Report - l24.im/Home/Main/en/report-abuse.html

Report Overview

Submitted URL
l24.im/Home/Main/en/report-abuse.html
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 03:10:41
Access
public
Website Title
Report Abuse - Link 24
Final URL
l24.im/Home/Main/en/report-abuse.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
l24.im	458019	unknown	2020-09-12	2024-04-17	15 kB	773 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-25	3.2 kB	122 kB	216.58.207.227
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-24	2.3 kB	1.3 kB	216.239.32.36
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-25	3.1 kB	647 kB	142.250.74.106
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-24	896 B	36 kB	104.17.25.14
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-25	422 B	34 kB	142.250.74.170
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	583 B	578 B	142.250.74.163
cdn.segmage.dev	unknown	2022-02-13	2023-08-24	2024-02-29	2.6 kB	234 kB	188.114.96.1
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2024-04-25	458 B	61 kB	104.18.10.207
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-25	1.7 kB	379 kB	142.250.74.72
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-25	2.7 kB	148 kB	151.101.193.229
collect.segmage.dev	unknown	2022-02-13	2023-07-23	2024-02-29	4.6 kB	5.6 kB	188.114.96.1
app.l24.im	unknown	unknown	2022-10-06	2024-02-29	9.7 kB	7.2 MB	188.114.96.1
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-04-25	964 B	39 kB	104.16.79.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed
2024-04-26	medium	l24.im	Sinkholed

ThreatFox

No alerts detected

JavaScript (38)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL	304 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:44 Last Seen2024-04-26 05:10:47 Times Seen2 Hash 9391c46f9d4713d898894c3c6b664007 a4b71b9fd1e49719139fd2c403079f2b7b173d7b 127be9acb5a88e402012d2e274e4ad4d037395b60cf9c4ddb5ccd50e144c326f Loading...

	l24.im/Home/Main/en/report-abuse.html	9 B	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/en/report-abuse.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 05:10:44 Last Seen2024-04-26 05:10:44 Times Seen1 Hash 1bfaa52b8a26a81a2494f6c16aeaefcf 13d7d7cd019e7b5710040f92e778aa4506438799 3cd69e2a027302186b80b4a4fb3bef659dd4de71030abf9f4250e75defa54449 Loading...

	l24.im/Home/Main/assets/js/jquery.validationEngine-tr.js	5.4 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/jquery.validationEngine-tr.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:44 Last Seen2024-04-26 05:10:44 Times Seen1 Hash bfd7ec6731d621801cd503350d9d7de1 124376258b6510ddc1c9985acb3b12b984c6f901 7d245382e63dd099e772a9101e3c6271ccf409d3f80f1caa92e5cd10658662b7 Loading...

	l24.im/Home/Main/assets/js/site.js?v=1.0.4	12 kB	2024-02-29	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/site.js?v=1.0.4 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-29 13:59:56 Last Seen2024-04-26 05:10:44 Times Seen3 Hash 96c52025a30eb84af4482b9a0c2f4928 fcee4473f77f19fffc86a5bb3293261ab38810e3 16d928206b28f3bd9da318b4e9b7d1001d0142a04cd78efbc1198e8dcafd3d32 Loading...

	static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793	19 kB	2024-04-17	2024-05-03
Pretty URL static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 04:05:01 Last Seen2024-05-03 04:44:29 Times Seen1486 Hash 3be93fd15d2f7dee2fc0c8981c6fa5c6 8cd88c36fad3e96641dbc4d781f5ddbe5123312f 17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee Loading...

	l24.im/Home/Main/assets/js/complainForm.js?v=1.0.10	2.3 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/complainForm.js?v=1.0.10 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:44 Last Seen2024-04-26 05:10:44 Times Seen1 Hash 0c49579568f25a0fcd217dd48f30f9f9 abff644848d9891d0b67bfa6ce9d699dc6fa7c92 93bd9afe11d9940f582f9172f7f4c9d050be2842128470b93ec2547630396c12 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J	247 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:47 Times Seen2 Hash 3be81af508bb464944a6ba7aa1e9e400 c67fe3cacb0a6587ed3cf0416d77cb88d1857a4a 83978f1bd63d0b81966edb188fa20cf3fc95ded8f1598d70e83375742d499fef Loading...

	unknown	403 B	2024-02-16	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-16 15:56:08 Last Seen2024-05-01 16:59:17 Times Seen4 Hash 257dff85e9f795840955cb443dfed376 3425240fd52f2fb65be010f16199e7d7bced57d0 98e5b7f61657ff793c082f2d97da82ef1c3a5749d9850ee2148edd5aeb5369e5 Loading...

	app.l24.im/assets/js/jquery.min.js	183 kB	2023-03-08	2024-05-01
Pretty URL app.l24.im/assets/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:32:29 Last Seen2024-05-01 16:59:18 Times Seen6 Hash 48a72d06775ba5af55ee45f50532f0d4 c98a5353f8baa42e6407e75bca3684bfcfd4cc45 60358bb82642f13a2a9c00b4f2080fe03ebd5652ebf468685aa5aa28a7857afe Loading...

	app.l24.im/scripts.2e43156fa3f3d689819e.js	161 kB	2024-04-26	2024-04-26
Pretty URL app.l24.im/scripts.2e43156fa3f3d689819e.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:45 Times Seen1 Hash 804e0d91e42856c8f71692587009a290 92da62621c8fb80749ce96d214241dd878301376 c4b1c7415d6777bd1fe9430c353e511ded2775995604082652abda78827b0c1f Loading...

	cdn.segmage.dev/segmage.min.js	67 kB	2024-04-18	2024-05-01
Pretty URL cdn.segmage.dev/segmage.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 16:44:52 Last Seen2024-05-01 16:59:18 Times Seen8 Hash 7be0e3ff82027518c342e362e8609c5a e00524c6f06ed4d30ebed607f347bd0cfc72c479 f60b0e6d0bd6c5d921ed03561848edfee90d78c751a068ab639e57cf951e78d5 Loading...

	cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js	68 kB	2023-03-07	2024-05-05
Pretty URL cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:46 Last Seen2024-05-05 17:07:00 Times Seen7241 Hash 49a6b4d019a934bcf83f0c397eba82d8 6181412e73966696d08e1e5b1243a572d0f22ba6 cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf Loading...

	l24.im/Home/Main/assets/js/intlTelInput.js?_=1714101011041	71 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/intlTelInput.js?_=1714101011041 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:45 Times Seen1 Hash 635dec1bcae0af39d7b0454bc09f15db 3e9b9282a0b303ee0d112cf9705e60578f50449e 6f550a292ac426ffb8e536f75c40e50a8c98a30ff075676035d9bd0a49d81fa3 Loading...

	app.l24.im/GetCurrentUser	0 B	2023-03-07	2024-05-05
Pretty URL app.l24.im/GetCurrentUser IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 20:38:44 Times Seen37369493 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	85 B	2023-04-13	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 04:58:27 Last Seen2024-04-26 05:10:45 Times Seen82 Hash e5947dac482bd48224ecdfb0cf2a6746 16125abf6428ac60ad2457dc9b5e44a501830358 6bb65662e0b9aa923929cdf62367af599791317caf2f6f7390d23946a3a0e14c Loading...

	www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c	302 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:47 Times Seen2 Hash d6aac0da8e69a9d362c439f933eef87b 6e5be250ff47bee1dcd6bf3675428a80eea580e1 d1ceb7633997ca21ae9b8490083c5f8063535e0e2f920f3dc6f2fb06116e1e89 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js	96 kB	2023-03-07	2024-05-05
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:11 Last Seen2024-05-05 13:28:55 Times Seen15478 Hash f03e5a3bf534f4a738bc350631fd05bd 37b1db88b57438f1072a8ebc7559c909c9d3a682 aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947 Loading...

	unknown	86 B	2023-04-13	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 04:58:27 Last Seen2024-04-26 05:10:45 Times Seen82 Hash 331f1460da3e8fdb6389d86c36fbc3e4 daccbba55e322097b924e2eb60bf964b7e2425ea bb9638d3c6e242d3c79ea85358b28558f5b2e4d348faf88a30be6664816f5b86 Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js	84 kB	2023-03-07	2024-05-05
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-05 00:25:27 Times Seen5423 Hash f81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b Loading...

	app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js	2.3 kB	2023-03-08	2024-05-01
Pretty URL app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:32:29 Last Seen2024-05-01 16:59:18 Times Seen5 Hash 700f9d3d990a2d2a1cdc1a1987e91447 6c661b53616087e92d40936119ba3b84d4fc6540 b2ca35427b769c3756cb28b82cf02d0d760089ced14cb633bb95b4991c18de9f Loading...

	app.l24.im/5-es2015.16fc982e6f8a852d9905.js	543 B	2023-03-08	2024-05-01
Pretty URL app.l24.im/5-es2015.16fc982e6f8a852d9905.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:32:29 Last Seen2024-05-01 16:59:18 Times Seen3 Hash 98b3df6897e3a6ae0c9d6b95e382642b 63bdff7dc56ef9f44c2e6e3f600685228f8abcef b848cc3d7aff4a67b3ba78961b5b5168f145cb027a75f52efee0be0573074dbc Loading...

	unknown	157 B	2024-02-16	2024-05-01
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-02-16 15:56:07 Last Seen2024-05-01 16:59:17 Times Seen5 Hash 615b9011afce4a7507fe8c83e326bbcb 8ebb498d0f77b75bc6bf9e5c1dd77951c5fd8b9a 29e09b91e2352e017fc0613f73f6525df322d7d9a92391dda84e594f0c33fc9e Loading...

	l24.im/Home/Main/assets/js/jquery.validationEngine.js	31 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/jquery.validationEngine.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:45 Times Seen1 Hash be445ad93b32557f0750c79044d9b786 0fb137ba9110e33fc06fd5afb9ae149fc2eb87c0 3a1d1cca9b977575bb4f8bbeb0212eb8adbc785b846eda940a73fd9f835fea21 Loading...

	l24.im/Home/Main/assets/js/l24-integration.js?v=1.0.4	8.6 kB	2024-04-26	2024-05-01
Pretty URL l24.im/Home/Main/assets/js/l24-integration.js?v=1.0.4 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-05-01 16:59:18 Times Seen2 Hash 6869d59fae16c027672e2801aea0bc6f 8ca613e3ebcf29e7418dee4ca63168f4386b1345 5c4fa847d44513e18fe1f3def0f02008fbc56289a19ced46b3671fe6d3077de4 Loading...

	l24.im/Home/Main/assets/js/jquery.TelMask.js?_=1714101011040	12 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/jquery.TelMask.js?_=1714101011040 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:48 Times Seen2 Hash 8f996c4c40ce49e85bc289c47a94667f da4d88c55ee9adb8c476008dac2753450fb3af23 667f4b1a1e9525e9383ecba5d39ac44391cc8fce58432351fd0c0d7cdbf4ee21 Loading...

	unknown	88 B	2023-04-13	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 04:58:27 Last Seen2024-04-26 05:10:45 Times Seen82 Hash 9c3c27f6968bbadcf6ea3237f7637adb fcbd3a4af8de22b0ce21aabcd3222ec27d3c97cd a3639c140206ac769e4bbf8d552eeeca95d22c348a04a9361ac14579e8eea1b8 Loading...

	app.l24.im/6-es2015.ebf475ad843a9bca125d.js	1.6 kB	2023-03-08	2024-05-01
Pretty URL app.l24.im/6-es2015.ebf475ad843a9bca125d.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:32:29 Last Seen2024-05-01 16:59:18 Times Seen4 Hash 947f8cfb6e3dfc384a5bcc2e8a8a69c6 8020cfa5764e7d632b07deae849b0984d86f9ccd 6ff5bb7b9a746fb72cc1fada34fb9554ea08c7ce98a59d6f05667a2797e6ac0d Loading...

	l24.im/Home/Main/en/report-abuse.html	342 B	2024-02-16	2024-05-01
Pretty URL l24.im/Home/Main/en/report-abuse.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-16 15:56:07 Last Seen2024-05-01 16:59:17 Times Seen4 Hash 9aefe231f0a3c4b8e92a4aed78f25988 c8d82ab095854b93bccc37b6708f718a87116293 993fdb5b989a33d35b4e50740bb8fabb9b86a9fed228ba8e496594a241aa52a1 Loading...

	l24.im/Home/Main/assets/js/form.js?v=1.0.4	8.0 kB	2024-04-26	2024-04-26
Pretty URL l24.im/Home/Main/assets/js/form.js?v=1.0.4 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:45 Last Seen2024-04-26 05:10:47 Times Seen2 Hash 7e0647db52d6a3af2d8327b460a0a80a f9a41e8c9953463c3b1f1f5f906ba49ac7057f99 ce4375a84219a37a1adc48aa09b1571260b5e48854001319dea63924050028a8 Loading...

	unknown	78 B	2023-04-13	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 04:58:27 Last Seen2024-04-26 05:10:46 Times Seen82 Hash ed007757f278bc613a67ab6b7f2d4086 64deea476a5ce2a6c1faa97d9afb96b4ceb6ed8a 368ca791418f528a2bb06ad67dcd2ffd1068ef30a0095790ab0bdcae72db42b6 Loading...

	cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js	23 kB	2023-03-07	2024-05-05
Pretty URL cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:44 Last Seen2024-05-05 15:20:14 Times Seen1706 Hash 00debcf6cf0789a19cee2278011afcd4 8017f8b1869077db728573f1ca4684a00af69462 faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J	245 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:46 Last Seen2024-04-26 05:10:47 Times Seen2 Hash 0b57bd2944305a1e381e7b2ab5980b40 1121d4e42c006a76614d8d6c7c478842af5d4ab5 e24caa39b828d1481de8bbaf63150840ce11bedf86aa59f5d067915cfbe45313 Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js	60 kB	2023-03-07	2024-05-05
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-05-05 15:20:27 Times Seen8127 Hash 61f338f870fcd0ff46362ef109d28533 b3c116c65e6f053aaab45e5619a78ec00271a50f 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548 Loading...

	app.l24.im/main-es2015.fe4776dc21aed168eff8.js	6.2 MB	2024-04-26	2024-04-26
Pretty URL app.l24.im/main-es2015.fe4776dc21aed168eff8.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:10:46 Last Seen2024-04-26 05:10:46 Times Seen1 Hash 3087b2eba1dc53e7926615128bc1718c ce4943d1bb3dc2416936096aeaab22ad6a319cd0 4766e279f0958cb6eed0b72cdf469bb5f4104efaed1e1493979bbd74a0f77265 Loading...

	unknown	75 B	2023-04-13	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 04:58:27 Last Seen2024-04-26 05:10:46 Times Seen82 Hash 5d63271b1408a1bcc9111c65236f69ea 889f06921fa03719aedcdf13e63595d351e43800 4e6c649f54fd84911bad906fae11dfe25c7a0053d7441c40128ce4fbaa6243ce Loading...

	app.l24.im/assets/js/owl.carousel.min.js	44 kB	2023-03-07	2024-05-05
Pretty URL app.l24.im/assets/js/owl.carousel.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:30 Last Seen2024-05-05 20:18:21 Times Seen4009 Hash 47c357c05cb99cedbac2874840319818 d8b05365de4b760618328fdeef7672e8374978e4 4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029 Loading...

	app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js	38 kB	2023-03-08	2024-05-01
Pretty URL app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:32:29 Last Seen2024-05-01 16:59:18 Times Seen5 Hash abd2525eedb8a6321c99e53e01d75d37 3fc0cabedaefe7af15964afe691493fd1606203d 649baa63f06598655b146f6ce37865fabe947dfa0f542607899d9864f7588498 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 66279dba37947e1c3209f46b0052fa4d	220 kB	2023-04-30	2024-04-26
Pretty Observations First Seen2023-04-30 02:22:30 Last Seen2024-04-26 05:10:47 Times Seen14 Hash 66279dba37947e1c3209f46b0052fa4d 525ba87022d9a9aad1b3e8a88e6f20204930d644 b92988bcc2243b41459ded302721b17a5155603a7cef0f46ba85ba836b366002 Loading...

HTTP Transactions (93)

URL IP Response Size

l24.im/Home/Main/assets/images/banklogos.png

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/banklogos.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
PNG image data, 429 x 32, 8-bit/color RGBA, non-interlaced
Size
14 kB (14196 bytes)
Hash
bd652944bc6ccda4690900baa6226ca9
eb3faf37fcecd7fb23e8270a298f56bfd0e3c14d
d0ca4e684b6a94cdc68c6b622aa32ddefccf9f022a2b88cb0a38ce21e2d78e35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/banklogos.png HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/png
content-length: 14196
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "baaa9193ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1B93ys6%2B7IuH1KN1ky3eW9j5sjuX0X5e8l71%2FLoHw%2BB1s%2BJNmLSfNcxjshQirTQp6X4WG5gDKtETG0SGN9qUaIZpciJQu9Yy3nnPcSyr1Xgo%2BhWSPeoyrLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bba856b1-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css

104.17.25.14

200 OK

17 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65317)
Size
17 kB (17188 bytes)
Hash
8ef777107c4620d4ddd4f8c4bb14a36c
0ae47fa834fb55de7b50c79021aeabecfae50c9c
c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f

HTTP Headers

GET /ajax/libs/font-awesome/6.1.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/css; charset=utf-8
content-length: 17188
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "62deef96-4324"
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 508
expires: Wed, 16 Apr 2025 03:10:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0686W48rqvfjFkdF6lMzSnwM1PzEQBVH5Kn8IDMCw8SBMhJuJm3Aw9JMF6%2Bk7OMWpL0Gpsbcg6ESa5WCZrxRk4Lk7C13NV0%2FXJ%2FJjDKUBQ2Df8dGAGE6BW4HKKBj%2BtULKVKxki7v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a360d3c8bdb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/loading-buffering.gif

188.114.96.1

200 OK

41 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/loading-buffering.gif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
GIF image data, version 89a, 200 x 200
Size
41 kB (40957 bytes)
Hash
cac6f4f6ddbe92403ef75aab346d1f59
92b129fe5eae789c5bdf9c88e56e6574004ab1b8
2eff2ae61047456178738bb7f10017cd66509ef3a547d5e3666267c7f4943b66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/loading-buffering.gif HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/gif
content-length: 40957
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "96810a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVGWjd7gbXx0n47H1vgrL3mOQE1vYNrsLwPNdUSVSNk8D6esET7RUlEgXtcw%2FmCaKcqcCYiJZ9nRORrFmQiAo%2B0MYAKL0oQG9m1tPTj3TSZb0yYzDCSbJrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3aba156b1-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL

142.250.74.72

200 OK

101 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
101 kB (101104 bytes)
Hash
9391c46f9d4713d898894c3c6b664007
a4b71b9fd1e49719139fd2c403079f2b7b173d7b
127be9acb5a88e402012d2e274e4ad4d037395b60cf9c4ddb5ccd50e144c326f

HTTP Headers

GET /gtag/js?id=G-7N67D0CRJL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:10:10 GMT
expires: Fri, 26 Apr 2024 03:10:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101104
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

151.101.193.229

200 OK

3.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (12795), with no line terminators
Size
3.4 kB (3370 bytes)
Hash
a2d42584292f64c5827e8b67b1b38726
1be9b79be02a1cfc5d96c4a5e0feb8f472babd95
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

HTTP Headers

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:10 GMT
age: 20746566
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3370
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js

151.101.193.229

200 OK

23 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (31972)
Size
23 kB (23149 bytes)
Hash
49a6b4d019a934bcf83f0c397eba82d8
6181412e73966696d08e1e5b1243a572d0f22ba6
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

HTTP Headers

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:10 GMT
age: 22648478
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23149
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

142.250.74.170

200 OK

34 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
34 kB (33507 bytes)
Hash
f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

HTTP Headers

GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 19 Apr 2024 04:18:29 GMT
expires: Sat, 19 Apr 2025 04:18:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 600701
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

collect.segmage.dev/src/0745484d-e935-41b7-aa35-08db89e90583.js?v=6382554132080622165

188.114.96.1

404 Not Found

0 B

URL GET HTTP/2
collect.segmage.dev/src/0745484d-e935-41b7-aa35-08db89e90583.js?v=6382554132080622165
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /src/0745484d-e935-41b7-aa35-08db89e90583.js?v=6382554132080622165 HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 26 Apr 2024 03:10:10 GMT
content-length: 0
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SEIjAaYLvoXzRj99VMd1%2Bz3DJKRho7fDmOc6GDIpMlCbgdjWuZY4EuW%2BOwAKJcWJUXdJKBfVWuyZu7OjkloPYNgusGQb3y2P2UwX9VKuPs5Odrm0DAxsP%2Fxgj4GsHMHmIUa8K7Ga"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360d43aaa56bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/facebook.svg

188.114.96.1

200 OK

1.6 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/facebook.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1603 bytes)
Hash
ee7fdf6fb5991508411074973990791d
658e7e062c1008262ada8f6c5b2f373e9b5cec3a
6b3d272a2f70a01b602d8fe997f81a54b5ffffa9dfcaff5c9e6fe6c026c3b7a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/facebook.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"f0eb9893ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vp05dpuX2gUu8qQ%2FwUecG05i%2B7A6nbO9burjMTGOwqI%2B5TrAWEq5pCHikahnIVQHuXn0XTR7BUVAqa30M62Wt6%2BFguduJAhUo%2BKlVficyKtHtpqAmzcViY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bba656b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J

142.250.74.72

200 OK

88 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3041)
Size
88 kB (87866 bytes)
Hash
3be81af508bb464944a6ba7aa1e9e400
c67fe3cacb0a6587ed3cf0416d77cb88d1857a4a
83978f1bd63d0b81966edb188fa20cf3fc95ded8f1598d70e83375742d499fef

HTTP Headers

GET /gtm.js?id=GTM-MF73SG9J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:10:10 GMT
expires: Fri, 26 Apr 2024 03:10:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87866
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

l24.im/Home/Main/assets/css/font.css

188.114.96.1

200 OK

761 B

URL GET HTTP/3
l24.im/Home/Main/assets/css/font.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (653), with no line terminators
Size
761 B (761 bytes)
Hash
eac2867fde408de726bdcf8051f66b9f
f369a2d186495ae2911ed878c4eb475bd848c720
e5e975a7a597a22af0528c541a81cf3c9a2a4ebdde459edd6fc351334f4d12cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/font.css HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=947
etag: W/"4bc18093ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbLfQWriAWJJi6eLVa8ThCNp2EXDOOaSC%2B6ctafeMM0%2F%2BK%2Bnfeuv6yEZoGYm1c4zi3HvRd8aB2%2FR0E0d1CFk7X3BsLX9GSDiv6hkpBL1%2FMsYwUgR%2BDQrjdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d39b9856b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/en/report-abuse.html

188.114.96.1

200 OK

13 kB

URL User Request GET HTTP/2
l24.im/Home/Main/en/report-abuse.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (376), with CRLF, LF line terminators
Size
13 kB (13193 bytes)
Hash
a7361f631b9bf067d6836a61a7579fb0
569ea17367cfe2e867d38f8f81d0060638f170d4
bf15228862280d4730277bbf5d31e74d15b989293c0534e005f56fd3e6586845

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/en/report-abuse.html HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 00:21:38 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iElX9PIGK8l9L%2FTVpX%2B3l0mDkspWzAhVT3Bdqn5BcP04SQpVh%2BdRImJDIj2tYGD5FYY1XaI%2BfaVsanD8CqjVxteqZeR0WxJsOdZTTOLQvjWBFd6LmhPVb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d0edb156ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/twitter.svg

188.114.96.1

200 OK

22 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/twitter.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
22 kB (22458 bytes)
Hash
71c636b942fa3cbee418a65aa476cb91
5f7b44ae7c4f5df6bed53a64f8b7d02e7842533f
731f6f8e0d18bfdab2c690939150426c469c4e7621b8679e769e32ead3db71c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/twitter.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
etag: W/"e56021a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ra%2Bhc%2BD1KALRZmsdJq8Noestmqcmrz9WpIoqK%2BzKSHmDkJVocR%2F2In4JuuZLFyi1B52uVMOs2gL2Vp8xIkWfFNtoaqzJNLnrsLTt9C1zoE0rpWVpG1rWYxg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bba756b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19156, version 1.0
Size
19 kB (19156 bytes)
Hash
0ceb759015a6df090ad355231fdb39f1
b947749baab5bfa0bee35d31e5a5050d4beefe9b
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

HTTP Headers

GET /s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:30:46 GMT
expires: Fri, 25 Apr 2025 02:30:46 GMT
cache-control: public, max-age=31536000
age: 88765
last-modified: Tue, 02 May 2023 16:04:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/js/form.js?v=1.0.4

188.114.96.1

200 OK

19 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/form.js?v=1.0.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1321)
Size
19 kB (18737 bytes)
Hash
7e0647db52d6a3af2d8327b460a0a80a
f9a41e8c9953463c3b1f1f5f906ba49ac7057f99
ce4375a84219a37a1adc48aa09b1571260b5e48854001319dea63924050028a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/form.js?v=1.0.4 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=10736
etag: W/"de347ac894c9d91:0"
last-modified: Tue, 08 Aug 2023 01:08:03 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYCXGnezBQYN7WvqTY92tcYkPSdi4p4mPbXF2i8ZkQJGxK%2FEsfor5LFtPGl0Ng4A3j4Jmo4TOGb6wSTOFowKvKII%2FtdyWThSnIkZKROhEW5yBjUKnDrpu7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbaa56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap

142.250.74.106

200 OK

21 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
21 kB (21249 bytes)
Hash
37744d5085b4b472f9272fd7a8b4c508
ea208eca8af98d7ddabfa6b6f575679ce07a189b
033a8fea9cff56f36ceb42be10e6da94c739a8afd9b59defd062f5ef48cf8afa

HTTP Headers

GET /css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:10 GMT
date: Fri, 26 Apr 2024 03:10:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/menuicon1.svg

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/menuicon1.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
20 kB (20257 bytes)
Hash
c3780f989f484de2b8f0d3c1dbed8908
9e63c8651885230c9fd956e8826050cc394e8967
63b3c4e333558a101fd29cb6ecce29f9b3dee5de4765d77aec0367fd8eb8047b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/menuicon1.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"2eb712a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PmYMRU7ACHNX54%2B8Nkagjdk1P0uvJHVxWxtp9sTGZ2ZiaUGuXn3NlmtNquzjWHkH2v06tTk0RJQwuMXrIYGGRQuK2R9Ag8wcnviNEJQpD%2Bm2L3KYESAceY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3ab9e56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19440, version 1.0
Size
19 kB (19440 bytes)
Hash
f9b6356e32a9b93ae0f1c23aa537f2a1
0cc73519d7b7fb4e4268727490205df48bd570f6
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

HTTP Headers

GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19440
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Apr 2024 17:46:32 GMT
expires: Tue, 22 Apr 2025 17:46:32 GMT
cache-control: public, max-age=31536000
age: 293019
last-modified: Tue, 02 May 2023 16:08:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/css/img/flags.png

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
l24.im/Home/Main/assets/css/img/flags.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
PNG image data, 5630 x 15, 8-bit colormap, non-interlaced
Size
20 kB (19470 bytes)
Hash
ca3277bf7783c9c969898ab5edfdfda4
b959a96337f43ac29cefe1be6b881cadee2101a2
da43d15740f2672964c941d07f8313d6d560db441ec04261f70c4241c49cc4e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/img/flags.png HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/assets/css/intlTelInput.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: image/png
content-length: 19470
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "24a78293ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2FtwL8Co4sJ%2BgsizKS%2BREiQs9yYJskmy4AtaIb2ZvqhRGO%2F10mz6tN%2Be4O2fv7A985kGi3skJRtHB1YGb1SjOm%2FxGNFEdiGRMQAs3JC9Wn0Eb8kMeCRYByY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d8cd4d56b1-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css

104.17.25.14

200 OK

17 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65317)
Size
17 kB (17188 bytes)
Hash
8ef777107c4620d4ddd4f8c4bb14a36c
0ae47fa834fb55de7b50c79021aeabecfae50c9c
c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f

HTTP Headers

GET /ajax/libs/font-awesome/6.1.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/css; charset=utf-8
content-length: 17188
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "62deef96-4324"
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 509
expires: Wed, 16 Apr 2025 03:10:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UyTDsTIltRT8LaBFca9%2F8nCqaxAhBDHZk9do2dDPm%2BeO7UFCW0934trvOwEV10%2FQA0JAsXhf55JN1qE82bg9oBy98KcWML4KlYAo8hQGGglwTV4HYQRtnFBhuodnPtHrHsCfmenI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a360d92a5eb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css

151.101.193.229

200 OK

3.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (12795), with no line terminators
Size
3.4 kB (3370 bytes)
Hash
a2d42584292f64c5827e8b67b1b38726
1be9b79be02a1cfc5d96c4a5e0feb8f472babd95
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

HTTP Headers

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 3370
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:11 GMT
age: 20746567
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js

151.101.193.229

200 OK

6.4 kB

URL GET HTTP/3
cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (23002)
Size
6.4 kB (6363 bytes)
Hash
00debcf6cf0789a19cee2278011afcd4
8017f8b1869077db728573f1ca4684a00af69462
faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6

HTTP Headers

GET /particles.js/2.0.0/particles.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 6363
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"5b44-gBf4sYaQd9tyhXPxykaEoAr2lGI"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:11 GMT
age: 1744001
x-served-by: cache-fra-eddf8230124-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

l24.im/Home/Main/assets/images/l24logo.svg

188.114.96.1

200 OK

26 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/l24logo.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
26 kB (26125 bytes)
Hash
225ffd833928e41b2c13172a1ffa7309
11097059d97e91f86bf4121b3d72c3c458e17055
105651637868eaeeb98db42c03082b8c2768c942ab30e8231967cfb9b2d1fcae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/l24logo.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"62cf893ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HggL3uM6smlxfDzJZT3op36USGF2V4Omm3S0mV0i%2BvrsEqjb2NpB%2F7gQUC4ps3Q8RxtVwwS3JGIOKNJD278DoZ47jLOaPyJ04ilvGZgOuVQ0NmDZckyvr4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3ab9b56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js

151.101.193.229

200 OK

23 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (31972)
Size
23 kB (23149 bytes)
Hash
49a6b4d019a934bcf83f0c397eba82d8
6181412e73966696d08e1e5b1243a572d0f22ba6
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

HTTP Headers

GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 23149
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:11 GMT
age: 22648478
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J

142.250.74.72

200 OK

87 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3041)
Size
87 kB (87359 bytes)
Hash
0b57bd2944305a1e381e7b2ab5980b40
1121d4e42c006a76614d8d6c7c478842af5d4ab5
e24caa39b828d1481de8bbaf63150840ce11bedf86aa59f5d067915cfbe45313

HTTP Headers

GET /gtm.js?id=GTM-MF73SG9J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:10:11 GMT
expires: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87359
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7N67D0CRJL&cid=1644663986.1714101011&gtm=45je44o0v876472101z89137687946za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1486215500

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7N67D0CRJL&cid=1644663986.1714101011&gtm=45je44o0v876472101z89137687946za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1486215500
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint4E:BD:F9:72:97:67:A2:4B:EE:E4:B0:03:CD:C8:F3:30:53:27:53:1D
ValidityMon, 18 Mar 2024 20:50:06 GMT - Mon, 10 Jun 2024 20:50:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7N67D0CRJL&cid=1644663986.1714101011&gtm=45je44o0v876472101z89137687946za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1486215500 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 03:10:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

app.l24.im/styles.2df49dd6389696495d00.css

188.114.96.1

200 OK

421 kB

URL GET HTTP/3
app.l24.im/styles.2df49dd6389696495d00.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
421 kB (420910 bytes)
Hash
dba84f0276c594624d3d5c77fc978db5
a3fef693e646a2a62173cac3cdd123752496e821
4ca871830c95ec135ffd8dfbbe055590d500424b15b5b7225ef982962cc50d2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles.2df49dd6389696495d00.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2677481
etag: W/"1d9c6e4b2f73be9"
last-modified: Fri, 04 Aug 2023 15:02:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ENzogZbilgsx2da9IYRMPyJkpiF7CVrI7GEyIOiBV59moHNv95tfuHp%2BwbSAdk4nh68IcbUmaOigRknxmeNhox0hhEsMy6GkeOam3znfrjJLn3sDmdQda1WR0aHz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d93dec56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/images/menuicon3.svg

188.114.96.1

200 OK

46 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/menuicon3.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
46 kB (45826 bytes)
Hash
2a3af5b285a3a7805140508bf45f748b
b002087adf268a97853f8ab811121180e79528fc
da4bfa55fc84463a44296293f88bb28e4b907c5d387a69c292c83eb722609533

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/menuicon3.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"fcff12a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6scva%2BiZtkAPaT%2F8X99mTjx1B%2BITxzPIVTpDd6B7tqHhQ%2BrMMmHjWJqMt%2BgHYlWfNIzCMTlEGMXTV504H9aJZZXeVStvNcOAc8eTBZLalpR3ALwvzIuMCvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3aba056b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/css/intlTelInput.css

188.114.96.1

200 OK

70 kB

URL GET HTTP/3
l24.im/Home/Main/assets/css/intlTelInput.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (21140), with no line terminators
Size
70 kB (69742 bytes)
Hash
cb5b1388162900660d327e2049fb4b94
379bf9699a1a5ed27b5a304726fe57f36dfb07ee
dc8f4d6cd6a649aa1fe10aac766c959d35916597e811f166da26e41ff71c04b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/intlTelInput.css HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=21155
etag: W/"dca28493ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PYdcBd%2BMmTNNz0WL%2B0UwcQjZ8gATRDSi2X6HQfCdCE4rGf6LM0bSpd1Dp2anx0QJBQC5IyCxkFTyCAOTAhrWzAmmP4c8bDd8l3Qza1repcc3QcL1x%2B%2BZrTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d39b9956b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101010828&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&dt=Report%20Abuse%20-%20Link%2024&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1421

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101010828&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&dt=Report%20Abuse%20-%20Link%2024&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1421
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101010828&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&dt=Report%20Abuse%20-%20Link%2024&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1421 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://l24.im
date: Fri, 26 Apr 2024 03:10:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c

142.250.74.72

200 OK

101 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
101 kB (100609 bytes)
Hash
d6aac0da8e69a9d362c439f933eef87b
6e5be250ff47bee1dcd6bf3675428a80eea580e1
d1ceb7633997ca21ae9b8490083c5f8063535e0e2f920f3dc6f2fb06116e1e89

HTTP Headers

GET /gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:10:13 GMT
expires: Fri, 26 Apr 2024 03:10:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100609
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl=

188.114.96.1

200 OK

0 B

URL GET HTTP/3
collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl=
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl= HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,d,ga,sg,source,t,tz,u
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:13 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,d,ga,sg,source,t,tz,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gGx%2F3%2BXC1YNwTK3zSk1LIFTBJOolFAxdIe64ASZoP6xa%2F5isMmACvxa%2FnzZaYTWuxUDoZjKrny01LvoPhlJpMpzLZbU4PDx36iL7BRRJ9hCXWwwu46ibiM5C4incKoK1I46CYt2Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360e7df0c56c4-OSL
alt-svc: h3=":443"; ma=86400

collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl=

188.114.96.1

200 OK

36 B

URL GET HTTP/3
collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl=
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
93a0181e63ffc4ebd44c46f6e6d437be
224ebed0488e54cc4420f3fe988a32a46aed0e16
b607054409341623061097de4569b3183df8ae6eea5ce064b773784c514bac55

HTTP Headers

GET /js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html&refUrl= HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
source: 0745484d-e935-41b7-aa35-08db89e90583
sg: adbd3472-ca28-4709-8b4d-61fc2a0b26b9
u: null
tz: UTC
ga: GA1.1.1644663986.1714101011
t: Fri Apr 26 2024 03:10:13 GMT+0000 (GMT)
d: 2950329843
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: text/plain; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-origin: https://l24.im
vary: Origin, Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2F%2FpJCCL7SAzNAVEAiEHRQGnqse9KfUspnAeovt6Z6I29oOIzDFohhp5nbEdv6yQ6JH%2Bhh%2FEcUv4YXWNWuy5hO2Za05Rw%2FZZBEnwxN6XxAEEb0clTrBtipO2%2B3uvZ0GtElfiz5n2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360e8ef5556c4-OSL
alt-svc: h3=":443"; ma=86400

app.l24.im/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
app.l24.im/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1027
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101014.57.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:14 GMT
access-control-allow-origin: https://app.l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87a360ec282856b1-OSL
x-frame-options: DENY
x-content-type-options: nosniff

l24.im/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
l24.im/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1077
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101014.57.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:14 GMT
access-control-allow-origin: https://l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87a360ec383256b1-OSL
x-frame-options: DENY
x-content-type-options: nosniff

collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html

188.114.96.1

200 OK

0 B

URL GET HTTP/3
collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,e,sg,source,u
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:14 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,e,sg,source,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDCNYEFRpVMN7l%2Fh17JxIutNl2dt7%2BsGmTH1YHiuKYN45wTQYyI3ST82hnWjlTOD8Df%2F2N%2FMZpzcUzeVhSw8cSr0T4hhEULdiffpguECE54PjoOyMHTFHzl%2F%2BsUiZpBOXpVSrlmG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360ed186856c4-OSL
alt-svc: h3=":443"; ma=86400

cdn.segmage.dev/template.html

188.114.96.1

200 OK

55 kB

URL GET HTTP/3
cdn.segmage.dev/template.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
HTML document, ASCII text
Size
55 kB (54715 bytes)
Hash
81727346cbe5d580c7bd4b64ca3bbd0f
7bf5bfa802ee5d2d94ab8889f525018ec4392a12
da685f9f6a3eb673d577be18066a003000d56335c4629fddd29e40e6a87a6b1e

HTTP Headers

GET /template.html HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.l24.im/
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:13 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-origin: https://app.l24.im
last-modified: Thu, 04 Apr 2024 10:55:30 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WeIE2Iilx2s2jX%2FOVbMpb%2B6G5S7V%2FyDToWcR%2BI53H%2BGyzuMwfjY83C7zTUjSUd4ztjB387b992Eec0UiA1QcJFEXGNKNyX7bH05bMoSgxEgE2Y5J2K63fP8DMUCDXs%2F9O0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360e85f3656c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html

188.114.96.1

200 OK

36 B

URL GET HTTP/3
collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
73157bcea1b435e361e7b573876154bf
81f55a5044aab807ce3620f4aef443c9fa7db2d4
ab2e1b843e1bb2ecce1ce9ab45d0c181268bcb2d9bddad6cdb8f8711f86e0e99

HTTP Headers

GET /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Report+Abuse+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2Fen%2Freport-abuse.html HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
source: 0745484d-e935-41b7-aa35-08db89e90583
sg: adbd3472-ca28-4709-8b4d-61fc2a0b26b9
u: null
e: PAGE_VIEW
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: text/plain; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-origin: https://l24.im
vary: Origin, Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NeM%2F6ZGwVnuQPVg6KOdBooJxU7zBoDTzmVvB%2B1Eg1TjaODb5PwPvcnwrabqLur%2BX4yeUPe3saMtfB%2B2GdniVitPyP0bRh1qzMyDxML%2FQK9itX6LbRAJqrRh2YgbeDK3NGm6ptXP4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360edb88c56c4-OSL
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/i18n/tr.json

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
app.l24.im/assets/i18n/tr.json
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JSON text data
Size
14 kB (13477 bytes)
Hash
f31a2131bac35c50dbb492ef871749d0
c789e1a23a875b63757952a5fcfb9e592eba7a85
ababdc7a2a38093d5849b71446bd2abace9131ba5d651bdec41e763fb790cdd3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/i18n/tr.json HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101013.58.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/json
last-modified: Thu, 22 Jun 2023 08:38:56 GMT
etag: W/"1d9a4e4fb501b3d"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vElUPhYm2tx4t7FMDdXrU0o1mmjK%2FyoQ6oV9Y64YkaOl2xVq7Q7JXZ0bvIXDC%2B2eNWl%2FnayTC0RccSgUak89%2BgRvpYKu9PLSbhAPQSNadwMqbraMVbSkz7waRE%2F7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360eb5f2d56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=page_view&tfd=3254

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=page_view&tfd=3254
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101z89137687946za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=page_view&tfd=3254 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://app.l24.im
date: Fri, 26 Apr 2024 03:10:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

app.l24.im/assets/i18n/en.json

188.114.96.1

200 OK

19 kB

URL GET HTTP/3
app.l24.im/assets/i18n/en.json
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JSON text data
Size
19 kB (18967 bytes)
Hash
44c6bf5d8204cdd32beb1b9ce5d3c03b
f6bbac6f477fff3a84c6a01bcfc795e9fa623789
9c85212731987f72f2dd4c2f9cf9325d8140217ae4c1a904c67147bf722ea2bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/i18n/en.json HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101013.58.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/json
last-modified: Thu, 22 Jun 2023 08:38:56 GMT
etag: W/"1d9a4e4fb50ece2"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l5QunpWRbV6LOqWFru1NZC9MzYG2%2BIzCJ5YHFVK%2BcabzvTXRNLpye4ZsPVR5iAa70xiK%2Bdgf9eK459s4x0RsTELnQXps7s0hWVY5g9oWBwSH9FxZ5RnAgxFkfbyb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360eb6f3f56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=scroll&epn.percent_scrolled=90&tfd=8255

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=scroll&epn.percent_scrolled=90&tfd=8255
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7N67D0CRJL&gtm=45je44o0v876472101za200&_p=1714101011461&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1644663986.1714101011&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714101011&sct=1&seg=1&dl=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser&dr=https%3A%2F%2Fl24.im%2F&dt=Link%2024&en=scroll&epn.percent_scrolled=90&tfd=8255 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://app.l24.im
date: Fri, 26 Apr 2024 03:10:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.segmage.dev/segmage.min.css

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
cdn.segmage.dev/segmage.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
ASCII text, with very long lines (7910), with no line terminators
Size
14 kB (13487 bytes)
Hash
6d1abfc8fa0ad40a3cb1d22147e6135e
8a4e225f31539953ec67488c9038a8bf1d1c8d4f
1d35e409281d2ada3ca5fd915d447340a9e87e19c1c6f69091204b1e4ed8cf2e

HTTP Headers

GET /segmage.min.css HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: text/css
etag: W/"1da867e9bdfe3e6"
last-modified: Thu, 04 Apr 2024 10:55:30 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3281
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MxW39DxuBY1azDgjiWnZJEXZKfEFv31Ue%2BJ%2BiOzim8YoR7VByTa%2Bk5%2BO7RZ%2Bpn69V9RcPvkdwmpaWXDgM4J1gB9EWj3M6V567KXNZVN87TwylmPUT0HsSwrCeGAp3Gs5u18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360ec482c56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/6-es2015.ebf475ad843a9bca125d.js

188.114.96.1

200 OK

634 B

URL GET HTTP/3
app.l24.im/6-es2015.ebf475ad843a9bca125d.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (1630), with no line terminators
Size
634 B (634 bytes)
Hash
947f8cfb6e3dfc384a5bcc2e8a8a69c6
8020cfa5764e7d632b07deae849b0984d86f9ccd
6ff5bb7b9a746fb72cc1fada34fb9554ea08c7ce98a59d6f05667a2797e6ac0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6-es2015.ebf475ad843a9bca125d.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101013.58.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d027950d5e"
last-modified: Fri, 23 Jun 2023 12:42:22 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3281
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5FRBwd57kIknPZA4AkbFOM9ghYpgUwxmYQTA2rEn%2FSwLzUFLHT1x88cccivMGS5Y1OM15CGK2lEDhExmeJOTDffyTzRkzkJBknwtfqGYqX0sHCCU4UXoPNaeSYyb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360eb8f4c56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
app.l24.im/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 430
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:37 GMT
access-control-allow-origin: https://app.l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87a3617c0bb656b1-OSL
x-frame-options: DENY
x-content-type-options: nosniff

app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js

188.114.96.1

200 OK

2.3 kB

URL GET HTTP/3
app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (2363), with no line terminators
Size
2.3 kB (2314 bytes)
Hash
52f7a2e234f703e062f6cb1dba1b5560
c89ba81251c808c0e0e5c79a3a0e6cb6b1f8ab4a
5ceb0f1374b792833b07070b065aca2aaa23473b32b8f1dfeadb20f5b60ba886

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /runtime-es2015.a915d801e419b0c43a7e.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d024018d0a"
last-modified: Fri, 23 Jun 2023 12:42:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jAqPCBD%2FDXjidqMHlbc7Mhxd6JWFo2wlsx2GtE%2BAmIRelKb%2BLvm%2Fv1UQ%2Bo4gdQvqj0cS4XVkqTgCQHISqBertHOX7iW4qvZO2AT%2Bk%2BWFxiYbzOSuxUZaipz86phC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d95e1c56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15724, version 1.0
Size
16 kB (15724 bytes)
Hash
0e2c71ca88ef614ed360af7147277927
9eee92090322dc7f14422e5babc7a4239e334400
9a4ad5a9fd17ad03f878c0f1b126f460c4f409f29c633d5fc7c20276a7060914

HTTP Headers

GET /s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:45:28 GMT
expires: Fri, 25 Apr 2025 02:45:28 GMT
cache-control: public, max-age=31536000
age: 87883
last-modified: Tue, 02 May 2023 16:04:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

app.l24.im/main-es2015.fe4776dc21aed168eff8.js

188.114.96.1

200 OK

6.2 MB

URL GET HTTP/3
app.l24.im/main-es2015.fe4776dc21aed168eff8.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
6.2 MB (6211059 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-es2015.fe4776dc21aed168eff8.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6211068
etag: W/"1d9c6e4e39ed3fc"
last-modified: Fri, 04 Aug 2023 15:03:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqDmWJJgve%2FdFmSU9W1wxJiy%2F6vHbxSn46hf6QJeEUwrPwfK9tpKG12G2BZaxfX5UamglNu1gok6hazfbNTmzOr9ztGhCf8686V70Yw8LLswqJn%2FO9W24WS96IkC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d95e2f56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/css/light.css

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
app.l24.im/assets/css/light.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (1309), with no line terminators
Size
1.3 kB (1309 bytes)
Hash
8a156f9c718c47fa08a1bbfa800c0365
1babac92eebc60b0a7d572b9e4c2c69e3d6044bf
c82221f3e64064693cbf4e36aa4e577ff3b68f153c2897f85e5efbc862bf63e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/light.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101013.58.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1657
etag: W/"1d9a4e4fb509679"
last-modified: Thu, 22 Jun 2023 08:38:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHp3Qtlb0a1aEMs94XOASavHg2SNtAP3SRl826pVEHT2ZWUybYB%2FwTcXmiIz%2BHSDUw4qYPWpBh0QGwiPaA9r32pbcs%2FPPLOk5upfC9WIuWk9WMYCeIrL5P0e9YiO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360eb6f3a56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/l24-integration.js?v=1.0.4

188.114.96.1

200 OK

8.6 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/l24-integration.js?v=1.0.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (9011), with no line terminators
Size
8.6 kB (8619 bytes)
Hash
ec60efaee3a38a460446cd1fb5ae3286
7ae9c0e67a95c3e6e20c044059d795df179de370
d13fd48bd3b8ef708740e01c85138cfbec3fa9fa21a91e43f270dd3df27af739

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/l24-integration.js?v=1.0.4 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=13131
etag: W/"61ddeb6be9c6d91:0"
last-modified: Fri, 04 Aug 2023 15:36:22 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JehVUKvi9TS%2BqFnohpu44f36k7IWrISz8gJJnw%2FJd2GRuztvrU45kxeCY4BvaxWPVVhoDwtJ9PNAGN%2Fep8LIZcQkrtSOnf0fIGmkXiv1O7z3uDnXbwYMlNI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbae56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/js/jquery.min.js

188.114.96.1

200 OK

183 kB

URL GET HTTP/3
app.l24.im/assets/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (32040), with CRLF line terminators
Size
183 kB (182946 bytes)
Hash
48a72d06775ba5af55ee45f50532f0d4
c98a5353f8baa42e6407e75bca3684bfcfd4cc45
60358bb82642f13a2a9c00b4f2080fe03ebd5652ebf468685aa5aa28a7857afe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
last-modified: Thu, 14 Jul 2022 07:46:28 GMT
etag: W/"1d89755d34768a2"
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZqEDVd5WH3iPFw3lqD4JnIYl84s%2Few1Or8yAn7K6MZxDGn13v1K1QAUK6r1Uwme5UG9wUsxYE2kjDyGYZ3bsYYmcONT74kYVKubgrmzqzfFfvfYLP3XZAMVOJ7c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d94dee56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/images/l24object22.svg

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/l24object22.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1462 bytes)
Hash
59daaf381a6728fdb02803f7d9cbd2b0
8c70813e288cbe8effb267739714d63cb42bac33
0a027173961d9c41b45e105db9d438311c9519635bdd51d0ecfc782c73c19e88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/l24object22.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"c7462a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BSdRwYr1KnOxdsRHw18HHzl45Q%2FIk9b1zuS32M8u1sYvJ81HZJb0Eas8Keb9Xd8Au2uqL1%2F13yQCFvaAk4C2QUi8yEnuJ704avlRdeUmb4vumHHyQD71gvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3aba256b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/images/l24object5.svg

188.114.96.1

200 OK

4.5 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/l24object5.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4474 bytes)
Hash
5b37fc8ee71f7199e9ef9cc1da9ddd71
345788f0e3fea0b108f0a8c2753abc9762be0a12
f1aefa9a5c5863c56e128dab4d2d7b222ee551b5dd9eb5bf51756b2114b5aa89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/l24object5.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"37514a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZTag%2BD3CLJnmmgmBnV0HWlMryWbAz0oJK9TZzbG1yLnS8FZCFLcvaGGFUE9yuUsL5rZbxKxatj6BJV0vAicK6V0JYVtk4tGK1GYSmmqdAkGNObSqFnRuh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bba956b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/jquery.validationEngine-tr.js

188.114.96.1

200 OK

5.4 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/jquery.validationEngine-tr.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (5745), with no line terminators
Size
5.4 kB (5375 bytes)
Hash
12f85291571777db249823cc55c890ef
0c60cbc9abdf1cb78dced6a51e36226ac7ffd819
094bc0f14aad11c3bfe709d15da09624ac60fe01330c133b65a2c64fa254972e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/jquery.validationEngine-tr.js HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5644
etag: W/"199e2aa3ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w75KOlFKSJ1zQJtahFtyF3PH7RW8eOJ%2F02joVHEJZQ6XsySlEmZcXm4vmEaVZrdlyVg3ZZuWl8G%2BXDsQMMK0rLwJyq13oVn%2Bh52AJnwYFXlXlVQq%2BFY%2BXv0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbac56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20064, version 1.0
Size
20 kB (20064 bytes)
Hash
767677e475131fa7d3f37880976bee39
386db54484cff1dfee2cbc4441ad790fe9829a6b
5ef914e59b0047a261844d96acabb60c34d3acab6b85ea24198726ce4781fd37

HTTP Headers

GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20064
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 17:28:16 GMT
expires: Fri, 25 Apr 2025 17:28:16 GMT
cache-control: public, max-age=31536000
age: 34915
last-modified: Tue, 02 May 2023 15:58:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

app.l24.im/scripts.2e43156fa3f3d689819e.js

188.114.96.1

200 OK

161 kB

URL GET HTTP/3
app.l24.im/scripts.2e43156fa3f3d689819e.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
161 kB (160893 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts.2e43156fa3f3d689819e.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9c6e4b2dd957d"
last-modified: Fri, 04 Aug 2023 15:02:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K5TjsioQFSXxzaVmb0NlMqZWWeG%2B548Mi59HBWyaDFmNd5P8Z1CcatayXwTX6i88OZ%2FYwWF0JCzdV5VhLoadvYHLdVAXZQXNHQWHKcU7oZEB2HqNnn6gjQNnjvw8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d95e2e56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/utils.js

188.114.96.1

200 OK

220 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/utils.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (63133)
Size
220 kB (220450 bytes)
Hash
66279dba37947e1c3209f46b0052fa4d
525ba87022d9a9aad1b3e8a88e6f20204930d644
b92988bcc2243b41459ded302721b17a5155603a7cef0f46ba85ba836b366002

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/utils.js HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101014.57.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=223137
etag: W/"e84231a3ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2Be8fmgI4WePThR0Rw%2FOETj3n3NaHQ6RfXwvT8at9sHlWVsUTKTwbjss2ECLxsbIgfCWp2Y3W7q%2Fh9Yc7u7AHnTYauULgarnG8WI1FFMoD3S83n6LJhm7C4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360ec181b56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21904, version 1.0
Size
22 kB (21904 bytes)
Hash
27b2f94167bce460f3e669c52be7301e
de5636d6096f5a29f0764aa563c54f157b1f9de9
51c8eae79bf05bbcc1811da8cb56ff69d87d40bafdce8282fea8a43259b4afcb

HTTP Headers

GET /s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 17:44:53 GMT
expires: Fri, 25 Apr 2025 17:44:53 GMT
cache-control: public, max-age=31536000
age: 33918
last-modified: Wed, 31 Jan 2024 23:15:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/l24icon.svg

188.114.96.1

200 OK

831 B

URL GET HTTP/3
l24.im/Home/Main/assets/images/l24icon.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
831 B (831 bytes)
Hash
cae499099d1837c60d71f8fc76218484
dfa2ddb26a98f7c4141d7f742d45bc3dcbc12956
e238fbea0b72c3e8e95d15a6ef7a0df8cea76d25d5f00cf088247292fa4e70f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/l24icon.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"5868f293ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aiY1LNq1W5S6eOoJdAoYy1N9x67gpaifJzNgzg%2BsxDDf0vcuaEmDN7efYcSvPop7VFYeHTbscSj9j6MtAdwfD0Yf1dOIpufn1TmUN3WE9DlWzxXFbX2ILbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d89d1156b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19261), with no line terminators
Size
19 kB (19261 bytes)
Hash
3be93fd15d2f7dee2fc0c8981c6fa5c6
8cd88c36fad3e96641dbc4d781f5ddbe5123312f
17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee

HTTP Headers

GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360d42b0b5691-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,500

142.250.74.106

200 OK

4.4 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:400,500
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (4464), with no line terminators
Size
4.4 kB (4352 bytes)
Hash
b0f2cf0b2cc03ee279ef026dc8f69375
bb3c2f9e3eec3f59ad3704aeaf4e206a769744a4
f71b87e884b3b010c16fc48a499f4e3614d09f3b08c1bf2891ae8d4e8dc6d747

HTTP Headers

GET /css?family=Roboto:400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:11 GMT
date: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

84 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
84 kB (84378 bytes)
Hash
f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

HTTP Headers

GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-length: 23377
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 03:10:11 GMT
age: 6019533
x-served-by: cache-fra-etou8220121-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
6f4264922314e197fc902c7a7d4e849c
a26f00f96fecb24c29e22253ee9bc7ab3d494087
d3b4c19dd9637fac6d936dd7300b6b18fea5a29c47ca1ad92a0e7a59e7d99e6e

HTTP Headers

GET /css?family=Roboto:300,400,500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:11 GMT
date: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20356, version 1.0
Size
20 kB (20356 bytes)
Hash
e78568807d101b47dfd21e34244e072f
4cfc3c246e975c42ef684033a58afdacf8d5f54b
31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6

HTTP Headers

GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20356
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 07:26:49 GMT
expires: Wed, 23 Apr 2025 07:26:49 GMT
cache-control: public, max-age=31536000
age: 243802
last-modified: Tue, 02 May 2023 16:19:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Abril+Fatface&family=Acme&family=Alfa+Slab+One&family=Anton&family=Bebas+Neue&family=Dancing+Script:wght@400;500;600;700&family=Dela+Gothic+One&family=Fredoka+One&family=Kiwi+Maru:wght@300;400;500&family=Lobster&family=Monoton&family=Pacifico&family=Permanent+Marker&family=Ramabhadra&family=Righteous&family=Roboto:wght@100;300;400;700&family=Secular+One&family=Signika:wght@300;400;500;600;700&family=Train+One&family=Viga&display=swap

142.250.74.106

200 OK

601 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Abril+Fatface&family=Acme&family=Alfa+Slab+One&family=Anton&family=Bebas+Neue&family=Dancing+Script:wght@400;500;600;700&family=Dela+Gothic+One&family=Fredoka+One&family=Kiwi+Maru:wght@300;400;500&family=Lobster&family=Monoton&family=Pacifico&family=Permanent+Marker&family=Ramabhadra&family=Righteous&family=Roboto:wght@100;300;400;700&family=Secular+One&family=Signika:wght@300;400;500;600;700&family=Train+One&family=Viga&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (1981)
Size
601 kB (600991 bytes)
Hash
d6b9e2ac578182433ae0bd6e35d0ffea
352bd2d9dcbaf6c91fa1e25240980e93b49f78fe
08ab7baceacd957366a018286fb63f1dc781959d724a3f12f3afd6c005acd157

HTTP Headers

GET /css2?family=Abril+Fatface&family=Acme&family=Alfa+Slab+One&family=Anton&family=Bebas+Neue&family=Dancing+Script:wght@400;500;600;700&family=Dela+Gothic+One&family=Fredoka+One&family=Kiwi+Maru:wght@300;400;500&family=Lobster&family=Monoton&family=Pacifico&family=Permanent+Marker&family=Ramabhadra&family=Righteous&family=Roboto:wght@100;300;400;700&family=Secular+One&family=Signika:wght@300;400;500;600;700&family=Train+One&family=Viga&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:11 GMT
date: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

app.l24.im/5-es2015.16fc982e6f8a852d9905.js

188.114.96.1

200 OK

543 B

URL GET HTTP/3
app.l24.im/5-es2015.16fc982e6f8a852d9905.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (576), with no line terminators
Size
543 B (543 bytes)
Hash
04838e447720d651fd3fa1991357d9b7
a0d3b13e07a9c5c74757f0f29478e15f4eb663cb
fef557237bfa1adbd147631ce00030e226737297056094d74e7713ecedc6fff6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5-es2015.16fc982e6f8a852d9905.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011; _ga_7N67D0CRJL=GS1.1.1714101011.1.1.1714101014.57.0.0; _ga=GA1.1.1644663986.1714101011; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiJhZGJkMzQ3Mi1jYTI4LTQ3MDktOGI0ZC02MWZjMmEwYjI2YjkiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d02795091f"
last-modified: Fri, 23 Jun 2023 12:42:22 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3281
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3a7A1cIaxSq6jbDf9sGM2jxmIS703X8RSzx%2BnAmgwjW7G02FBrfHnjIMR7VfAJIrrsLy1a9xZ%2BDIro0MzpBtO3SjTbCGzMxrvQJwDzbgS2cmdtA3x7LXsBGai3G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360ebcf6a56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/complainForm.js?v=1.0.10

188.114.96.1

200 OK

2.3 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/complainForm.js?v=1.0.10
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2393), with no line terminators
Size
2.3 kB (2310 bytes)
Hash
99daf0ccae7cf7fac540c06de8c3d1e3
0acbfaa70adde8a5d0e8631e93f12d60a8bd1f4b
f099f3bbfa84acc5d1fa4a81586d3f490f5fd4a4a5026cff7452460862a15af1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/complainForm.js?v=1.0.10 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3399
etag: W/"214fe63497c9d91:0"
last-modified: Tue, 08 Aug 2023 01:25:24 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S4XhhQCSLUWOO0XVMjanvZmgy1fxJ70wkoh2aoMB%2BHjaXkKDZ%2BY2rqGuJDJeveJoeFoh0BR4QIgSejq2%2BqZF4u1A%2B3PzdMWQHhb3VZX13fhcuDKIBTgJkRU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbad56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser

188.114.96.1

204 No Content

0 B

URL OPTIONS HTTP/3
collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,e,sg,source,u
Referer: https://app.l24.im/
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 03:10:14 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,e,sg,source,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://app.l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TnrzfqTwR9zUuSuERyEz6qEkKqd%2FnD3ErFdtumfglPAtseW6H%2BlUrtRthnh7iyhFCAArlVW7R79S2%2FJXm6n6lvFqd1%2B%2BH85I9eV5LldcsjIB8T%2FordeXxgSrErxWx1bZaxTsi6zL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360ed387256c4-OSL
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/css/fonts/icomoon.ttf?im35gw

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
l24.im/Home/Main/assets/css/fonts/icomoon.ttf?im35gw
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
Size
1.3 kB (1284 bytes)
Hash
7884770eaf1d93e9eccd036fe0a60a03
ebe3722dfe9ed21ce9528473f44b8f7c6739ad8d
83e9ea82dbfbeea43439acd171ba6882284d1c23bc58b290a603b97ee9b61119

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/fonts/icomoon.ttf?im35gw HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/assets/css/font.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/octet-stream
content-length: 1284
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "e3358193ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KxqfDl9rz9%2FhGDMjVsNWj6VhN3T1jrdH%2FGeCUtr9YkLKG%2BAlow3SWKhy9xAP9tE90my2sb0kwUKMlJdwWSqzYf2b3qHB8yrk6ARvrbDcYWRpFGqhlFpif%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d65c6a56b1-OSL
alt-svc: h3=":443"; ma=86400

cdn.segmage.dev/segmage.min.js

188.114.96.1

200 OK

67 kB

URL GET HTTP/3
cdn.segmage.dev/segmage.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (66931 bytes)
Hash
7be0e3ff82027518c342e362e8609c5a
e00524c6f06ed4d30ebed607f347bd0cfc72c479
f60b0e6d0bd6c5d921ed03561848edfee90d78c751a068ab639e57cf951e78d5

HTTP Headers

GET /segmage.min.js HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/javascript
etag: W/"1da867e9a173cf3"
last-modified: Thu, 04 Apr 2024 10:55:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3280
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UDmskP8HNszPH9U9EPnNsJBhfWqHhP4hrsb5NGveZbTecuRF62p9%2F8M9g34W4bDX69tqoopjR0F%2B8%2BL0K25%2F%2BUHCKmpF4Mu%2FaJvncyjUDKti2wJOVQFVua5yW15PNd9bHk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360da3b6a56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js

188.114.96.1

200 OK

38 kB

URL GET HTTP/3
app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (37660), with no line terminators
Size
38 kB (37660 bytes)
Hash
abd2525eedb8a6321c99e53e01d75d37
3fc0cabedaefe7af15964afe691493fd1606203d
649baa63f06598655b146f6ce37865fabe947dfa0f542607899d9864f7588498

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills-es2015.7228265d48574b6b5adf.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d02401171c"
last-modified: Fri, 23 Jun 2023 12:42:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cw1GUJk0toQkmQhD5IDq0sIinkRtxorABUE%2BM1SZUloEuM15P3OUfTt0CtLilyt%2BglzNL41bDsy%2BO3iYiEgg%2FrdCXuI7oarJVY8mPPlthu1sLdx9IEOKluoJ62Kz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d95e2d56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/css/validationEngine.jquery.css

188.114.96.1

200 OK

2.7 kB

URL GET HTTP/3
l24.im/Home/Main/assets/css/validationEngine.jquery.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (2690), with no line terminators
Size
2.7 kB (2690 bytes)
Hash
616af491bf214240696a2e07a9ac47ef
6fc869162f13dea3e9583a0fda1bf9e19d5fe5ed
405882a14f21c581526ccd4fd332413f8fdb22a706453e45cc9d0d1d2820fa6b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/validationEngine.jquery.css HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=3077
etag: W/"35169093ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnYZ0UH%2BnP56uZ269Xyd%2FDZiDyht%2BQWHArfdgOj4oou9CIvF1Y0sEDb27UZ57JVMg7j8OBP%2BbWmALzvEhXZtKt4f3GW3GPBoPc7tc7%2BMY9mauGRgGGJzMzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d39b9a56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/css/owl.carousel.min.css

188.114.96.1

200 OK

4.3 kB

URL GET HTTP/3
app.l24.im/assets/css/owl.carousel.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (4722), with no line terminators
Size
4.3 kB (4304 bytes)
Hash
68c468ba252d26cfd29958648502402a
ca12a16931ca73835f185d5f552d045dc336bff9
869a17fededd70417a439bce81492d4c3fdf1bc9df4cd9265af10cc4d0b7d2bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/owl.carousel.min.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/css
last-modified: Thu, 14 Jul 2022 07:46:28 GMT
etag: W/"1d89755d345b2d0"
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GGQit45KeA0Dme8VKnhaL0gBq86YH%2B2gyPANz0NJNurMsUYrKzPbkWKjpIHh8vc1PIHsDnsfPXs5tMprh%2F0egV2CA77M0imbJ5dpPY966iFlgXL0ej57Ko2guKQ9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d90d9456b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
14 kB (13503 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /json/0745484d-e935-41b7-aa35-08db89e90583.json HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://l24.im
etag: W/"1da97239927473f"
last-modified: Thu, 25 Apr 2024 15:16:51 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BxdxVwyxNt4zXciBcgOF2ikSEFOF%2FTvuHcutwWsvn0b5sQFgOTt5yZG%2FTGq2FWt2twRgr33wZg%2FexHtcKNl0T6eD7MB7VJj4rGgncZ3zfGj9ezBGrOs8BTN%2BXJJNBa8GCs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360ec583556c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/css/style.css?v=1.0.8

188.114.96.1

200 OK

79 kB

URL GET HTTP/3
l24.im/Home/Main/assets/css/style.css?v=1.0.8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
79 kB (78983 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/css/style.css?v=1.0.8 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=129625
etag: W/"9c2bfe52e2bfd91:0"
last-modified: Wed, 26 Jul 2023 16:57:56 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpbGSUObC%2FdPL8tVW5RMvYP7tBdC1QGfknkkB%2F%2B8oIrlpK0v53t9FSN%2BpTA%2ByIFylkXxDu%2Fp4ZHZUUgIJ%2BncegVzvEjUgtZOwToCT%2BhGSanwK%2FAbN9NRkZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d39b9756b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

104.18.10.207

200 OK

60 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
JavaScript source, ASCII text, with very long lines (59729)
Size
60 kB (60010 bytes)
Hash
61f338f870fcd0ff46362ef109d28533
b3c116c65e6f053aaab45e5619a78ec00271a50f
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

HTTP Headers

GET /bootstrap/4.4.1/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"61f338f870fcd0ff46362ef109d28533"
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
cdn-cachedat: 01/04/2023 07:40:19
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1075
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: ab93099d6e8af38645c533f7579fb2bd
cdn-cache: HIT
cf-cache-status: HIT
age: 2867627
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87a360d96bc9712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/3
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
959a533a3dc02649e0cc3f8f67d942af
34db49ff64aed8b51beaba5b9928ad504a4df335
24864ed3ee6fab66640980d4c24640e579e5583764a8ee8c4f09decf27977247

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:11 GMT
date: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19261), with no line terminators
Size
19 kB (19261 bytes)
Hash
3be93fd15d2f7dee2fc0c8981c6fa5c6
8cd88c36fad3e96641dbc4d781f5ddbe5123312f
17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee

HTTP Headers

GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360d95cee5691-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

l24.im/Home/Main/assets/images/instagram.svg

188.114.96.1

200 OK

1.8 kB

URL GET HTTP/3
l24.im/Home/Main/assets/images/instagram.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1790 bytes)
Hash
58d3b961880fd0ecb4588350c80db807
21c77b261590dff60da521f85d0ae5f8a66773f3
4cd06ee838a98430216af7fa3b408db1f73cefea6506406b83336ba57a01a5c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/instagram.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"24899e93ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYYuWDEefPPUVIZQ8nizHwA2cCuTmUuNq8BAkgRjyFrtE7PVdqe9B7LHe6fFb1lS6fjKbKnpLfEXZ%2FW3v00wm9Ee4OyjjOHWpSuNe0k0wsuVkW6s3VVxj0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3aba356b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/images/linkedin.svg

188.114.96.1

200 OK

944 B

URL GET HTTP/3
l24.im/Home/Main/assets/images/linkedin.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
944 B (944 bytes)
Hash
129ff0f3bbb95c68b773a35d80a97972
e70bc68fe46bc9c32b80ce086cc1deb69ab107c9
646bd8a75ddcb5ce6cb09da18dde2dc60020d8dfeef2c6f91d4b2a460343257a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/linkedin.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"82998a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6S%2FgUhJf8YF1OaeNJ3W1aX9hESk5MDEEOqhO%2FCo3wX%2F52eOPhXLx1mKpVbsUIh5pYGOPBSChMZKXgbjZyrFJgfxs8YkY7HYp3fH7v6j3BJryAzGcnfMc2R8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3aba456b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/jquery.TelMask.js?_=1714101011040

188.114.96.1

200 OK

12 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/jquery.TelMask.js?_=1714101011040
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
12 kB (12169 bytes)
Hash
8f996c4c40ce49e85bc289c47a94667f
da4d88c55ee9adb8c476008dac2753450fb3af23
667f4b1a1e9525e9383ecba5d39ac44391cc8fce58432351fd0c0d7cdbf4ee21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/jquery.TelMask.js?_=1714101011040 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
etag: W/"0dd16a3ea3d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkdXVr%2BI4Rodv2NNVrwEdb1G30MqbW4HkUm%2Bc4%2Bde%2B%2BfEAxMAmFF75eWL5TH4J6T81w0gC4nKooVeChRygRY9wV9GzGpOUd1H8o6p2c%2BAYXFBum6vaZcBQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d76cbf56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/intlTelInput.js?_=1714101011041

188.114.96.1

200 OK

71 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/intlTelInput.js?_=1714101011041
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
71 kB (71390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/intlTelInput.js?_=1714101011041 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
etag: W/"0dd16a3ea3d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a967RQ3Xao5Dc5KRM4tMTm2Gd9%2FAkTZ4zT%2FUOq1Bw4pRVti4GoIim9XKij52WL%2FYMN0T9vfmXLdnkEAQ7BsdXXhGVMlIMtDKjREEYeduqN1xx%2F6KmGJLfRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d76cc156b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/GetCurrentUser

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/3
app.l24.im/GetCurrentUser
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5274), with no line terminators
Size
4.9 kB (4938 bytes)
Hash
8b7838bc88fb915da6e71fa22852094e
924f10e45ce8d1a608e9b59103cb707acb254032
c55a2f228310bf41b97cc132cbaeb1c6ef0d692f773d52970819370fd44f44e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /GetCurrentUser HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/html
last-modified: Wed, 16 Aug 2023 14:42:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Im26qTHYjk5BNmU0AzfENvZ2Kq2JPggplBwQukNX3rsZEQq3UbiVpq3qh4tYsCyRX2g73hiw0G4JTE53AukB5Nfy438Qq%2BbUpwzkAxl0OVNYNf3Hv4pqSucVjNo6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d7ecdf56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.segmage.dev/segmage.min.js

188.114.96.1

200 OK

67 kB

URL GET HTTP/3
cdn.segmage.dev/segmage.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (66931 bytes)
Hash
7be0e3ff82027518c342e362e8609c5a
e00524c6f06ed4d30ebed607f347bd0cfc72c479
f60b0e6d0bd6c5d921ed03561848edfee90d78c751a068ab639e57cf951e78d5

HTTP Headers

GET /segmage.min.js HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:13 GMT
content-type: text/javascript
etag: W/"1da867e9a173cf3"
last-modified: Thu, 04 Apr 2024 10:55:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3282
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HAz2e7g9epkObIC2I9VglZr4EIVttK0o4%2FMrNkiDZFzpxzw7kPWb2j8aso7sTvC2qx%2Fc36vql8U4%2BIbtzabeMh1ycY8wkP8P9Pytl67o%2FtJMNP2e9KKS4UHnAtF9bNccTH8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a360e82f2356c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,500,700

142.250.74.106

200 OK

8.7 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (8956), with no line terminators
Size
8.7 kB (8732 bytes)
Hash
91804c0df51e58b0bf469561e1ac2732
cc5a9023e310b49ef8f8ae32bb89ea774fe116ec
8a8aed46bfb9cdec8e34e76343b7e66796cf09926aef42efdfe5fa8a1fdda8aa

HTTP Headers

GET /css?family=Roboto:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:10:11 GMT
date: Fri, 26 Apr 2024 03:10:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type

Size
14 kB (13503 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /json/0745484d-e935-41b7-aa35-08db89e90583.json HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.l24.im/
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://app.l24.im
etag: W/"1da97239927473f"
last-modified: Thu, 25 Apr 2024 15:16:51 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEXnvyKiU4HCbcQJr5K2ZZtzUXBBkRTS56XIaSdCO8CfnXn2yYYIiUg94Wf9slvGltViaDQfbNweKKRugSHSDxeu%2BylQ18%2FK3Vh8fUFqMJmnkMJythcfjATrOY8u1NzCHpE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360ec683a56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/css/general.css

188.114.96.1

200 OK

54 kB

URL GET HTTP/3
app.l24.im/assets/css/general.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with CRLF line terminators
Size
54 kB (53870 bytes)
Hash
9430f603c397f4f0165c0089a308c586
7895d8a5c874d4085de84195218549814df73de3
ef11e6dfb581a3c69a9be7a460ff0c5ce562bf648508d4db51c95620a68599ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/general.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/css
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"1d9a4e4fb50426e"
last-modified: Thu, 22 Jun 2023 08:38:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17VKYSMuUQT6usjyV1PncmzK9hjHpzVh2jpXXlZNIoEjBwc%2FPL6sPhIM3RODGIwXdH1HkzbXMyVv5fAYy%2FRJDBKtAx4IWpjDPyLyLKBPyZlf1XZQNnTQbPREHS4L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d93dea56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/js/owl.carousel.min.js

188.114.96.1

200 OK

44 kB

URL GET HTTP/3
app.l24.im/assets/js/owl.carousel.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
JavaScript source, ASCII text, with very long lines (31997), with CRLF line terminators
Size
44 kB (44348 bytes)
Hash
47c357c05cb99cedbac2874840319818
d8b05365de4b760618328fdeef7672e8374978e4
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/owl.carousel.min.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _gcl_au=1.1.1501295584.1714101011
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: application/javascript
last-modified: Thu, 14 Jul 2022 07:46:28 GMT
etag: W/"1d89755d3450f3c"
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qyUHWXSOOonDAeOb%2Bokanm1K8JgeLseqldg70%2FTQzh5JHgj7b%2Bnq8qxe%2FRRpdf6Nbya%2BLrBzylVaNrsu3YskoY98h%2F83T1Jo1Avq9jGbS34W%2BwOek%2ByTXjltZiXJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d94dfb56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser

188.114.96.1

200 OK

36 B

URL GET HTTP/3
collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectsegmage.dev
Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC
ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
76e84a5a3d780aeceaa38e71ed3ba72f
5d2868740f23aeae915f3e0df8eb9ed26e00fa53
43ee7b36082ddff905f57d334b00d94693350bb34baf447104ab2170a3297cae

HTTP Headers

GET /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Link+24&url=https%3A%2F%2Fapp.l24.im%2FGetCurrentUser HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
source: 0745484d-e935-41b7-aa35-08db89e90583
sg: adbd3472-ca28-4709-8b4d-61fc2a0b26b9
u: null
e: PAGE_VIEW
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:14 GMT
content-type: text/plain; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-origin: https://app.l24.im
vary: Origin, Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jC9DjdmCDomeeIasgrWwT5RHKDr5O8MfzcsoqtZS63e30YOMgnLRwOnvwm58lq2pxUy%2FwtHoCwWxT2qkWjey4AH7wsToLSVu1ySPGvnBrpx30hHL08%2Fgz7VWMbuhA6K7eZozGsOl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a360ee58c156c4-OSL
alt-svc: h3=":443"; ma=86400

app.l24.im/assets/css/owl.theme.default.min.css

188.114.96.1

200 OK

1.0 kB

URL GET HTTP/3
app.l24.im/assets/css/owl.theme.default.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.l24.im/GetCurrentUser
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
ASCII text, with very long lines (1028), with no line terminators
Size
1.0 kB (1018 bytes)
Hash
d40b17f73c40ed35e66bb2c80c723f0c
e4eff54ed831a3852bad85c32fd18d80c0a11968
7246c1cd8950cc4773ef992278ca5438cca7684f8b4309a86f32a6c678ded313

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/owl.theme.default.min.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:11 GMT
content-type: text/css
last-modified: Thu, 14 Jul 2022 07:46:28 GMT
etag: W/"1d89755d345a1fa"
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3280
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kS37Cj%2B2oho7uLypmFnnybIOakoXvs7dBMbBezxRCe9iXeBzmiO%2FHHhr3p2jijmNKKh8SregwLmJLWK120PsHZ70%2F2IoD%2FExYtOL8CJksCEyU5pVC9RhrKgPsw7l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d90da156b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/jquery.validationEngine.js

188.114.96.1

200 OK

31 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/jquery.validationEngine.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
31 kB (30799 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/jquery.validationEngine.js HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=33092
etag: W/"30c52aa3ea3d81:0"
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8P3sMcGTb0WrmQEgSQ1LMQuCeyVFYIDGm86UNpCpNlSacVIYqcyGq3Hv6nQqCWplvoFnwiNBZy9f7YTOSPAaE3jhbX8FdF5xDlibbsqUkn%2FQ4uTALFylyNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbab56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/js/site.js?v=1.0.4

188.114.96.1

200 OK

12 kB

URL GET HTTP/3
l24.im/Home/Main/assets/js/site.js?v=1.0.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type

Size
12 kB (11500 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/js/site.js?v=1.0.4 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14114
etag: W/"9940a7d694c9d91:0"
last-modified: Tue, 08 Aug 2023 01:08:27 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKrpfHXm9w%2BdOZ5moKcv2V%2FE40dVf0NdiBPiOEJ6hSeqOvRG5f%2BZ%2B98CpHVf1zdrhx3e2cKxE%2BMxasS9yYKya%2BhfOH5o8fcKwInZS1VHy0j7xY%2FzQL0kSJo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3bbaf56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

l24.im/Home/Main/assets/images/menuicon2.svg

188.114.96.1

200 OK

397 B

URL GET HTTP/3
l24.im/Home/Main/assets/images/menuicon2.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l24.im/Home/Main/en/report-abuse.html
Certificate
IssuerGoogle Trust Services LLC
Subjectl24.im
FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63
ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT

File type
SVG Scalable Vector Graphics image
Size
397 B (397 bytes)
Hash
f78787de5ef78e47fdcc6fe4b59ae29c
46fb390275fd2a975dd256cc6100d522b375f2fb
cc0a880d0d6e1ee1a2ecbcf1bc99ee2647ce9b837aedc2332e5b934e9d14aa2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Home/Main/assets/images/menuicon2.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/en/report-abuse.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:10:10 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"35db12a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3279
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CwDqTP9Cu%2B4hZZkYDsvHg2Ulqjq5d6coZ7eCpQHxtvoiUADZgzL9dEto%2FRxznyeolzoLRjAzs7owNTPND4gH3htLkRpPnH%2BhUbsGKkZPwhPjl7fMDMQhEbQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a360d3ab9f56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL