159.89.184.53/bins/mirai.x86
159.89.184.53 8.2 kB URL User Request GET 159.89.184.53/bins/mirai.x86
IP 159.89.184.53:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (15936), with CRLF, LF line terminators
Hash 095fd5aa109a16a73918438f107279fc
be89c9bb2cd59c97e2d5672cddc5dccae5b34d7a
f0af0d189c3af2487944eeeb04fc26e922ec2265e0907becf7c99baa1e1a3e21
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO x86 File Download Request from IP Address
suricata medium ET HUNTING Suspicious GET Request for .x86
GET /bins/mirai.x86 HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <http://159.89.184.53/wp-json/>; rel="https://api.w.org/"
content-type: text/html; charset=utf-8
server-timing: amp_sanitizer;dur="16.3",amp_style_sanitizer;dur="6.7",amp_tag_and_attribute_sanitizer;dur="7.7",amp_optimizer;dur="2.2"
server: LiteSpeed
x-litespeed-cache: hit
date: Wed, 07 Jun 2023 05:48:03 GMT
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 127406f9d5b6ed0dc9ce35b801001438
eeef1443d9d5bd27cbe5d48d258cd665c6062da2
081e26abb2c6c81aade966b9d94fe5fb9b93a7396167d495041ae6e150097139
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.eot
159.89.184.53404 Not Found 8.2 kB URL GET HTTP/1.1 159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.eot
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (15936), with CRLF, LF line terminators
Hash d9cc454861b87357f86d05b6b96f9d4d
3367b66f16407a3b82bb100a2b3c5b9e10b388cf
51bd7ff094e5469068436704481f1a1253f0efb7976e0f19cfad67bfc4637d0e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/frontier/includes/genericons/Genericons.eot HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://159.89.184.53/bins/mirai.x86
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <http://159.89.184.53/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: fc6_HTTP.404,fc6_404,fc6_URL.d0b917a0b09554842807d2d338289940,fc6_
content-type: text/html; charset=utf-8
server-timing: amp_sanitizer;dur="16.4",amp_style_sanitizer;dur="6.8",amp_tag_and_attribute_sanitizer;dur="7.8",amp_optimizer;dur="2.1"
x-litespeed-cache: miss
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 41a3b4f598fdda82648999edaf0807b7
90b21f0891fa5240578b84984a5cf4ef64bf33b5
760234481c23b8f3cd6aa8b5c5947c1b552de75e51518f6071517970d1859f60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 41a3b4f598fdda82648999edaf0807b7
90b21f0891fa5240578b84984a5cf4ef64bf33b5
760234481c23b8f3cd6aa8b5c5947c1b552de75e51518f6071517970d1859f60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 127406f9d5b6ed0dc9ce35b801001438
eeef1443d9d5bd27cbe5d48d258cd665c6062da2
081e26abb2c6c81aade966b9d94fe5fb9b93a7396167d495041ae6e150097139
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/v0/amp-form-0.1.mjs
142.250.74.1200 OK 13 kB URL GET HTTP/2 cdn.ampproject.org/v0/amp-form-0.1.mjs
IP 142.250.74.1:443
Requested by http://159.89.184.53/bins/mirai.x86
Certificate IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint99:72:24:A1:6F:F0:50:0B:8F:4C:51:BB:AC:31:C2:3E:87:93:10:87
ValidityFri, 19 May 2023 12:53:49 GMT - Fri, 11 Aug 2023 12:53:48 GMT
File type Unicode text, UTF-8 text, with very long lines (41068)
Hash 398530f5a6c868599d2d5545c0e434a3
8dd20ec1907eafed17d297e66b1e9d0885831907
59e9613919acd24a86f684fcdb717d161fab6e0dc4eb9e1f6988f979af8fa9ed
GET /v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://159.89.184.53
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12967
date: Wed, 07 Jun 2023 05:48:03 GMT
expires: Wed, 07 Jun 2023 05:48:03 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "cb142c31d3f9849a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.ampproject.org/v0.mjs
142.250.74.1200 OK 63 kB URL GET HTTP/2 cdn.ampproject.org/v0.mjs
IP 142.250.74.1:443
Requested by http://159.89.184.53/bins/mirai.x86
Certificate IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint99:72:24:A1:6F:F0:50:0B:8F:4C:51:BB:AC:31:C2:3E:87:93:10:87
ValidityFri, 19 May 2023 12:53:49 GMT - Fri, 11 Aug 2023 12:53:48 GMT
File type Unicode text, UTF-8 text, with very long lines (64678)
Hash 787dfc042098ee383bdc4afe08c50cbc
9bafccca94041535ce2f595bbf6fe6023cddc86f
a285256cf50d15e16185e51140b7ea234589ed02bdbe465f7488844c3de5fc2b
GET /v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://159.89.184.53
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 63311
date: Wed, 07 Jun 2023 05:48:03 GMT
expires: Wed, 07 Jun 2023 05:48:03 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "d36e52d71eed8c45"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.svg
159.89.184.53 24 kB URL 159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.svg
IP 159.89.184.53:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 29816c642aaa0e5a8c9402f4d2da62cf
48f2d2c09d6dd4c2faff3e76cc98d4779cd9a32e
306eb5338cdfb6df6b243aa37a8236bd291ec546c57bd8a439c0fc7aedc00534
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/frontier/includes/genericons/Genericons.svg HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://159.89.184.53/bins/mirai.x86
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Jun 2023 05:48:03 GMT
etag: "12cb4-640413dc-c116c;gz"
last-modified: Sun, 05 Mar 2023 04:00:28 GMT
content-type: image/svg+xml
content-length: 24132
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.woff
159.89.184.53200 OK 14 kB URL GET HTTP/1.1 159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.woff
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type Web Open Font Format, TrueType, length 13988, version 0.0\012- data
Hash f3f73b280148eeed102d4a6874ac7886
973bfcd63513292f1bb220c241f6dde6509f1168
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/frontier/includes/genericons/Genericons.woff HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://159.89.184.53/bins/mirai.x86
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
etag: "36a4-640413dc-c116d;;;"
last-modified: Sun, 05 Mar 2023 04:00:28 GMT
content-type: application/font-woff
content-length: 13988
accept-ranges: bytes
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
159.89.184.53/wp-content/uploads/2023/03/pngtree-black-gold-lines-abstract-background-image_587953.jpg
159.89.184.53200 OK 47 kB URL GET HTTP/1.1 159.89.184.53/wp-content/uploads/2023/03/pngtree-black-gold-lines-abstract-background-image_587953.jpg
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x450, components 3\012- data
Hash 3c277f98d1acbeeb84cbd024bd37c2bb
1d624bfe67a8a72b3b5471fb20dc2f7ea0c051ea
b7e4260c3e6652371507364054e9920de971bf18d6e45f596fd1c5c92767ed15
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2023/03/pngtree-black-gold-lines-abstract-background-image_587953.jpg HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/bins/mirai.x86
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Jun 2023 05:48:03 GMT
etag: "b8c9-6404344a-846;;;"
last-modified: Sun, 05 Mar 2023 06:18:50 GMT
content-type: image/jpeg
content-length: 47305
accept-ranges: bytes
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash b2ec6c1f0c77c6e9a2796d3ac3294d0e
9fd82891ead5aec13abee83cf6b7a59375b2c3c5
63cb3c8767a9e5925cf61dce28b4d578aad09e7ba9358039648f05c9d98b4484
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 41a3b4f598fdda82648999edaf0807b7
90b21f0891fa5240578b84984a5cf4ef64bf33b5
760234481c23b8f3cd6aa8b5c5947c1b552de75e51518f6071517970d1859f60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 216.58.207.227:443
Requested by http://159.89.184.53/bins/mirai.x86
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://159.89.184.53
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Jun 2023 07:54:25 GMT
expires: Sat, 01 Jun 2024 07:54:25 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 424418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash b2ec6c1f0c77c6e9a2796d3ac3294d0e
9fd82891ead5aec13abee83cf6b7a59375b2c3c5
63cb3c8767a9e5925cf61dce28b4d578aad09e7ba9358039648f05c9d98b4484
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 05:48:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012305252018001/v0/amp-loader-0.1.mjs
142.250.74.1200 OK 3.9 kB URL GET HTTP/2 cdn.ampproject.org/rtv/012305252018001/v0/amp-loader-0.1.mjs
IP 142.250.74.1:443
Requested by http://159.89.184.53/bins/mirai.x86
Certificate IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint99:72:24:A1:6F:F0:50:0B:8F:4C:51:BB:AC:31:C2:3E:87:93:10:87
ValidityFri, 19 May 2023 12:53:49 GMT - Fri, 11 Aug 2023 12:53:48 GMT
File type ASCII text, with very long lines (12228)
Hash 911817c2b47ac10d242ebf57edcfc3c1
431b32e922eb46b7317b0067e20221c84313ad7e
6fcf7505598f44c875256639e01d50b8e539073a4af0461839483a4cd3842032
GET /rtv/012305252018001/v0/amp-loader-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://159.89.184.53
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 3907
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Jun 2023 19:49:02 GMT
expires: Wed, 05 Jun 2024 19:49:02 GMT
cache-control: public, max-age=31536000
etag: "737e56c26da8d5d4"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 35941
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
159.89.184.53/favicon.ico
159.89.184.53302 Found 0 B URL GET HTTP/1.1 159.89.184.53/favicon.ico
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/bins/mirai.x86
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-type: text/html; charset=UTF-8
link: <http://159.89.184.53/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: http://159.89.184.53/wp-includes/images/w-logo-blue-white-bg.png
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: fc6_HTTP.200,fc6_HTTP.302,fc6_default,fc6_URL.b54ff2eddcb0060bcd786ce388d8d4d7,fc6_
x-litespeed-cache: miss
content-length: 0
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
159.89.184.53/wp-content/uploads/2023/03/Screenshot-2023-03-05-125722-2.png
159.89.184.53200 OK 7.1 kB URL GET HTTP/1.1 159.89.184.53/wp-content/uploads/2023/03/Screenshot-2023-03-05-125722-2.png
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type PNG image data, 630 x 132, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e44d8c10f1f7747584d7977e1892b99
ee24f746eb1431f426eca6f1a20823873e012ea6
5cdd54a8d79226b3577342c698a4d8e972d8c0e98d72662d77da3a3d531596bd
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2023/03/Screenshot-2023-03-05-125722-2.png HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/bins/mirai.x86
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Jun 2023 05:48:03 GMT
etag: "1bd5-64042fdf-7d2;;;"
last-modified: Sun, 05 Mar 2023 05:59:59 GMT
content-type: image/png
content-length: 7125
accept-ranges: bytes
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
159.89.184.53/wp-includes/images/w-logo-blue-white-bg.png
159.89.184.53200 OK 4.1 kB URL GET HTTP/1.1 159.89.184.53/wp-includes/images/w-logo-blue-white-bg.png
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://159.89.184.53/bins/mirai.x86
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Jun 2023 05:48:04 GMT
etag: "1017-63c65291-bf0ef;;;"
last-modified: Tue, 17 Jan 2023 07:47:29 GMT
content-type: image/png
content-length: 4119
accept-ranges: bytes
date: Wed, 07 Jun 2023 05:48:04 GMT
server: LiteSpeed
connection: Keep-Alive
159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.svg
159.89.184.53200 OK 77 kB URL GET HTTP/1.1 159.89.184.53/wp-content/themes/frontier/includes/genericons/Genericons.svg
IP 159.89.184.53:80
ASN #14061 DIGITALOCEAN-ASN
Requested by http://159.89.184.53/bins/mirai.x86
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 29816c642aaa0e5a8c9402f4d2da62cf
48f2d2c09d6dd4c2faff3e76cc98d4779cd9a32e
306eb5338cdfb6df6b243aa37a8236bd291ec546c57bd8a439c0fc7aedc00534
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/frontier/includes/genericons/Genericons.svg HTTP/1.1
Host: 159.89.184.53
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://159.89.184.53/bins/mirai.x86
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Jun 2023 05:48:03 GMT
etag: "12cb4-640413dc-c116c;gz"
last-modified: Sun, 05 Mar 2023 04:00:28 GMT
content-type: image/svg+xml
content-length: 24132
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 07 Jun 2023 05:48:03 GMT
server: LiteSpeed
connection: Keep-Alive
fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.2.2
142.250.74.106200 OK 9.4 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.2.2
IP 142.250.74.106:443
Requested by http://159.89.184.53/bins/mirai.x86
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type ASCII text, with very long lines (9608), with no line terminators
Hash abd9c1f622e914d61f6c162ce35e6f32
aec36003e1a693a5801a7eee0a17b563fc808b43
b744a952b7a5c1dbb2afe45bc4aca7c28a94affaf235e165ae353c26807d031d
GET /css?family=Roboto+Condensed%3A400%2C700%7CArimo%3A400%2C700&ver=6.2.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://159.89.184.53
DNT: 1
Connection: keep-alive
Referer: http://159.89.184.53/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Jun 2023 05:48:03 GMT
date: Wed, 07 Jun 2023 05:48:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2