bireyselcuzdansorgulamasayfasionline.line.pm/
261 B URL User Request GET bireyselcuzdansorgulamasayfasionline.line.pm/
IP
ASN #52469 Offshore Racks S.A
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f076b851d26fd5c8423229c9cee0b5f4
5f7977d3921fa1e40ea6c03ac03b25bfb0d7ed4a
c826d7cf7f4e3fb2c094fcd895fc18cbe77f2d78fe6ee24f9e44701d5313ca75
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET / HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 07 Dec 2023 18:20:24 GMT
Server: Apache
Location: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Content-Length: 261
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
200 OK 7.8 kB URL GET HTTP/1.1 bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
IP
ASN #52469 Offshore Racks S.A
Requested by http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070), with CRLF, LF line terminators
Hash d187b68b18750128e264a16ffe10859f
aecc1b3dcd96db40609a5cc429449b528959c29f
09e3f3b63ee30ef3e0d159056d30c094f3a40ae2ff2ec27ac9c8d2d061bc4663
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
use.fontawesome.com/releases/v5.0.6/css/all.css
200 OK 7.6 kB URL GET HTTP/1.1 use.fontawesome.com/releases/v5.0.6/css/all.css
IP
Requested by http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
File type ASCII text, with very long lines (34556)
Hash 42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31556926
ETag: W/"42eaa52604673b64d6b356c2fd7f87e3"
Last-Modified: Fri, 22 Sep 2023 01:44:11 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2206829
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPHIFqL4SFklgZSKqN4%2F7q6c2YxZ8RcCb1Vlu%2BHnP6XfbpY956%2BzAaf6CesmMBAvHYE5jNDv3LHG0LkuCHCF2idOUdtil2zk1%2BLP19ZogRPHu384qYHH2%2F%2BQ1mMRxQNmyTjQRi1V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 831ec8539ac963e5-LHR
alt-svc: h2=":443"; ma=60
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
200 OK 39 kB URL GET HTTP/1.1 use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP
Requested by http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
File type Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Hash f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://bireyselcuzdansorgulamasayfasionline.line.pm
DNT: 1
Connection: keep-alive
Referer: http://use.fontawesome.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:25 GMT
Content-Type: application/font-woff2
Content-Length: 38784
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=31556926
ETag: "f9b85c9463af7103b9b24bbbf09a06ed"
Last-Modified: Fri, 22 Sep 2023 01:44:10 GMT
Vary: Origin, Accept-Encoding
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXb9V7WYvjN6vg0OAvzYgAjFUDDr9N7h1HCwuTlBokWSrokPLQCCJ8WBycdrOO8Sy02YJPYsLuELetBJGFs96qIRo5V7R05XyM0Aa9%2B5TKLUABMR3UKIPs%2FdOHrfkGuwW5de94xG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 831ec8543a207749-LHR
alt-svc: h2=":443"; ma=60
bireyselcuzdansorgulamasayfasionline.line.pm/favicon.ico
302 Found 261 B URL GET HTTP/1.1 bireyselcuzdansorgulamasayfasionline.line.pm/favicon.ico
IP
ASN #52469 Offshore Racks S.A
Requested by http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f076b851d26fd5c8423229c9cee0b5f4
5f7977d3921fa1e40ea6c03ac03b25bfb0d7ed4a
c826d7cf7f4e3fb2c094fcd895fc18cbe77f2d78fe6ee24f9e44701d5313ca75
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /favicon.ico HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 07 Dec 2023 18:20:26 GMT
Server: Apache
Location: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
Content-Length: 261
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
200 OK 7.8 kB URL GET HTTP/1.1 bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
IP
ASN #52469 Offshore Racks S.A
Requested by http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070), with CRLF, LF line terminators
Hash d187b68b18750128e264a16ffe10859f
aecc1b3dcd96db40609a5cc429449b528959c29f
09e3f3b63ee30ef3e0d159056d30c094f3a40ae2ff2ec27ac9c8d2d061bc4663
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.line .pm Domain
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: bireyselcuzdansorgulamasayfasionline.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bireyselcuzdansorgulamasayfasionline.line.pm/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 18:20:26 GMT
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
190.14.39.141
172.64.141.13