Report - 130.51.22.26/

Report Overview

Submitted URL
130.51.22.26/
IP
130.51.22.26
ASN
#11878 TZULO
Submitted
2024-04-26 13:31:52
Access
public
Website Title
KW303🍀Daftar 3 Situs Slot Gacor Hari Ini
Final URL
130.51.22.26/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
130.51.22.26	unknown	unknown	No data	No data	469 B	9.7 kB	130.51.22.26
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-25	462 B	5.2 kB	142.250.74.74
cdn.ampproject.org	329	2015-08-31	2015-10-09	2024-04-25	873 B	79 kB	142.250.74.65
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-26	1.1 kB	21 kB	216.58.207.227
situskw.com	unknown	unknown	No data	No data	2.6 kB	5.4 MB	162.0.235.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	130.51.22.26	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	cdn.ampproject.org/v0.js	285 kB	2024-04-24	2024-04-30
Pretty URL cdn.ampproject.org/v0.js IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:27 Last Seen2024-04-30 21:05:30 Times Seen50 Hash 93b22676750227c6081037abf8baa351 d3c33bea647267cd0fef7c24d1431c40409b74b5 53da1339a0555a71431c0bbfb2bf946f300ee9d5fc2e5b9e0b424c93a2506a82 Loading...

	cdn.ampproject.org/rtv/012404091947000/v0/amp-auto-lightbox-0.1.js	7.8 kB	2024-04-24	2024-04-30
Pretty URL cdn.ampproject.org/rtv/012404091947000/v0/amp-auto-lightbox-0.1.js IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:27 Last Seen2024-04-30 21:05:30 Times Seen41 Hash bd778223dafaed0894e021593ad5dcbf ef1a45e18a85060334571cdc9eaf1e9435b5ffe9 2b753b9c13fe907246062aa577f7837fbd2ffebe71dec501c4cd6de494016ac8 Loading...

HTTP Transactions (12)

URL IP Response Size

cdn.ampproject.org/v0.js

142.250.74.65

200 OK

73 kB

URL GET HTTP/2
cdn.ampproject.org/v0.js
IP
142.250.74.65:443
ASN
#15169 GOOGLE

Requested by
https://130.51.22.26/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint13:C7:40:78:3B:C5:3E:4C:BF:6E:15:DC:37:54:F1:48:24:A2:83:80
ValidityMon, 08 Apr 2024 06:40:27 GMT - Mon, 01 Jul 2024 06:40:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64654)
Size
73 kB (73093 bytes)
Hash
93b22676750227c6081037abf8baa351
d3c33bea647267cd0fef7c24d1431c40409b74b5
53da1339a0555a71431c0bbfb2bf946f300ee9d5fc2e5b9e0b424c93a2506a82

HTTP Headers

GET /v0.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 73093
date: Fri, 26 Apr 2024 13:31:27 GMT
expires: Fri, 26 Apr 2024 13:31:27 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "224c86d2f329f14e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/chakrapetch/v11/cIf6MapbsEk7TDLdtEz1BwkWn6pg.woff2

216.58.207.227

200 OK

9.7 kB

URL GET HTTP/2
fonts.gstatic.com/s/chakrapetch/v11/cIf6MapbsEk7TDLdtEz1BwkWn6pg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://130.51.22.26/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9748, version 1.0
Size
9.7 kB (9748 bytes)
Hash
3405ddde82efbf765e88d70e4053a085
99609ffe38f3d9c3c95764b5adba80a015bfd918
9a83115d983bb1324c79a41db6d60d85583835c268939115a41025b4d388f3fa

HTTP Headers

GET /s/chakrapetch/v11/cIf6MapbsEk7TDLdtEz1BwkWn6pg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://130.51.22.26
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:05:03 GMT
expires: Sat, 26 Apr 2025 06:05:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 17:51:38 GMT
content-type: font/woff2
age: 26784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/chakrapetch/v11/cIflMapbsEk7TDLdtEz1BwkeJI91R5_F.woff2

216.58.207.227

200 OK

9.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/chakrapetch/v11/cIflMapbsEk7TDLdtEz1BwkeJI91R5_F.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://130.51.22.26/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9896, version 1.0
Size
9.9 kB (9896 bytes)
Hash
ac5c5eb0d242af015d0912e79631cb44
fd0d79e9f10854d211d648dbf8b9d125048e1e68
04324f621defc72007c4e635cfd12903161b5f8aa1067ad5f619314fc153be56

HTTP Headers

GET /s/chakrapetch/v11/cIflMapbsEk7TDLdtEz1BwkeJI91R5_F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://130.51.22.26
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:40:18 GMT
expires: Fri, 25 Apr 2025 02:40:18 GMT
cache-control: public, max-age=31536000
age: 125469
last-modified: Thu, 24 Aug 2023 17:55:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012404091947000/v0/amp-auto-lightbox-0.1.js

142.250.74.65

200 OK

3.0 kB

URL GET HTTP/3
cdn.ampproject.org/rtv/012404091947000/v0/amp-auto-lightbox-0.1.js
IP
142.250.74.65:443
ASN
#15169 GOOGLE

Requested by
https://130.51.22.26/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint13:C7:40:78:3B:C5:3E:4C:BF:6E:15:DC:37:54:F1:48:24:A2:83:80
ValidityMon, 08 Apr 2024 06:40:27 GMT - Mon, 01 Jul 2024 06:40:26 GMT

File type
JavaScript source, ASCII text, with very long lines (7690)
Size
3.0 kB (2974 bytes)
Hash
bd778223dafaed0894e021593ad5dcbf
ef1a45e18a85060334571cdc9eaf1e9435b5ffe9
2b753b9c13fe907246062aa577f7837fbd2ffebe71dec501c4cd6de494016ac8

HTTP Headers

GET /rtv/012404091947000/v0/amp-auto-lightbox-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://130.51.22.26
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2974
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:01:18 GMT
expires: Sat, 26 Apr 2025 06:01:18 GMT
cache-control: public, max-age=31536000
etag: "dfcaaf971da6dba2"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 27009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

situskw.com/img/mobile/Pg%20Soft%20MObile.png

162.0.235.73

200 OK

226 kB

URL GET HTTP/2
situskw.com/img/mobile/Pg%20Soft%20MObile.png
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
PNG image data, 600 x 280, 8-bit/color RGB, non-interlaced
Size
226 kB (226518 bytes)
Hash
6983c08c02b321b522e389fbb4966fee
7fe917a30419bfbd47ed10c8315342daeb5a2501
fea1f7c5e86eef30997131333c34a184b2904d928cf4c0742f9105a73cbe136a

HTTP Headers

GET /img/mobile/Pg%20Soft%20MObile.png HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:27 GMT
content-type: image/png
last-modified: Thu, 14 Dec 2023 12:36:08 GMT
accept-ranges: bytes
content-length: 226518
date: Fri, 26 Apr 2024 13:31:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

situskw.com/img/mobile/Buy%20Spin%20Mobile.png

162.0.235.73

200 OK

63 kB

URL GET HTTP/2
situskw.com/img/mobile/Buy%20Spin%20Mobile.png
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
PNG image data, 600 x 280, 8-bit colormap, non-interlaced
Size
63 kB (63323 bytes)
Hash
09c9df5c8793977a1baa9273b83f91b2
044c2a18115b4342b323d70ad0501036fde231fe
52b9d8c48afc05c97ab8ae7ebdd5d3d15df7892575e5d5a40fc7e8af471ef2c8

HTTP Headers

GET /img/mobile/Buy%20Spin%20Mobile.png HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:27 GMT
content-type: image/png
last-modified: Thu, 14 Dec 2023 12:36:07 GMT
accept-ranges: bytes
content-length: 63323
date: Fri, 26 Apr 2024 13:31:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

situskw.com/img/Favicon.png

162.0.235.73

200 OK

44 kB

URL GET HTTP/2
situskw.com/img/Favicon.png
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
44 kB (43631 bytes)
Hash
f36769ecb9716c9bed73d22bb07a5558
1be6df44d3caddba39bfd349821627d1bf424d17
995762b37754be07998afd98976193b578030f158fbb4c38ec1723e5cde92be4

HTTP Headers

GET /img/Favicon.png HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:28 GMT
content-type: image/png
last-modified: Thu, 14 Dec 2023 11:58:36 GMT
accept-ranges: bytes
content-length: 43631
date: Fri, 26 Apr 2024 13:31:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

situskw.com/img/mobile/Olympus%20Mobile.png

162.0.235.73

200 OK

216 kB

URL GET HTTP/2
situskw.com/img/mobile/Olympus%20Mobile.png
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
PNG image data, 600 x 280, 8-bit/color RGB, non-interlaced
Size
216 kB (216135 bytes)
Hash
a17ea1cf196130fac2649d433607f914
4801f07597a7e9f1685c76730d4b7e5100f1c0e5
ecdf0e252479ac6a326f7b3e22e0a9d43f56e871947cdf2cbba519e9f58b471e

HTTP Headers

GET /img/mobile/Olympus%20Mobile.png HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:27 GMT
content-type: image/png
last-modified: Thu, 14 Dec 2023 12:36:07 GMT
accept-ranges: bytes
content-length: 216135
date: Fri, 26 Apr 2024 13:31:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

situskw.com/img/Logo%20Official.png

162.0.235.73

200 OK

254 kB

URL GET HTTP/2
situskw.com/img/Logo%20Official.png
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
PNG image data, 1802 x 680, 8-bit/color RGBA, non-interlaced
Size
254 kB (254184 bytes)
Hash
dc0190b6493505ad8dcb15b41c65933a
cc6ebb22f71c8e11cefa7534487a5f72ba2a1f77
7b98c674b9c45fa8225f731809bdd83b383fd54d9ed1b2bd9ab0dc20fe9d0348

HTTP Headers

GET /img/Logo%20Official.png HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:27 GMT
content-type: image/png
last-modified: Thu, 14 Dec 2023 11:58:37 GMT
accept-ranges: bytes
content-length: 254184
date: Fri, 26 Apr 2024 13:31:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

situskw.com/img/Banner%20Gif.gif

162.0.235.73

200 OK

4.6 MB

URL GET HTTP/2
situskw.com/img/Banner%20Gif.gif
IP
162.0.235.73:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://130.51.22.26/
Certificate
IssuerSectigo Limited
Subjectsituskw.com
Fingerprint48:0F:87:D1:A6:50:C8:67:2B:7B:A2:C3:59:99:8C:CF:D1:1C:7A:07
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
GIF image data, version 89a, 925 x 160
Size
4.6 MB (4628029 bytes)
Hash
c46c29ec0f78559e3826f441ea256762
4cd2e8b77325dd5c5d200c26c6c668870d53a99f
77c0741d074aba38ebfcbc62fe989c8a405aca42d5bb528b25b9d2f76b15ae1f

HTTP Headers

GET /img/Banner%20Gif.gif HTTP/1.1
Host: situskw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 03 May 2024 13:31:27 GMT
content-type: image/gif
last-modified: Sun, 17 Dec 2023 06:46:44 GMT
accept-ranges: bytes
content-length: 4628029
date: Fri, 26 Apr 2024 13:31:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

130.51.22.26/

130.51.22.26

200 OK

9.4 kB

URL User Request GET HTTP/2
130.51.22.26/
IP
130.51.22.26:443
ASN
#11878 TZULO

Certificate
IssuerZeroSSL
Subject130.51.22.26
Fingerprint58:18:36:70:3B:E9:FB:A6:17:99:8A:AB:14:4E:29:D3:8D:55:22:16
ValidityTue, 12 Mar 2024 00:00:00 GMT - Mon, 10 Jun 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9954), with no line terminators
Size
9.4 kB (9436 bytes)
Hash
f077962715e31dda4c0ef648688e43a7
eb325c2a887817e75b008fbdf5089a5656a90e77
074c2421b43e6b1737a61b412a69ee692116be356dde006057a06d91b34edcd0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 130.51.22.26
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:31:26 GMT
content-type: text/html
last-modified: Sun, 17 Mar 2024 12:59:31 GMT
vary: Accept-Encoding
etag: W/"65f6e933-24dc"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Chakra+Petch:wght@400;500;700&display=swap

142.250.74.74

200 OK

4.5 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Chakra+Petch:wght@400;500;700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://130.51.22.26/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (4652), with no line terminators
Size
4.5 kB (4544 bytes)
Hash
dfd130cbfd90f35dfc8a3cacb49cc2e9
4a20115f1890a2f79598931aa62634e8454c5ea5
fd4df6e4208f6fc8e6c81cbde8ef6ba04d562a9c14ca3d73ac8b2bf8f04cffa2

HTTP Headers

GET /css2?family=Chakra+Petch:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://130.51.22.26/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 13:31:27 GMT
date: Fri, 26 Apr 2024 13:31:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN