Report - cpasbien.zip

Report Overview

Visited public
2025-03-13 11:28:27
Tags
URL
cpasbien.zip
Finishing URL
www.cpasbien4.com/
IP / ASN
104.21.31.165
#13335 CLOUDFLARENET
Title
Accueil - Cpasbien

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
stingerfound.com	unknown	2025-02-07	2025-02-20	2025-03-12	419 B	28 kB	172.255.103.117
euboicarmpit.top	unknown	2025-03-08	2025-03-10	2025-03-10	2.1 kB	4.3 kB	188.42.247.220
wvw.cpasbien.cx	unknown	2025-01-10	2025-01-19	2025-02-28	484 B	11 kB	104.21.84.205
www.cpasbien.gd	unknown	2024-11-29	2024-11-30	2025-02-28	484 B	11 kB	172.67.217.204
www.cpasbien.cz	unknown	2024-10-22	2017-05-26	2025-02-28	484 B	11 kB	104.21.112.1
www.cpasbien3.com	unknown	2025-02-25	2025-02-28	2025-02-28	486 B	11 kB	104.21.16.1
www.cpasbien4.com	unknown	2025-02-25	2025-03-13	2025-03-13	7.5 kB	299 kB	104.21.16.1
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-03-12	1.0 kB	292 kB	104.17.24.14
www.cpasbien.im	unknown	unknown	2017-01-26	2017-04-23	484 B	11 kB	104.21.13.132
cpasbien.zip	unknown	2024-04-22	2024-11-30	2025-02-28	481 B	11 kB	104.21.31.165
www-cpasbien.com	unknown	2025-01-31	2017-01-26	2020-01-17	485 B	11 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-12	438 B	357 kB	142.250.74.72
www.cpasbien.cv	unknown	unknown	2025-01-19	2025-02-28	484 B	11 kB	172.67.214.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-13	medium	stingerfound.com	Sinkholed
2025-03-13	medium	euboicarmpit.top	Sinkholed
2025-03-13	medium	euboicarmpit.top	Sinkholed
2025-03-13	medium	euboicarmpit.top	Sinkholed
2025-03-13	medium	euboicarmpit.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-TKZGESD6CW	ScriptElement	356 kB	2025-03-13	2025-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-TKZGESD6CW IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 11:28 Last Seen2025-03-13 11:28 Times Seen1 Hash a4f7c804da8bd4ced99867043d64c78a f1269ba180a9becb07c872c7516f5eb6b4a4b056 416416d1d8482abab26ef118afc5b8bade73a65e481daf892c43711d520af71d Loading...

	www.cpasbien4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-06-23
Pretty URL www.cpasbien4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 04:13 Times Seen35006 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	stingerfound.com/1clkn/118101	ScriptElement	27 kB	2025-03-13	2025-03-13
Pretty URL stingerfound.com/1clkn/118101 IP 172.255.103.117 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 11:28 Last Seen2025-03-13 11:28 Times Seen1 Hash 6ab5ffdcf953756dacbb86061dd9fbb5 29f12b0ac1fa9f6c6ab133e1397ed56c635a7a82 32ad54ba630cd4457c6fce2f26cb715f17a579c9196e1785d16b6096cf5aa552 Loading...

	www.cpasbien4.com/themes/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-06-23
Pretty URL www.cpasbien4.com/themes/js/jquery.min.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-06-23 03:12 Times Seen2211 Hash b0dc11d0a434aafe88908c7f33d71095 1327f754ff87d26bced46568543207e9df190aaa de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f Loading...

	www.cpasbien4.com/themes/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-06-23
Pretty URL www.cpasbien4.com/themes/js/bootstrap.min.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 03:53 Times Seen6169 Hash c5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Loading...

	www.cpasbien4.com/share42/share42.js	ScriptElement	4.1 kB	2025-03-12	2025-03-17
Pretty URL www.cpasbien4.com/share42/share42.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-12 05:24 Last Seen2025-03-17 06:52 Times Seen6 Hash 0773c76a0ebaecf3ed009a5124738d61 a3dfa9e10b2475656b856ed48bfbd7d1ca9dc407 b1dc1d837669172b95c3cd644f8516b6210a670e1a0e550e732c06361f03edb3 Loading...

	www.cpasbien4.com/	ScriptElement	153 B	2024-02-15	2025-06-12
Pretty URL www.cpasbien4.com/ IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-15 18:33 Last Seen2025-06-12 13:45 Times Seen94 Hash 81630d0fa87c615651f4e254f82b4d06 51589a6efc263ac6ce5262cbaa07a8fa4a4f5b9a c50325fe0fe59de6c1ed0bd94cb47634640a12715d5531527459f049b6d13618 Loading...

HTTP Transactions (32)

URL IP Response Size

GET www-cpasbien.com/

188.114.96.1

301 Moved Permanently

10 kB

URL User Request GET
www-cpasbien.com/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectwww-cpasbien.com
FingerprintA5:70:F6:E0:77:D7:5F:4B:02:15:93:44:4C:CA:0C:33:D6:89:6F:19
ValidityFri, 31 Jan 2025 09:05:59 GMT - Thu, 01 May 2025 10:04:20 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www-cpasbien.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:07 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien3.com
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpQux%2BDx8Kjduf%2FLbJ3jfhN88sp1LpwYnyz5Q91VrawTXoDeEAFLQWicv37BUlFmWtS0UBlu2kKser3HDLyZs%2FP3zQth3pO8c43nv8Z9UM%2F7LrTrf0frI%2BF5W5zd%2FaWx0E64"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2f9f7c4bb4fd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60366&min_rtt=60252&rtt_var=17145&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3284&recv_bytes=1224&delivery_rate=61627&cwnd=252&unsent_bytes=0&cid=4bc1a88bbfce9350&ts=98&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien3.com/

104.21.16.1

301 Moved Permanently

10 kB

URL User Request GET
www.cpasbien3.com/
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien3.com
Fingerprint55:4C:65:38:E8:3E:60:F1:14:C5:90:47:38:4B:39:BD:6D:2D:5F:00
ValidityTue, 25 Feb 2025 06:22:05 GMT - Mon, 26 May 2025 07:20:53 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:07 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien4.com/
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpqFVek6Og%2FI%2BOHnvd1KLZNVLwBNsS5T4hzUuMBDo8G4jYYMtbMjUzyEKHsX%2F3A0gqRu8YcmSSM6PLzGGZxgtw9%2B1lrEYTZsbusiqR5zNk%2BPqPa0kdec8FfmhaUbEyLmz0tWuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa1ddadf5bc-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=83698&min_rtt=83395&rtt_var=23982&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3182&recv_bytes=1096&delivery_rate=44199&cwnd=101&unsent_bytes=0&cid=f89907fb329ac644&ts=104&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/css/bootstrap.min.css

104.21.16.1

200 OK

12 kB

URL GET
www.cpasbien4.com/themes/default/css/bootstrap.min.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
ASCII text, with very long lines (6975)
Size
12 kB (12193 bytes)
Hash
f5ba08968a6e2f03e7ddce0ac22728f2
44c0209a145c320dd6fe1b50a0f37b6cab77e853
9b7c57ae4dc2125c44a8ff8b3a80414215c6987c85de47427d8b4e9acb92c94e

HTTP Headers

GET /themes/default/css/bootstrap.min.css HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: text/css
last-modified: Sat, 01 Mar 2025 17:56:53 GMT
vary: Accept-Encoding
etag: W/"67c34a65-2fa1"
expires: Thu, 13 Mar 2025 21:48:41 GMT
cache-control: max-age=43200, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 5967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o8BDU5KL8s1xo8gECDYiB61Z7nhjHu8nbMiiIJPlxyae3PoOtC2dmirtYw2lqhJxWIO1BsX1hmcEO91m8yo6WU7Z%2BRrlRYrXaXUT2uDOLWbAvjsKVZLNW3CkyuvDX9%2FP7JmKZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa6cd2ef5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=79241&min_rtt=78824&rtt_var=12711&sent=30&recv=14&lost=0&retrans=0&sent_bytes=16401&recv_bytes=1710&delivery_rate=84624&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=560&x=0"
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.css

104.17.24.14

200 OK

140 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
troff or preprocessor input, ASCII text
Size
140 kB (139724 bytes)
Hash
e3d3126e93fc1303cf862d5852f56654
357908650e3a2f75f7e77c3e741e8bd0cfa07625
340d09d12141a30f53d870d647f2f4ba93047709331cd441c43db7301bd52d68

HTTP Headers

GET /ajax/libs/font-awesome/6.2.0/css/all.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: text/css; charset=utf-8
content-length: 19472
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "630e6e62-4c10"
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 43115
expires: Tue, 03 Mar 2026 11:28:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xf0OrQLeQNTUGWI5ElJB9sadmUlihrnH%2Bb4dQtpgICyc2m7Cfuzz3VZsjmgeo1EPnxD2xDjvibcTSPP7jrS3g1rSJSCGd2l%2FEDQk0MWSn3gl8C104otqLmvxOqcvoR8N6mttJZr1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91fb2fa81a6556b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/img/fond.jpg

104.21.16.1

200 OK

32 kB

URL GET
www.cpasbien4.com/themes/default/img/fond.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2520x142, components 3
Size
32 kB (32310 bytes)
Hash
56121fe0070d93736b8fe5ea7d3c9524
1c91ca6ed08d9f7bbd20088faf3f401c4f720107
a64aa3531489683535c374c4631338a7ca4ca15e8c3ebf6c7f4ea8ad8005b1d3

HTTP Headers

GET /themes/default/img/fond.jpg HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/themes/default/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/jpeg
last-modified: Sat, 01 Mar 2025 17:56:57 GMT
vary: Accept-Encoding
etag: W/"67c34a69-7e36"
expires: Sat, 12 Apr 2025 09:57:36 GMT
cache-control: max-age=2592000, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 5433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pir3f%2BSAs2R3tmj%2BLNADoQkKEcHePFGXj362K390pJD%2FJxFeg7oMLLJpdo95gvPKAgm7Pu8VkWs0Wby2V9DPyhdV195NF8ojmwdlnUKsTuVWLoNjwVQ7Opvt3zfMlcGdMXawqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa90fc7f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=46&recv=24&lost=0&retrans=0&sent_bytes=24837&recv_bytes=2130&delivery_rate=246491&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=909&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/img/sprites.png

104.21.16.1

200 OK

16 kB

URL GET
www.cpasbien4.com/themes/default/img/sprites.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
PNG image data, 360 x 112, 8-bit/color RGBA, non-interlaced
Size
16 kB (16245 bytes)
Hash
d22560c8930c705271bafb1dd7d04c78
8c2ec1c29f150e4ab88396d029003d26c5b7d2e5
859a1f76fbbfc3d2cd3acb8bed0086e1cc2a47632f6f576d3bbd7632caeb96a1

HTTP Headers

GET /themes/default/img/sprites.png HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/themes/default/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/png
last-modified: Sat, 01 Mar 2025 17:56:59 GMT
vary: Accept-Encoding
etag: W/"67c34a6b-3f75"
expires: Sat, 12 Apr 2025 09:44:25 GMT
cache-control: max-age=2592000, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 6224
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJLwHDrEy9XACDhq1eNti%2FCC7h52F2Ujp8NIyoYkAx3Rhby6fLzvN4Dmg7ydeh79CCQL%2BpHCvIwTw%2BVVIUCGooMP1tXnTAh4bQrUdagGWNhGvE1qhmCR%2Bqo4mqump%2B9dP9MPhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa90fe5f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=61&recv=24&lost=0&retrans=0&sent_bytes=41683&recv_bytes=2130&delivery_rate=246491&cwnd=103&unsent_bytes=8325&cid=b36c0ee2d2d0245d&ts=911&x=0"
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-TKZGESD6CW

142.250.74.72

200 OK

356 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-TKZGESD6CW
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
356 kB (355587 bytes)
Hash
a4f7c804da8bd4ced99867043d64c78a
f1269ba180a9becb07c872c7516f5eb6b4a4b056
416416d1d8482abab26ef118afc5b8bade73a65e481daf892c43711d520af71d

HTTP Headers

GET /gtag/js?id=G-TKZGESD6CW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 13 Mar 2025 11:28:09 GMT
expires: Thu, 13 Mar 2025 11:28:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 119209
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.cpasbien4.com/

104.21.16.1

200 OK

10 kB

URL User Request GET
www.cpasbien4.com/
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
cf-cache-status: HIT
age: 5561
last-modified: Thu, 13 Mar 2025 09:55:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igPH4gVwIoCvjEXhfl66BRd9GLRJt34%2BcEbyPSyaCsjJEAwatMc4MyRDsue0nV9wd8lw0y34YiIF9lHBWFoZh3j2lmjNu7PTMkiRaSZeMQonI70CCGfxkHlv9R9BHCTfNH8vug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa3f987f5c7-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=79261&min_rtt=79238&rtt_var=22327&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3253&recv_bytes=1226&delivery_rate=47182&cwnd=102&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=102&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/js/bootstrap.min.js

104.21.16.1

200 OK

37 kB

URL GET
www.cpasbien4.com/themes/js/bootstrap.min.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
JavaScript source, ASCII text, with very long lines (32003)
Size
37 kB (36868 bytes)
Hash
c5b5b2fa19bd66ff23211d9f844e0131
791aa054a026bddc0de92bad6cf7a1c6e73713d5
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

HTTP Headers

GET /themes/js/bootstrap.min.js HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: application/javascript
last-modified: Sat, 01 Mar 2025 17:56:20 GMT
vary: Accept-Encoding
etag: W/"67c34a44-9004"
expires: Thu, 13 Mar 2025 21:48:41 GMT
cache-control: max-age=43200, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 5968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pmXF710xvGMSYldtpUGpo1bqZ%2F0j%2BpzPBzpcQnKVGG50KR%2F0yq3Hqo%2FqwQ9tIGl6eE6YW9iN1McpTXqigG1XyFhJClT1fr%2FbL%2FJu20BGeVYeDb82Fg7jyidnfuM%2BZaIMPSojUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa91ffcf5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=86&recv=28&lost=0&retrans=0&sent_bytes=68917&recv_bytes=2542&delivery_rate=246491&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=923&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2

104.21.16.1

200 OK

19 kB

URL GET
www.cpasbien4.com/cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
Size
19 kB (18668 bytes)
Hash
8655d20bbcc8cdbfab17b6be6cf55df3
90edbfa9a7dabb185487b4774076f82eb6412270
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

HTTP Headers

GET /cf-fonts/s/open-sans/5.0.20/latin/400/normal.woff2 HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: font/woff2
content-length: 18668
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HNDoMGgEm%2BPe6M91RqVGrcVu15OZVur8xnU7wSUK44WGMSWuLAOkcds9%2Fav%2FeHDmb1hOoj7U4lxtNK5wwty8kfcQiFsssLYB3nXwNf6hMRWAUCrRxyU9KiNx7D%2BUuQEZb9EpSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa92807f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=99&recv=28&lost=0&retrans=0&sent_bytes=84085&recv_bytes=2542&delivery_rate=246491&cwnd=103&unsent_bytes=30889&cid=b36c0ee2d2d0245d&ts=930&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/share42/icons.png

104.21.16.1

200 OK

13 kB

URL GET
www.cpasbien4.com/share42/icons.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
PNG image data, 320 x 32, 8-bit/color RGBA, non-interlaced
Size
13 kB (12989 bytes)
Hash
91e4a62eea2176076838f5d622c4930e
7320b442d9dc8f4ea297b591221c99476e3d2620
f2e2daf0477ef457aa6982874a0cdff07bfca3d8183b4a4136f157f444996cc1

HTTP Headers

GET /share42/icons.png HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/png
last-modified: Sat, 01 Mar 2025 18:05:32 GMT
vary: Accept-Encoding
etag: W/"67c34c6c-32bd"
expires: Sat, 12 Apr 2025 10:49:01 GMT
cache-control: max-age=2592000, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 2348
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qD0kYEgfVstiZqd5Zl5soL0206n88NM44G%2FF9mJcuZN3t5IL5aen5rmqPvNzPF09h5EbikxXjg6SKwZkuNQrHNtOlft9EYAyaaEHzgLxX9Wt1ar0qY3lgfUagE6zpTEnVj1mAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fac4c42f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=76918&min_rtt=74114&rtt_var=1016&sent=158&recv=91&lost=0&retrans=0&sent_bytes=153082&recv_bytes=2723&delivery_rate=1086108&cwnd=185&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=1429&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/img/favicon.ico

104.21.16.1

200 OK

1.2 kB

URL GET
www.cpasbien4.com/themes/default/img/favicon.ico
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
730f19e40d8bc2a05b5d9418ed6d024e
27f4146350e935b83783164858fc3a41016e64fb
7798ef17288a5134d37d5aa28845eee32b62721e9e32d152f8c50c5f2f1b347c

HTTP Headers

GET /themes/default/img/favicon.ico HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 01 Mar 2025 17:56:57 GMT
etag: "67c34a69-47e"
cache-control: no-store
cf-cache-status: HIT
age: 952
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nfVxxf2tQnazhp8HSx9Q2DaE7kWoKEAKhserZTSoJ%2BROGUz1rq4cTtYOAmiezbYRvfEH6z%2FNPcnTic8LwBnR2rHkfx%2FoORckqXxtXsaTpf4OCSBZ5Gr0wPLyIfER6EdtXViScg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fae3f55f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=77581&min_rtt=74114&rtt_var=1041&sent=170&recv=98&lost=0&retrans=0&sent_bytes=166709&recv_bytes=2811&delivery_rate=1086108&cwnd=197&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=1739&x=0"
X-Firefox-Spdy: h2

GET stingerfound.com/1clkn/118101

172.255.103.117

200 OK

27 kB

URL GET
stingerfound.com/1clkn/118101
IP
172.255.103.117:443
ASN
#7979 SERVERS-COM

Requested by
https://www.cpasbien4.com/
Certificate
IssuerLet's Encrypt
Subjectstingerfound.com
Fingerprint8A:C7:A9:AF:31:14:76:E8:69:31:D4:33:85:04:F2:9D:0C:32:3F:DA
ValidityFri, 07 Feb 2025 00:35:27 GMT - Thu, 08 May 2025 00:35:26 GMT

File type

Size
27 kB (27327 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1clkn/118101 HTTP/1.1
Host: stingerfound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Mar 2025 11:28:09 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Fri, 14-Mar-2025 11:28:09 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyEEKwjAQRuGZoQSKQvmxB%2BgJtEEQXdelJAtP0NYihZKUJCre3rj4Fu8RkdRbyLyi0u1lr0%2BZPmca%2FIQYCxkdlPHh03%2FBAdIeIcFhY%2BPim86%2FXMp%2FRPFv8IzSDj42ZkoJ4iLKrh%2BW6XC938CrIkjyiiHxURP4rXY%2F6E0cMQ%3D%3D; expires=Fri, 14-Mar-2025 11:28:09 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET www.cpasbien4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.21.16.1

200 OK

12 kB

URL GET
www.cpasbien4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
JavaScript source, ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: application/javascript
last-modified: Mon, 10 Mar 2025 12:22:01 GMT
etag: W/"67ced969-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9mQK%2FA3L%2F09t4Xn9hx1A0cxPbuq7DVlOttwsw3lIZbvzQiwOr5YZ8BVyCdW%2FsJIwowaJ3St%2FzEDtRU9DqKNJgZ%2FbPYZFHJYjcTHyLxHOBa%2FKU1U1mk1oy4dBzG9tDco24TCZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa6cd31f5c7-AMS
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 15 Mar 2025 11:28:08 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/img/btn_recherche.gif

104.21.16.1

200 OK

1.1 kB

URL GET
www.cpasbien4.com/themes/default/img/btn_recherche.gif
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
GIF image data, version 87a, 36 x 43
Size
1.1 kB (1081 bytes)
Hash
60018e565bdd1d7db987a8050552f58a
e07df01a9f332ad1b817e7c685256fa1e7bc5851
c03fa49e2b84a02341b5e0fd22fdccbe05609d94ab6ff1e91212cfcbe51e21fc

HTTP Headers

GET /themes/default/img/btn_recherche.gif HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/themes/default/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/gif
last-modified: Sat, 01 Mar 2025 17:56:56 GMT
vary: Accept-Encoding
etag: "67c34a68-439"
expires: Sat, 12 Apr 2025 09:57:36 GMT
cache-control: max-age=2592000, no-store
content-encoding: gzip
age: 5432
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vao%2FCJCHqjKrh%2FJNfsWnqdAPUrBbhTdNyfcXUZfPD3aTjE0etx%2F%2Bd%2FZjqhQxqElICsXDy0pWSKnHbFDzkHos2we0rlkWTaZvmnIlQLg5303Xu99tMyFj%2BLfWYC9prmuZTThbtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa90fd5f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=43&recv=24&lost=0&retrans=0&sent_bytes=23284&recv_bytes=2130&delivery_rate=246491&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=909&x=0"
X-Firefox-Spdy: h2

OPTIONS euboicarmpit.top/pntne

188.42.247.220

200 OK

0 B

URL OPTIONS
euboicarmpit.top/pntne
IP
188.42.247.220:443
ASN
#7979 SERVERS-COM

Requested by
https://www.cpasbien4.com/
Certificate
IssuerZeroSSL
Subjecteuboicarmpit.top
Fingerprint77:F4:85:F1:8C:25:27:43:1E:E1:0E:08:B6:AC:66:00:73:68:BD:BC
ValiditySat, 08 Mar 2025 00:00:00 GMT - Fri, 06 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pntne HTTP/1.1
Host: euboicarmpit.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.cpasbien4.com/
Origin: https://www.cpasbien4.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Mar 2025 11:28:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cpasbien4.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET wvw.cpasbien.cx/

104.21.84.205

301 Moved Permanently

10 kB

URL User Request GET
wvw.cpasbien.cx/
IP
104.21.84.205:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.cx
Fingerprint89:2A:96:02:25:FD:20:3B:3F:0F:FD:9B:31:6C:4B:9D:AA:24:EC:A1
ValidityMon, 10 Mar 2025 19:26:18 GMT - Sun, 08 Jun 2025 20:23:59 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: wvw.cpasbien.cx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:06 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien.im
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=plknDRd7bX4MA5%2Fxmqvav9wyZIYa0mWqhYeiCVajaAXuxnFUVUCaxQqv%2BxNpow4R5o9l0FlOenOUFf8ntDsoJmWgbUNEOmoGVqoRiOafEjH1d%2FZx8p6FIBosCujXfA%2BzDJc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f9b9c06b4f3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59243&min_rtt=59213&rtt_var=22265&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3253&recv_bytes=1222&delivery_rate=62973&cwnd=252&unsent_bytes=0&cid=aeb3286117cb33b1&ts=90&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien.cv/

172.67.214.90

301 Moved Permanently

10 kB

URL User Request GET
www.cpasbien.cv/
IP
172.67.214.90:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.cv
Fingerprint25:8E:29:DB:A7:26:63:39:63:9C:9C:5C:68:6A:96:D2:60:D6:23:7C
ValidityMon, 24 Feb 2025 16:58:10 GMT - Sun, 25 May 2025 17:56:33 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien.cv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:06 GMT
content-type: text/html
content-length: 167
location: https://wvw.cpasbien.cx
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRviaKcJU1ZlvQdL%2B9D3D081%2BjBwyqTM8JMVW6jeenEaFY4p3vlxGXQkGiWSKElNPPGXWWAdC4qrEYabrESHHdQq0oI%2FzJ0TuC9bu96412p3i2lKEi6sQqdeGHa6PUiLMxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f999a580b59-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59137&min_rtt=59088&rtt_var=16658&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1094&delivery_rate=63244&cwnd=240&unsent_bytes=0&cid=c063d96fe261af6a&ts=90&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/css/styles.css

104.21.16.1

200 OK

20 kB

URL GET
www.cpasbien4.com/themes/default/css/styles.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
ASCII text, with CRLF line terminators
Size
20 kB (19792 bytes)
Hash
ba3938192b12e7bf87a52e3751e83a37
2905034d2e78925ed8e0dee9aaa5ba9f8b60492a
c91423253e6d66deec444ddfdf33dd18f9f9b3eca16c1a0ba8836b5d5e13327d

HTTP Headers

GET /themes/default/css/styles.css HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: text/css
last-modified: Fri, 07 Mar 2025 16:34:31 GMT
vary: Accept-Encoding
etag: "67cb2017-4d50"
expires: Thu, 13 Mar 2025 21:44:24 GMT
cache-control: max-age=43200, no-store
content-encoding: gzip
age: 6223
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bXW%2FmsZ3C%2FTECWSgU%2FE70RApzTPHMqKFCx%2F48nBkbb%2BTiMHUP0tW7lC4bpl%2FeuosuyNrbbjLdiFYcLYxlNo5W4YbjBdwv4%2BQ8H7RGcuVco7lEJgeukhhDJD50FUk2d9jieHR5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa6cd28f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=79241&min_rtt=78824&rtt_var=12711&sent=26&recv=14&lost=0&retrans=0&sent_bytes=11666&recv_bytes=1710&delivery_rate=84624&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=549&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/js/jquery.min.js

104.21.16.1

200 OK

84 kB

URL GET
www.cpasbien4.com/themes/js/jquery.min.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators
Size
84 kB (84349 bytes)
Hash
b0dc11d0a434aafe88908c7f33d71095
1327f754ff87d26bced46568543207e9df190aaa
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f

HTTP Headers

GET /themes/js/jquery.min.js HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: application/javascript
last-modified: Sat, 01 Mar 2025 17:56:20 GMT
vary: Accept-Encoding
etag: W/"67c34a44-1497d"
expires: Thu, 13 Mar 2025 21:48:41 GMT
cache-control: max-age=43200, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 5968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNweOEe7DZXs3qu5aKwR3YWDw4pphidhOhCH4RTaVSSTY93ohmektocyH6YDy%2BW5GYbyKxgGc5YhQ1lkabi4JJ8o2GZioe5b%2BtL49iRXxHnUexryLVu6Xm0%2BOLyC0d0oSI5cDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa92804f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=96&recv=28&lost=0&retrans=0&sent_bytes=80806&recv_bytes=2542&delivery_rate=246491&cwnd=103&unsent_bytes=203&cid=b36c0ee2d2d0245d&ts=924&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2

104.21.16.1

200 OK

18 kB

URL GET
www.cpasbien4.com/cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18260, version 1.0
Size
18 kB (18260 bytes)
Hash
36f81686bbf993fbfe3aed9ae2f55e5b
5d18e2d5e48e0f5ba172e7477eed432541087402
114f872abf6cae70383b09ca2168821991fde718702d79cdc457a49b03560cb0

HTTP Headers

GET /cf-fonts/s/open-sans/5.0.20/latin/700/normal.woff2 HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: font/woff2
content-length: 18260
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PCVzwUyH1AWjfFTkJ39HghbGlRgLR6WQFrydTW1m6fIw2bF6wFGPVN76KIH9NIIIbpGuFiMvHd6nUjyXUNKo83V8wnQY98DnzZc2qCpHFqKXR3UFusDx0wE9m4GazLdUaXl8Og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa93825f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=99&recv=29&lost=0&retrans=0&sent_bytes=84085&recv_bytes=2644&delivery_rate=246491&cwnd=103&unsent_bytes=32448&cid=b36c0ee2d2d0245d&ts=941&x=0"
X-Firefox-Spdy: h2

OPTIONS euboicarmpit.top/pntne

188.42.247.220

200 OK

0 B

URL OPTIONS
euboicarmpit.top/pntne
IP
188.42.247.220:443
ASN
#7979 SERVERS-COM

Requested by
https://www.cpasbien4.com/
Certificate
IssuerZeroSSL
Subjecteuboicarmpit.top
Fingerprint77:F4:85:F1:8C:25:27:43:1E:E1:0E:08:B6:AC:66:00:73:68:BD:BC
ValiditySat, 08 Mar 2025 00:00:00 GMT - Fri, 06 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pntne HTTP/1.1
Host: euboicarmpit.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.cpasbien4.com/
Origin: https://www.cpasbien4.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Mar 2025 11:28:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cpasbien4.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

POST euboicarmpit.top/pntne

188.42.247.220

200 OK

2 B

URL POST
euboicarmpit.top/pntne
IP
188.42.247.220:443
ASN
#7979 SERVERS-COM

Requested by
https://www.cpasbien4.com/
Certificate
IssuerZeroSSL
Subjecteuboicarmpit.top
Fingerprint77:F4:85:F1:8C:25:27:43:1E:E1:0E:08:B6:AC:66:00:73:68:BD:BC
ValiditySat, 08 Mar 2025 00:00:00 GMT - Fri, 06 Jun 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pntne HTTP/1.1
Host: euboicarmpit.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cpasbien4.com/
Content-Type: application/json
Content-Length: 84
Origin: https://www.cpasbien4.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Mar 2025 11:28:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cpasbien4.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Fri, 14-Mar-2025 11:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyEEKwjAQRuGZoQSKQvmxB%2BgJtEEQXdelJAtP0NYihZKUJCre3rj4Fu8RkdRbyLyi0u1lr0%2BZPmca%2FIQYCxkdlPHh03%2FBAdIeIcFhY%2BPim86%2FXMp%2FRPFv8IzSDj42ZkoJ4iLKrh%2BW6XC938CrIkjyiiHxURP4rXY%2F6E0cMQ%3D%3D; expires=Fri, 14-Mar-2025 11:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET www.cpasbien.gd/

172.67.217.204

301 Moved Permanently

10 kB

URL User Request GET
www.cpasbien.gd/
IP
172.67.217.204:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.gd
FingerprintD1:8B:99:69:6E:8E:8D:6E:E7:0A:91:A1:9E:A8:5C:79:5F:90:B5:71
ValidityMon, 27 Jan 2025 19:34:38 GMT - Sun, 27 Apr 2025 20:32:53 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:06 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien.cv/
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OxqmJq2NGP6HmLeflhddsDIoCMa7%2BqTo44uK6Wi9yaMTcnMptRZtXhnEYgGhaXPEULAtuRLfiixSFKWmilz4GMFPviBcXnSvc26hGoNSVj3Z0V0To6QglHogRmSK8c%2F4Ri4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f97a8e0b524-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60670&min_rtt=59186&rtt_var=19219&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3174&recv_bytes=1094&delivery_rate=57131&cwnd=251&unsent_bytes=0&cid=efc5edb947a90fc2&ts=237&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien.im/

104.21.13.132

301 Moved Permanently

10 kB

URL User Request GET
www.cpasbien.im/
IP
104.21.13.132:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.im
FingerprintE3:82:58:96:A2:19:90:B4:01:5C:30:76:D9:EF:17:93:69:96:3C:D4
ValidityTue, 28 Jan 2025 06:51:21 GMT - Mon, 28 Apr 2025 07:48:31 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien.im
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:07 GMT
content-type: text/html
content-length: 167
location: https://www-cpasbien.com
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUhJHHzRnMx%2B7LsUaHo3tUFzpje3qNX8E%2Fn2xsLFIh%2F1otnm4nyXA6jpMiQcOYKaFHnes9D3L1%2BvHu0FUYbq6FsnE%2ByMgCUctI0w6EBj6fLDdfvlHGHFFvo7rjeNHlV8xgI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f9d7d4c56cc-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=58810&min_rtt=58781&rtt_var=16585&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1094&delivery_rate=63537&cwnd=252&unsent_bytes=0&cid=c641a4f0356c36d3&ts=99&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/css/jquery.tooltip.css

104.21.16.1

200 OK

309 B

URL GET
www.cpasbien4.com/themes/default/css/jquery.tooltip.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
ASCII text, with very long lines (309), with no line terminators
Size
309 B (309 bytes)
Hash
c3388b47404d80f816f399215d8dd280
8eefbbc83e3eeaa048b3c7ae68c9bb120d39b0d0
3679cae0d506b0b92d38e146a4edff389b0bd5680be355308d6237659d0680c2

HTTP Headers

GET /themes/default/css/jquery.tooltip.css HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:08 GMT
content-type: text/css
content-length: 309
last-modified: Sat, 01 Mar 2025 17:56:54 GMT
etag: "67c34a66-135"
expires: Thu, 13 Mar 2025 21:48:41 GMT
cache-control: max-age=43200, no-store
cf-cache-status: HIT
age: 5967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=diDeTl8LxAqoXx8spQFlgFHr0bg1%2FHgi708KOO1QOqJqURYNs4oHjWt1uWySfyyuZrIat2FaVstsk5V8RerWAUlQPHZ%2B5U4%2B7XRvv2Ki6CjwF3SAUuXQOKYGTrpVm9Wspk9wZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa6cd26f5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=79241&min_rtt=78824&rtt_var=12711&sent=16&recv=14&lost=0&retrans=0&sent_bytes=6349&recv_bytes=1710&delivery_rate=84624&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=546&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/themes/default/img/logo.png

104.21.16.1

200 OK

2.9 kB

URL GET
www.cpasbien4.com/themes/default/img/logo.png
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
PNG image data, 280 x 102, 8-bit colormap, non-interlaced
Size
2.9 kB (2863 bytes)
Hash
bbe71e764c32438317b3e7f4785dc3b0
870063ae5643493ac6045608343d24b529355531
2312f04966bcdc4143b4392cea49a917a96be8f1b50f95282cb6d1d1bdd0bd81

HTTP Headers

GET /themes/default/img/logo.png HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/themes/default/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: image/png
last-modified: Sat, 01 Mar 2025 17:56:58 GMT
vary: Accept-Encoding
etag: W/"67c34a6a-b2f"
expires: Sat, 12 Apr 2025 09:57:36 GMT
cache-control: max-age=2592000, no-store
content-encoding: gzip
cf-cache-status: HIT
age: 5433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sggUr7u4OwYHvwdjMH%2BHE81ap69%2FxqagEmAci%2FUHPx0wSUHESYVy3iSrfEjjiHnpqz%2FG%2FLw5tnUy8K3tpxHBweU%2BuGi9XYb6w8i7EQwCBJNgw3lMgaUNuqhJc5kAqDYqUFeaag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa90fccf5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=37&recv=24&lost=0&retrans=0&sent_bytes=19701&recv_bytes=2130&delivery_rate=246491&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=908&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien4.com/share42/share42.js

104.21.16.1

200 OK

4.1 kB

URL GET
www.cpasbien4.com/share42/share42.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcpasbien4.com
Fingerprint8F:C8:D7:62:35:22:9E:AD:B4:59:E9:4C:FE:D9:1D:51:B0:39:6C:63
ValidityTue, 25 Feb 2025 06:42:26 GMT - Mon, 26 May 2025 07:39:51 GMT

File type
Unicode text, UTF-8 text, with very long lines (4247), with no line terminators
Size
4.1 kB (4120 bytes)
Hash
4be87a241ae931aed32a766638c9d0ba
3026dfad21c08aa3e32eefef3ec714d9fc0c6dc0
d325a2282ce7d5cd7555f98f0db995db8a685af93dbe2cfaa260798172053336

HTTP Headers

GET /share42/share42.js HTTP/1.1
Host: www.cpasbien4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cpasbien4.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: application/javascript
last-modified: Sat, 01 Mar 2025 18:05:32 GMT
vary: Accept-Encoding
etag: "67c34c6c-1018"
expires: Thu, 13 Mar 2025 22:49:01 GMT
cache-control: max-age=43200, no-store
content-encoding: gzip
age: 2347
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOXroQz2mJgel6NnGfeNSMHNBXX75%2FbQrgw1HDhEoWJEwkztUFOzBqhZAAaDBXpTcF9ce1Nt87Jtzp3bQlWNq1qpmId1BTpnSaMvvY7tr8ALQtu%2Fh5v5VgWVBdfzv7EJfV2Qsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 91fb2fa91ffaf5c7-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=80711&min_rtt=78824&rtt_var=4599&sent=82&recv=28&lost=0&retrans=0&sent_bytes=66820&recv_bytes=2542&delivery_rate=246491&cwnd=103&unsent_bytes=0&cid=b36c0ee2d2d0245d&ts=923&x=0"
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

150 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.cpasbien4.com/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150472, version 770.256
Size
150 kB (150472 bytes)
Hash
3e50e269ee627bb2279f91d18c085167
a7fca574d24e9ffa5ee0e0589ffe17277ae4ec27
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6

HTTP Headers

GET /ajax/libs/font-awesome/6.2.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cpasbien4.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 11:28:09 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150472
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "630e6e62-24bc8"
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 28197
expires: Tue, 03 Mar 2026 11:28:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpW9Rs2WxcTKc1eSmAfKbXrelprFvg%2BeV6KOKPbAoYC5CENGZf%2B4o2lUDfUXAu%2BnsGOKU1eHQ0%2Fv7gserWBFiqeZEvztKN7ccN5ojnv6uEqap9hPXKHzkqFNVaPo9Wx8ijvlTKzA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91fb2faa8b210afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cpasbien.zip/

104.21.31.165

301 Moved Permanently

10 kB

URL User Request GET
cpasbien.zip/
IP
104.21.31.165:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.zip
Fingerprint90:CB:0B:7E:29:0A:B9:54:49:F2:A5:C7:FF:DE:D6:15:D0:9D:A5:01
ValidityTue, 11 Feb 2025 20:47:44 GMT - Mon, 12 May 2025 21:45:48 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cpasbien.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:05 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien.cz/
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ym1lFF8VQ0E1aLXmrBx8mIf2X1xsK6MI4Thx60JE%2B3jGXCvnFhqz%2BsnnxhHJERqUIHkv9h856WdiO0U0NOg0ix0SB%2Bd1xDYINtgDuaChegsKtnmq4k0beLe6jERqpvA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f92a8150b59-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60252&min_rtt=60187&rtt_var=17042&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3275&recv_bytes=1217&delivery_rate=61901&cwnd=240&unsent_bytes=0&cid=3a512f9834382327&ts=95&x=0"
X-Firefox-Spdy: h2

GET www.cpasbien.cz/

104.21.112.1

301 Moved Permanently

10 kB

URL User Request GET
www.cpasbien.cz/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcpasbien.cz
Fingerprint9A:07:EF:99:51:38:06:06:30:E6:A0:5E:5C:67:E5:A5:0C:BA:F0:FA
ValidityMon, 17 Feb 2025 11:40:38 GMT - Sun, 18 May 2025 12:38:17 GMT

File type

Size
10 kB (10157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.cpasbien.cz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 13 Mar 2025 11:28:05 GMT
content-type: text/html
content-length: 167
location: https://www.cpasbien.gd/
cache-control: max-age=3600
expires: Thu, 13 Mar 2025 12:28:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfjLn35pyg0tIpOzKO0lO4%2B%2BGq92wg2O8MuKsdch7kzNIzGt42DflGmQhIDPbJ9yvzOZAPc2rCyJP8fpvVRLZaiSp5bJv5YUdFOsj5GvuGNUJx%2FPZJhHzfG8RRp6z0tLDSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91fb2f94a9620b41-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59555&min_rtt=59533&rtt_var=16784&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3179&recv_bytes=1094&delivery_rate=62776&cwnd=237&unsent_bytes=0&cid=23dcc170293a8daa&ts=85&x=0"
X-Firefox-Spdy: h2

POST euboicarmpit.top/pntne

188.42.247.220

200 OK

2 B

URL POST
euboicarmpit.top/pntne
IP
188.42.247.220:443
ASN
#7979 SERVERS-COM

Requested by
https://www.cpasbien4.com/
Certificate
IssuerZeroSSL
Subjecteuboicarmpit.top
Fingerprint77:F4:85:F1:8C:25:27:43:1E:E1:0E:08:B6:AC:66:00:73:68:BD:BC
ValiditySat, 08 Mar 2025 00:00:00 GMT - Fri, 06 Jun 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pntne HTTP/1.1
Host: euboicarmpit.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cpasbien4.com/
Content-Type: application/json
Content-Length: 77
Origin: https://www.cpasbien4.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Mar 2025 11:28:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cpasbien4.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Fri, 14-Mar-2025 11:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyEEKwjAQRuGZoQSKQvmxB%2BgJtEEQXdelJAtP0NYihZKUJCre3rj4Fu8RkdRbyLyi0u1lr0%2BZPmca%2FIQYCxkdlPHh03%2FBAdIeIcFhY%2BPim86%2FXMp%2FRPFv8IzSDj42ZkoJ4iLKrh%2BW6XC938CrIkjyiiHxURP4rXY%2F6E0cMQ%3D%3D; expires=Fri, 14-Mar-2025 11:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (32)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP