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-light.css

34.139.204.205

200 OK

309 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-light.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
309 kB (309358 bytes)
Hash
ec8e35fb574b9c53786a23ce9fa7c051
c2aa7a5e1baf755d81670507cb02bc66dc5a31a0
f82fea0164ecf4684b1d88a3b41fb1c908c3851299238124ae2f8730163c7b63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-tvi-light.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 309358
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4b86e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-legacy.css

34.139.204.205

200 OK

305 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-legacy.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
305 kB (305340 bytes)
Hash
8b29b51e6884c9907ea2cd1d0bbab0cb
65f47f51c0f6230bf12d887d4d98bae1048cfd6c
0db74348d0731812f6a3d1a1a7de544b5afe1338200ccdbb94a6de4ca718af69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-legacy.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 305340
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4a8bc"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/bundle.js

34.139.204.205

200 OK

7.1 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/bundle.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, ASCII text, with very long lines (7098)
Size
7.1 kB (7133 bytes)
Hash
601d33d81ff55620ea76b73ea8bd96e6
544203e3cac5a311138ed314f6089ef0bf3fd993
4286b22a6e53e2cafaaa5aac9ac1cb5497e48cf762ec7d4a5ae4766d30427f4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/bundle.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: application/javascript
Content-Length: 7133
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1bdd"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-light-custom.css

34.139.204.205

200 OK

319 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-light-custom.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
319 kB (318951 bytes)
Hash
7a1b98268afbf759b03edab030e65d27
104a622b7e097de1fc61fc94bd026a5ac59a62b3
e23be4b3e38324ba1ad273b54aa8b738235799a3a23e19e66063ce60ebddc4e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-light-custom.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:52 GMT
Content-Type: text/css
Content-Length: 318951
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4dde7"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-app.js

34.139.204.205

200 OK

2.8 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-app.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, ASCII text, with very long lines (2712)
Size
2.8 kB (2753 bytes)
Hash
deb1b69eed8fdc9dd79d21572a6e8d64
092fefb9bbd00d3ccca35af1752cf74ec35b9c53
3003b4de0dde3caee51f7d6b79a11bf98021eb09a55c3a8cbfba801bc18614f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/riot-web-app.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: application/javascript
Content-Length: 2753
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-ac1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-component-index.js

34.139.204.205

200 OK

3.0 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/riot-web-component-index.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, ASCII text, with very long lines (2921)
Size
3.0 kB (2974 bytes)
Hash
365e7052fc432ac4b976132062d7f1dd
e09338932fe992beed59d03f78ae58a603ac579a
bd8f26788bc724a56d794df430bc7645a3116f466cbaca55acd983255a0ecd23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/riot-web-component-index.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: application/javascript
Content-Length: 2974
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-b9e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/theme-legacy-dark.css

34.139.204.205

200 OK

306 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/theme-legacy-dark.css
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
306 kB (305991 bytes)
Hash
774b821ac567aec02a166bfcf43ba5a2
5cd2601298b7243b745b586b6bf3f5b201472550
56f23c970dc103211e0ce07f7f5cc0effeecefa4d5060e46577a21c0184a6dcb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/theme-legacy-dark.css HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: text/css
Content-Length: 305991
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4ab47"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/media/message.ogg

34.139.204.205

206 Partial Content

23 kB

URL GET HTTP/1.1
34.139.204.205/media/message.ogg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Ogg data, Vorbis audio, stereo, 44100 Hz, ~0 bps
Size
23 kB (23440 bytes)
Hash
73febb0eff89a333c5139d727e44ad95
f40740122fe1aaf1f35d81e2d910f4514d968dce
3f80fd76c427e7dc92a4fc6046ff9b41816f0009ebdaecd3ebb3108149a339c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/message.ogg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: audio/ogg
Content-Length: 23440
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-5b90"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Range: bytes 0-23439/23440

34.139.204.205/media/callend.ogg

34.139.204.205

206 Partial Content

14 kB

URL GET HTTP/1.1
34.139.204.205/media/callend.ogg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Ogg data, Vorbis audio, mono, 44100 Hz, ~48000 bps
Size
14 kB (13932 bytes)
Hash
2ee66609b77f162ec68d69829bff706e
24af517ede5a8a3f7ab9f3fac9f6243cdf1335cb
18865b65a307ef0ec78b02519dd4be312540f29b2529b56351cc2eb3950698c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/callend.ogg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: audio/ogg
Content-Length: 13932
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-366c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Range: bytes 0-13931/13932

34.139.204.205/media/ring.ogg

34.139.204.205

206 Partial Content

67 kB

URL GET HTTP/1.1
34.139.204.205/media/ring.ogg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Ogg data, Vorbis audio, mono, 44100 Hz, ~239920 bps, created by: Xiph.Org libVorbis I (1.3.2)
Size
67 kB (66715 bytes)
Hash
4a0420b3f18e98b2ab9928e872825d05
931045d2df5b09e71268a77af164875c32c8abb9
9ac03064148e22d9f9331153da1c691e3cd20e941b4b68a28127260ee7a48e56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/ring.ogg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: audio/ogg
Content-Length: 66715
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-1049b"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Range: bytes 0-66714/66715

34.139.204.205/media/busy.ogg

34.139.204.205

206 Partial Content

14 kB

URL GET HTTP/1.1
34.139.204.205/media/busy.ogg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Ogg data, Vorbis audio, mono, 44100 Hz, ~48000 bps
Size
14 kB (13960 bytes)
Hash
feae5fc65ed8358f405b7587bb386a5b
62376a0c0564b4c939df86a51b70dd355806efbc
c2619d91ce86ee79c85f4b5279a691f12754bef3bbce6c3ced5e58978810855b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/busy.ogg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: audio/ogg
Content-Length: 13960
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-3688"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Range: bytes 0-13959/13960

34.139.204.205/media/ringback.ogg

34.139.204.205

206 Partial Content

8.4 kB

URL GET HTTP/1.1
34.139.204.205/media/ringback.ogg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Ogg data, Vorbis audio, mono, 44100 Hz, ~48000 bps
Size
8.4 kB (8352 bytes)
Hash
0dd096154bbb4845a29a6152bdc2980b
add103d5a3496f4bfd02273dd780c326fccca13b
9271701b4a06e6f364926dbb1ebe687a955dfc7b9daa3d8f8aed84511a2d2592

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/ringback.ogg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: audio/ogg
Content-Length: 8352
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-20a0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Content-Range: bytes 0-8351/8352

34.139.204.205/img/warning.05cc423.svg

34.139.204.205

200 OK

1.3 kB

URL GET HTTP/1.1
34.139.204.205/img/warning.05cc423.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1263 bytes)
Hash
05cc42340f158cb3fe282d439287ca0d
df09792d75213d23f86771ca17217f374ffe58de
30e1625a5723bdcb4d48cb2f061cb2baef1fe929d7f6f4509c477d4471158e81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/warning.05cc423.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 1263
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4ef"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/e2e/warning.617a615.svg

34.139.204.205

200 OK

782 B

URL GET HTTP/1.1
34.139.204.205/img/e2e/warning.617a615.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
782 B (782 bytes)
Hash
617a61518da67bbff2e02898872ed05f
d0d5f8c63cf8215857d45e9a82e8aea92b543493
f885e55583703c883dc33203f12209178fb1e01c96d69d1990aed0f7eb1cbbd0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/e2e/warning.617a615.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 782
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-30e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/feather-customised/warning-triangle.d95b363.svg

34.139.204.205

200 OK

717 B

URL GET HTTP/1.1
34.139.204.205/img/feather-customised/warning-triangle.d95b363.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
717 B (717 bytes)
Hash
d95b363e193a7d8ad0cce5ba3e17d49d
598f2fdf497edf58e8bd18746493605775c4fb3c
4b46628a998091ca14cd52b89c09840b2e944ec21d4d37b8b8731b3be3396af1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/feather-customised/warning-triangle.d95b363.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 717
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-2cd"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/format/bold.e1c17ac.svg

34.139.204.205

200 OK

773 B

URL GET HTTP/1.1
34.139.204.205/img/format/bold.e1c17ac.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
773 B (773 bytes)
Hash
e1c17ac05458a90941080fb18aaf067b
9fb422c61b54d9301f90c4d4e4b2e157b9bff98f
81166029d507b8dee6b517e94eda83e71b6de9701de1b77c4081490337d2475d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/format/bold.e1c17ac.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 773
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-305"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/format/code.c4d30b5.svg

34.139.204.205

200 OK

355 B

URL GET HTTP/1.1
34.139.204.205/img/format/code.c4d30b5.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
355 B (355 bytes)
Hash
c4d30b54c5c62f75a0c39ed9c28806a8
3f581721efa39f9ae0d771b9b2128fee33e6997a
a2c25c755935ac2d485870765c4a39d9468d73b444d9317f77ed7d12a5fa7702

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/format/code.c4d30b5.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 355
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-163"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/format/italics.f2391c6.svg

34.139.204.205

200 OK

343 B

URL GET HTTP/1.1
34.139.204.205/img/format/italics.f2391c6.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
343 B (343 bytes)
Hash
f2391c6ae27db704900eab5ef9f00fcf
0f0a50a7bf27dcd2aaf1a6c2fcaff6770ddb41dc
faeefceb4254249014e271e85bee718391616267307ee81c91a8261cb4154ad7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/format/italics.f2391c6.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 343
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-157"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/format/quote.aa6bf0a.svg

34.139.204.205

200 OK

1.3 kB

URL GET HTTP/1.1
34.139.204.205/img/format/quote.aa6bf0a.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1333 bytes)
Hash
aa6bf0a561684326ab72b8fb18b4a6d7
89044da891a9f50755b5798b7e8ab1bab3a085fd
9f0ac09cfbaa3c7b4a69c9b2f528134204475cc1fa7b7de7b84a2e509eddfb41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/format/quote.aa6bf0a.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 1333
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-535"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/init.js

34.139.204.205

200 OK

2.0 MB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/init.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
2.0 MB (2016910 bytes)
Hash
380c0e79c3acb46b44710dc8e85723eb
15fbf3d796515f05cb2b0e763c9645003e00f0c8
9a34010fb84a70d423479619991a34964e1ac01f16902fe85b01959dcbe0a33a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/init.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: application/javascript
Content-Length: 2016910
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1ec68e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/format/strikethrough.f221865.svg

34.139.204.205

200 OK

1.1 kB

URL GET HTTP/1.1
34.139.204.205/img/format/strikethrough.f221865.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1149 bytes)
Hash
f221865e76738becf4a144c192390b1c
61b762c5a8c0083d17a593bf6d67c7497995af33
753cbe4d7f6a06a28d6cd39d6122028a7627c0ac704403b851ebcf6ce2027237

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/format/strikethrough.f221865.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: image/svg+xml
Content-Length: 1149
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-47d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/vendors~init.js

34.139.204.205

200 OK

2.8 MB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/vendors~init.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51455)
Size
2.8 MB (2764490 bytes)
Hash
15fa236b383c369061113ac112af0507
b7e11c92f88fa78efc85c8599a427925a873ea58
0b8aa02abf73c77a9955ef49619d61501e7ffb4c6f9791548619c1c2a58957c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/vendors~init.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:53 GMT
Content-Type: application/javascript
Content-Length: 2764490
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-2a2eca"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/vector-icons/apple-touch-icon-180.991bfed.png

34.139.204.205

200 OK

2.3 kB

URL GET HTTP/1.1
34.139.204.205/vector-icons/apple-touch-icon-180.991bfed.png
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
2.3 kB (2299 bytes)
Hash
991bfed417d18fd783560ef57f4614d3
2d2554a22fbbc77be08109fa487d6891f304018d
dd87acd8ed91fdcf59a51291598134eb715f1875092a54ed39d51f36e391d995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vector-icons/apple-touch-icon-180.991bfed.png HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: image/png
Content-Length: 2299
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-8fb"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/vector-icons/favicon.878a87c.ico

34.139.204.205

200 OK

15 kB

URL GET HTTP/1.1
34.139.204.205/vector-icons/favicon.878a87c.ico
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
878a87c49e8771baafd5ec7c32368b16
2af74ac6c6d64f52b23af2b3a5b85a72ea47d76e
ae636ac42b01f69f645545f458abac4c518ccf6a7019f16e280f4bf9d5db7a5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vector-icons/favicon.878a87c.ico HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-3aee"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/olm.35f4ef0.wasm

34.139.204.205

200 OK

183 kB

URL GET HTTP/1.1
34.139.204.205/olm.35f4ef0.wasm
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
WebAssembly (wasm) binary module version 0x1 (MVP)
Size
183 kB (182910 bytes)
Hash
35f4ef09c07a6003c80cb82962cba0f1
070dfc2b899ea6e5d081c69f1512bab74db93b03
5aca479f96a010e0830ae8618ac4096c0f6cb89d9a1a8b021ad97cda2a0f3d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olm.35f4ef0.wasm HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: application/octet-stream
Content-Length: 182910
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-2ca7e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/config.34.139.204.205.json?cachebuster=1715177934498

34.139.204.205

404 Not Found

123 B

URL GET HTTP/1.1
34.139.204.205/config.34.139.204.205.json?cachebuster=1715177934498
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /config.34.139.204.205.json?cachebuster=1715177934498 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

34.139.204.205/config.json?cachebuster=1715177934499

34.139.204.205

200 OK

1.3 kB

URL GET HTTP/1.1
34.139.204.205/config.json?cachebuster=1715177934499
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JSON text data
Size
1.3 kB (1279 bytes)
Hash
82e7ac2eaeb1a05f00c35907d7a2c6ea
8e90d031431fb03b66f04b131bf77f8bb5505bb0
6b2b17e0eda015f7ba6e4079693cad7b84769764ad03cabe355eeffddbc430e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /config.json?cachebuster=1715177934499 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: application/json
Content-Length: 1279
Last-Modified: Tue, 20 Feb 2024 00:28:33 GMT
Connection: keep-alive
ETag: "65d3f231-4ff"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/i18n/languages.268ef14.json

34.139.204.205

200 OK

3.7 kB

URL GET HTTP/1.1
34.139.204.205/i18n/languages.268ef14.json
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JSON text data
Size
3.7 kB (3683 bytes)
Hash
268ef146cb461eac14a21b37a8373b0f
71bef92488eebe54011329ed2f3db8d5143ffb0c
cb49b065dd33a2fe62a6488075b8a5cf5886c0f35840c36dd0453794a3838832

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i18n/languages.268ef14.json HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: application/json
Content-Length: 3683
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-e63"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/fonts/Inter/Inter-Regular.4dd66a1.woff2

34.139.204.205

200 OK

100 kB

URL GET HTTP/1.1
34.139.204.205/fonts/Inter/Inter-Regular.4dd66a1.woff2
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Web Open Font Format (Version 2), TrueType, length 100368, version 1.0
Size
100 kB (100368 bytes)
Hash
4dd66a113d54a7f9a1ae913049610617
a37427546c8eecf009cdcd739ff9b2958b0aae7d
89d406b02758799cff68155930829b69a9fb49c39de3e264de966466d8cc7814

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Inter/Inter-Regular.4dd66a1.woff2 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-dark.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: application/octet-stream
Content-Length: 100368
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-18810"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/download.c281461.svg

34.139.204.205

200 OK

1.9 kB

URL GET HTTP/1.1
34.139.204.205/img/download.c281461.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1896 bytes)
Hash
c2814610ac155cefb3073914c9476010
8d27933f6071eea1724c85543ccf0308e8e6502e
2313e5fee578195c036c2d3b93893cdd65219366eca12b42d6eecc9b508c0610

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/download.c281461.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:55 GMT
Content-Type: image/svg+xml
Content-Length: 1896
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-768"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/olm.35f4ef0.wasm

34.139.204.205

200 OK

183 kB

URL GET HTTP/1.1
34.139.204.205/olm.35f4ef0.wasm
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
WebAssembly (wasm) binary module version 0x1 (MVP)
Size
183 kB (182910 bytes)
Hash
35f4ef09c07a6003c80cb82962cba0f1
070dfc2b899ea6e5d081c69f1512bab74db93b03
5aca479f96a010e0830ae8618ac4096c0f6cb89d9a1a8b021ad97cda2a0f3d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olm.35f4ef0.wasm HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:54 GMT
Content-Type: application/octet-stream
Content-Length: 182910
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-2ca7e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/i18n/en_US.4e0451e.json

34.139.204.205

200 OK

47 kB

URL GET HTTP/1.1
34.139.204.205/i18n/en_US.4e0451e.json
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JSON text data
Size
47 kB (47391 bytes)
Hash
4e0451e5a51aa3db572d0152d1159a48
25e01d74cabc8aeede7f8638f378b3ce314cfdf5
c13af18ea423f990363a102d3821640d722f295741788e1ef655a32db4bba307

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i18n/en_US.4e0451e.json HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:55 GMT
Content-Type: application/json
Content-Length: 47391
Last-Modified: Mon, 19 Feb 2024 23:55:54 GMT
Connection: keep-alive
ETag: "65d3ea8a-b91f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/i18n/en_EN.f257160.json

34.139.204.205

200 OK

212 kB

URL GET HTTP/1.1
34.139.204.205/i18n/en_EN.f257160.json
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JSON text data
Size
212 kB (211718 bytes)
Hash
f257160be0b3aca724521e79007b2460
ea68f1ee3c10f58edf4f2a77233a510e9bf0b118
01164a0ddfab198d7e073755bbd308fd4bf6ca0504d19fca478983b030f1dcae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i18n/en_EN.f257160.json HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:55 GMT
Content-Type: application/json
Content-Length: 211718
Last-Modified: Mon, 19 Feb 2024 23:55:54 GMT
Connection: keep-alive
ETag: "65d3ea8a-33b06"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/spinner.d25f31a.svg

34.139.204.205

200 OK

20 kB

URL GET HTTP/1.1
34.139.204.205/img/spinner.d25f31a.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
20 kB (19756 bytes)
Hash
d25f31a805207665eee8ae822925b455
6ef2cb6d4be303db9dd852a0f4c49effad4203f3
8dd107ff9ad1c645d673bb864ea590c72109e59fb56a9fd66d596c0f742779a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinner.d25f31a.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:55 GMT
Content-Type: image/svg+xml
Content-Length: 19756
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-4d2c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/indexeddb-worker.js

34.139.204.205

200 OK

100 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/indexeddb-worker.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (53965), with no line terminators
Size
100 kB (99505 bytes)
Hash
e435523505e32bd4151dd5921d2d9642
634001591cefabca465777a3b794cabafe76c4a7
b181012cb5506e80f867f6519c3ad8fe49990f05d05eb5db2113aa903ea815e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/indexeddb-worker.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:55 GMT
Content-Type: application/javascript
Content-Length: 99505
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-184b1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

synapsex.tradeviewx.tech/_matrix/client/r0/pushrules/

34.139.204.205

401 Unauthorized

0 B

URL GET HTTP/1.1
synapsex.tradeviewx.tech/_matrix/client/r0/pushrules/
IP
34.139.204.205:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/
Certificate
IssuerLet's Encrypt
Subjectsynapsex.tradeviewx.tech
FingerprintAE:FE:0F:0D:AD:31:61:C3:47:BA:D4:9E:E3:72:6E:65:80:A0:41:C8
ValidityWed, 20 Mar 2024 07:11:29 GMT - Tue, 18 Jun 2024 07:11:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /_matrix/client/r0/pushrules/ HTTP/1.1
Host: synapsex.tradeviewx.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: http://34.139.204.205
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization, Date

synapsex.tradeviewx.tech/_matrix/client/r0/pushrules/

34.139.204.205

401 Unauthorized

84 B

URL GET HTTP/1.1
synapsex.tradeviewx.tech/_matrix/client/r0/pushrules/
IP
34.139.204.205:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/
Certificate
IssuerLet's Encrypt
Subjectsynapsex.tradeviewx.tech
FingerprintAE:FE:0F:0D:AD:31:61:C3:47:BA:D4:9E:E3:72:6E:65:80:A0:41:C8
ValidityWed, 20 Mar 2024 07:11:29 GMT - Tue, 18 Jun 2024 07:11:28 GMT

File type
JSON text data
Size
84 B (84 bytes)
Hash
0d29a3f755c330c8e9ad7a6244c43f35
469d5bfbf87cbb6c4618bba55b921e9490fbc6bd
24d2623b25476c70828b3dec6d07439407235678799f936d018e384a84d13990

HTTP Headers

GET /_matrix/client/r0/pushrules/ HTTP/1.1
Host: synapsex.tradeviewx.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer undefined
Origin: http://34.139.204.205
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 401 Unauthorized
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization, Date

34.139.204.205/img/feather-customised/cancel.16e0276.svg

34.139.204.205

200 OK

1.0 kB

URL GET HTTP/1.1
34.139.204.205/img/feather-customised/cancel.16e0276.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1038 bytes)
Hash
16e027689e7f9579bea1fb660d3c7068
bbe9b4326b61a77f8d7268047e3223e8ad787d9f
75023b8d175cde049c5569347eed65f96563f3e46ff5d81b182ccb98ba9754e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/feather-customised/cancel.16e0276.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-dark.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: image/svg+xml
Content-Length: 1038
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-40e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

synapsex.tradeviewx.tech/_matrix/client/r0/logout

34.139.204.205

204 No Content

0 B

URL OPTIONS HTTP/1.1
synapsex.tradeviewx.tech/_matrix/client/r0/logout
IP
34.139.204.205:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/
Certificate
IssuerLet's Encrypt
Subjectsynapsex.tradeviewx.tech
FingerprintAE:FE:0F:0D:AD:31:61:C3:47:BA:D4:9E:E3:72:6E:65:80:A0:41:C8
ValidityWed, 20 Mar 2024 07:11:29 GMT - Tue, 18 Jun 2024 07:11:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /_matrix/client/r0/logout HTTP/1.1
Host: synapsex.tradeviewx.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: http://34.139.204.205
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization, Date

synapsex.tradeviewx.tech/_matrix/client/r0/logout

34.139.204.205

204 No Content

84 B

URL OPTIONS HTTP/1.1
synapsex.tradeviewx.tech/_matrix/client/r0/logout
IP
34.139.204.205:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/
Certificate
IssuerLet's Encrypt
Subjectsynapsex.tradeviewx.tech
FingerprintAE:FE:0F:0D:AD:31:61:C3:47:BA:D4:9E:E3:72:6E:65:80:A0:41:C8
ValidityWed, 20 Mar 2024 07:11:29 GMT - Tue, 18 Jun 2024 07:11:28 GMT

File type
JSON text data
Size
84 B (84 bytes)
Hash
0d29a3f755c330c8e9ad7a6244c43f35
469d5bfbf87cbb6c4618bba55b921e9490fbc6bd
24d2623b25476c70828b3dec6d07439407235678799f936d018e384a84d13990

HTTP Headers

POST /_matrix/client/r0/logout HTTP/1.1
Host: synapsex.tradeviewx.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer undefined
Origin: http://34.139.204.205
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 401 Unauthorized
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization, Date

34.139.204.205/themes/element/img/logos/element-logo.svg

34.139.204.205

200 OK

1.2 kB

URL GET HTTP/1.1
34.139.204.205/themes/element/img/logos/element-logo.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1185 bytes)
Hash
8c9bae5e584246ecbfb5a107159ad084
01b7d45b64da4ba2d560cee628f57562eea5676c
4b6be5a122eac10f6136c30a88a8434fefd2a2cd84cd304c47055206e727c2bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/element/img/logos/element-logo.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: image/svg+xml
Content-Length: 1185
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-4a1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/i18n/languages.268ef14.json

34.139.204.205

200 OK

3.7 kB

URL GET HTTP/1.1
34.139.204.205/i18n/languages.268ef14.json
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JSON text data
Size
3.7 kB (3683 bytes)
Hash
268ef146cb461eac14a21b37a8373b0f
71bef92488eebe54011329ed2f3db8d5143ffb0c
cb49b065dd33a2fe62a6488075b8a5cf5886c0f35840c36dd0453794a3838832

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i18n/languages.268ef14.json HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/json
Content-Length: 3683
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-e63"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/img/feather-customised/dropdown-arrow.60fad0e.svg

34.139.204.205

200 OK

341 B

URL GET HTTP/1.1
34.139.204.205/img/feather-customised/dropdown-arrow.60fad0e.svg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
SVG Scalable Vector Graphics image
Size
341 B (341 bytes)
Hash
60fad0e87686d7d8b2bc8038fba92d41
5419749acf9a0ba19975e4e3545d0b5b9ae6192e
cdf7b092c86af55facbca4d69692ac857d022fda8a41296293082079c369d5ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/feather-customised/dropdown-arrow.60fad0e.svg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:57 GMT
Content-Type: image/svg+xml
Content-Length: 341
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-155"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/fonts/Inter/Inter-Bold.aed2770.woff2

34.139.204.205

200 OK

107 kB

URL GET HTTP/1.1
34.139.204.205/fonts/Inter/Inter-Bold.aed2770.woff2
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Web Open Font Format (Version 2), TrueType, length 107144, version 1.0
Size
107 kB (107144 bytes)
Hash
aed27700d84e327fda56b4a427b03061
ba58d2af0ad5ce20ac3cf3a2e1b658615a3bfa6a
6f5e9a23c31da569497ae9c233b3a3176b33da9ecd52caa3b45dea57805a0cf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Inter/Inter-Bold.aed2770.woff2 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/octet-stream
Content-Length: 107144
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1a288"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/fonts/Inter/Inter-Regular.4dd66a1.woff2

34.139.204.205

200 OK

100 kB

URL GET HTTP/1.1
34.139.204.205/fonts/Inter/Inter-Regular.4dd66a1.woff2
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Web Open Font Format (Version 2), TrueType, length 100368, version 1.0
Size
100 kB (100368 bytes)
Hash
4dd66a113d54a7f9a1ae913049610617
a37427546c8eecf009cdcd739ff9b2958b0aae7d
89d406b02758799cff68155930829b69a9fb49c39de3e264de966466d8cc7814

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Inter/Inter-Regular.4dd66a1.woff2 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/octet-stream
Content-Length: 100368
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-18810"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/fonts/Inter/Inter-SemiBold.dd8a55e.woff2

34.139.204.205

200 OK

107 kB

URL GET HTTP/1.1
34.139.204.205/fonts/Inter/Inter-SemiBold.dd8a55e.woff2
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Web Open Font Format (Version 2), TrueType, length 106916, version 1.0
Size
107 kB (106916 bytes)
Hash
dd8a55ef7058cdaeb96ef9fc65344726
b274445abf692417a215fa110127b11e2ffa9208
c7c3befe28a2fe45fb772f93cc52c828a71ccebc4b9fa5c971db452f712f3e78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Inter/Inter-SemiBold.dd8a55e.woff2 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-light.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/octet-stream
Content-Length: 106916
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1a1a4"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/bundles/f322760c56df8d2bd835/indexeddb-worker.js

34.139.204.205

200 OK

100 kB

URL GET HTTP/1.1
34.139.204.205/bundles/f322760c56df8d2bd835/indexeddb-worker.js
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (53965), with no line terminators
Size
100 kB (99505 bytes)
Hash
e435523505e32bd4151dd5921d2d9642
634001591cefabca465777a3b794cabafe76c4a7
b181012cb5506e80f867f6519c3ad8fe49990f05d05eb5db2113aa903ea815e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundles/f322760c56df8d2bd835/indexeddb-worker.js HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/javascript
Content-Length: 99505
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-184b1"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

34.139.204.205/fonts/Inter/Inter-SemiBold.dd8a55e.woff2

34.139.204.205

200 OK

711 kB

URL GET HTTP/1.1
34.139.204.205/fonts/Inter/Inter-SemiBold.dd8a55e.woff2
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
Web Open Font Format (Version 2), TrueType, length 106916, version 1.0
Size
711 kB (711330 bytes)
Hash
eb2cac9b214fa52e2796e7d20d79ec20
b925ef844b9c0a55bc80f361630d6321770010af
e29eebcb3585e2ea0d7f8fcc50e08d4e41a6ddee1de6c5faf49979113d27b6c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/Inter/Inter-SemiBold.dd8a55e.woff2 HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://34.139.204.205/bundles/f322760c56df8d2bd835/theme-tvi-dark.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: application/octet-stream
Content-Length: 106916
Last-Modified: Mon, 19 Feb 2024 23:58:01 GMT
Connection: keep-alive
ETag: "65d3eb09-1a1a4"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=ZC9kisyuqBOYBy66dmQlQZNZ3FnOc1wsOu97fe4Jen3kq_klnuX88xuxoT-S05bz7Bo-5Vd97zEDt0S-16XMOq3KIdq8UqYKNTRytrkZP1Xfh17Tll3pUvsLi1OegYiF
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 14:18:27 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 43
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

34.139.204.205/themes/element/img/backgrounds/lake.jpg

34.139.204.205

200 OK

610 kB

URL GET HTTP/1.1
34.139.204.205/themes/element/img/backgrounds/lake.jpg
IP
34.139.204.205:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://34.139.204.205/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=2015], progressive, precision 8, 2560x1709, components 3
Size
610 kB (610431 bytes)
Hash
9fb663e126dcc98b3d3b0178d2d23771
fcb0e8ceec359b2a0eac7332a4504668c16cfba0
34dd12e350332527e5d42f271436a97ad825b0885f5baa4231368f52286dbaa4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/element/img/backgrounds/lake.jpg HTTP/1.1
Host: 34.139.204.205
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 May 2024 14:18:56 GMT
Content-Type: image/jpeg
Content-Length: 610431
Last-Modified: Mon, 19 Feb 2024 23:55:55 GMT
Connection: keep-alive
ETag: "65d3ea8b-9507f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (56)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1