Report - www.ahmedabadcitytales.com/

Report Overview

Submitted URL
www.ahmedabadcitytales.com/
IP
91.215.85.65
ASN
#200593 Prospero Ooo
Submitted
2024-04-25 03:32:21
Access
public
Website Title
The G-cat – Dive head-first into the science of conservation, ecology, evolution and genetics
Final URL
www.ahmedabadcitytales.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
60

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s0.wp.com	6184	1997-03-28	2017-01-30	2024-04-24	1.8 kB	44 kB	192.0.77.32
fonts-api.wp.com	unknown	1997-03-28	2022-11-28	2024-04-24	506 B	7.6 kB	192.0.77.32
r-login.wordpress.com	138134	2000-03-03	2012-05-21	2024-04-22	633 B	504 B	192.0.78.18
www.ahmedabadcitytales.com	unknown	unknown	No data	No data	14 kB	1.0 MB	91.215.85.65
thegcatcom.files.wordpress.com	unknown	2000-03-03	2018-09-17	2018-09-17	1.9 kB	41 kB	192.0.72.21
fonts.wp.com	unknown	1997-03-28	2022-11-28	2024-04-24	4.4 kB	190 kB	192.0.77.32
pixel.wp.com	2545	1997-03-28	2017-01-30	2024-04-23	1.9 kB	807 B	192.0.76.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed
2024-04-25	medium	ahmedabadcitytales.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	www.ahmedabadcitytales.com/	461 B	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:28 Last Seen2024-04-25 05:32:28 Times Seen1 Hash 0ae3fdafb7d3784b2a71a2114b13debb 8c6e5c7fafeb7316c73350fd8f8e350436b2a147 f4a1debc0207676771e49d0eff650ad298f8c28b6926b11722acbc00175f7611 Loading...

	www.ahmedabadcitytales.com/	5.5 kB	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash 9cc5e3f3d2a26e5206f9ef9346c5d99c 9a74daa48130c9de3001e9a88fca70dd2be15b69 d5275a4463749259c63a3d52b6357ae84272fccca3c52dec2da44d8b17ced32e Loading...

	www.ahmedabadcitytales.com/index2_files/saved_resource(6)	101 kB	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/index2_files/saved_resource(6) IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:30 Times Seen2 Hash a9b5160ab90f885fe668b9b07d14d09f 5663a19b8b5381bf1aed6425db9be05faec63c8b 491150c7f3d3a911085477d6b7c9a77e88e1a0ee0efa343ae9b8f9a79b538069 Loading...

	www.ahmedabadcitytales.com/	261 B	2023-03-07	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-05-03 19:57:08 Times Seen826 Hash 045d9793bea2147d49e2091523bca32f add12c4d76b79a2ac35faec35f62d29a95aba30f e08353fd145bf9e8bfd944b3d6f4ccfa8ee927eda9209edeb5b1744e3b3a85b7 Loading...

	www.ahmedabadcitytales.com/index2_files/wpgroho.js.nedladdning	655 B	2023-05-08	2024-05-03
Pretty URL www.ahmedabadcitytales.com/index2_files/wpgroho.js.nedladdning IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 13:17:26 Last Seen2024-05-03 19:48:24 Times Seen675 Hash 5048b7bf6f335c259cae5d653d50726e 96f45044f726eef7c8e7c7f21f6368bf23a2b3f0 b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8 Loading...

	www.ahmedabadcitytales.com/index2_files/saved_resource(4)	131 kB	2023-11-21	2024-05-03
Pretty URL www.ahmedabadcitytales.com/index2_files/saved_resource(4) IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-21 23:18:45 Last Seen2024-05-03 19:48:24 Times Seen12 Hash 4e64bece4cc6d87182286d47c0ac0f52 1a187ce7282d25855fcd84a2d607db95990618ab c1eb8436057a2eb6fa5344a23a9811fcd63a65bb7a5055cb6036072c3f034ab2 Loading...

	www.ahmedabadcitytales.com/	3.3 kB	2024-04-16	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:24:24 Last Seen2024-05-03 19:57:08 Times Seen5 Hash 76585e0950a34fb5ca1fcc255dc5b816 45bd6e4ccdadc1356d1b986d09575e24c5147eb4 e642ce8e7ebe6be822e747054382f4911fba6ce9b212dbbe6b0fb34b1350b2d7 Loading...

	www.ahmedabadcitytales.com/	278 B	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash f9537ee8fb3fc3534effafe3714b0c38 24e893ead1a32cabe37c8574de1528b111f8419b 051b6af692e1183ce359d1328943b0e6b456ce79948a7ec32bd3a5c2747a379c Loading...

	s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891	19 kB	2024-03-13	2024-05-04
Pretty URL s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891 IP 192.0.77.32 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-04 12:01:59 Times Seen2759 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	www.ahmedabadcitytales.com/	547 B	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash 987cbc0967e1b0444a2fa5fc1abe57c5 6daa2cf44c74d429d5947908a73bc0c4d0c65baf 3159a1d659e4229718dcc533bb764e92b05ecefbcb9b4edf207988a2ffedc4ad Loading...

	www.ahmedabadcitytales.com/	172 B	2023-11-08	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-08 15:51:00 Last Seen2024-05-03 19:48:22 Times Seen286 Hash 1038255336905016fac36b0933942d23 f374142769c028dd68f5c4e0abcafa0e05ba136a fe9b2241d084040b201e1ee8227c1193e631ad39f7c167a774169dd81e101301 Loading...

	www.ahmedabadcitytales.com/index2_files/hovercards.min.js.nedladdning	13 kB	2024-04-01	2024-05-03
Pretty URL www.ahmedabadcitytales.com/index2_files/hovercards.min.js.nedladdning IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-01 15:02:03 Last Seen2024-05-03 19:48:24 Times Seen85 Hash 42e1c5cd9eeafe8d5f7960ebc0b5e009 8ef61d3f16881a010e0f431b63013d0c7dcc954f 4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406 Loading...

	www.ahmedabadcitytales.com/index2_files/actionbar.js.nedladdning	8.4 kB	2023-11-23	2024-05-03
Pretty URL www.ahmedabadcitytales.com/index2_files/actionbar.js.nedladdning IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 00:26:49 Last Seen2024-05-03 19:48:24 Times Seen86 Hash f466cb6b256973317c2315741fad9f49 ea2c62047a1697c19b06be23871ca839849cb8a3 a6dc271cbdaa05e97c5144483628df9e30b68326e5b04a5fef3322af1c0f22e0 Loading...

	www.ahmedabadcitytales.com/	1.7 kB	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash d11a52e8232d77a6bc31284c05c5d2e9 6b93bdb5252da41217fd001b4e97003d05c50358 84a66c27b3d60e163dee94df9e34f36971cf19c5003339e96181c14dd2160e29 Loading...

	www.ahmedabadcitytales.com/	57 B	2023-03-07	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05:01 Last Seen2024-05-03 19:48:22 Times Seen773 Hash d77da3c7eb06c88002d0a71f5871b32d 4bc85e9a6d37969174c7683858d8b3e135391e24 598ae4650a5f41a182576c1295a6d4c2439c16437d9e8a5f992cee5fa9cb1668 Loading...

	www.ahmedabadcitytales.com/	1.0 kB	2023-08-01	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-01 21:35:00 Last Seen2024-05-03 19:48:22 Times Seen344 Hash 26d7dfcfe5dac8a11100faf16f15ab95 c02f802109281d3f3355c7e5f1d5c0f96125df76 09694c231ea869cf05a1de2dd482ff66fe38e3292726f12924609d9d55ed2f28 Loading...

	www.ahmedabadcitytales.com/	485 B	2024-01-16	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-16 15:52:04 Last Seen2024-05-03 19:48:22 Times Seen42 Hash 5fd2449e62fa1791283e2f37c87b227d d79f93d0f1be53c43911b0470708070e7919bc82 e1108f63187fecf95519279c7730bc4a89c9667a37dbdd13e6a9016362793eee Loading...

	www.ahmedabadcitytales.com/index2_files/w.js.nedladdning	13 kB	2024-01-18	2024-05-04
Pretty URL www.ahmedabadcitytales.com/index2_files/w.js.nedladdning IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-18 16:29:14 Last Seen2024-05-04 11:17:48 Times Seen1109 Hash ef880be61458e4e89c9cb9d99d2d300e c7740f6524cfab6084682b1ce320b2e5e9c4d4cc 79674b01741c3978417b6b9b4b98d125755e7bb468979d5cd593eac4b94cdb91 Loading...

	www.ahmedabadcitytales.com/index2_files/remote-login.html	0 B	2023-03-07	2024-05-04
Pretty URL www.ahmedabadcitytales.com/index2_files/remote-login.html IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 12:40:02 Times Seen37335901 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.ahmedabadcitytales.com/index2_files/webfont.js.nedladdning	12 kB	2023-06-09	2024-05-03
Pretty URL www.ahmedabadcitytales.com/index2_files/webfont.js.nedladdning IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-09 05:02:37 Last Seen2024-05-03 19:57:08 Times Seen65 Hash f4c9ec478b9cff0933ebf1acf9efd1db 5a3718f1bfe79a237a33716fdf266bb920f92e1a 738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30 Loading...

	www.ahmedabadcitytales.com/	659 B	2023-11-09	2024-05-01
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-09 13:12:54 Last Seen2024-05-01 04:34:00 Times Seen12 Hash 738bc900dae9158bb06ec826445ed822 6fcd5247181dd0596ba0469b28b4ccb80f4c2653 6b2bd4287791541c99b7307abae85e48e310eee5c8f34c2dfaa6f5a8a96fbda7 Loading...

	www.ahmedabadcitytales.com/	1.7 kB	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash b18cfd3631587f99558db7950ef68917 bf07d54b6d0f8854f30c10c9934e1ca5a6264e10 cdc2671311b913a4819f045db1c0ba286297d4018436ade8c70297da742390e5 Loading...

	www.ahmedabadcitytales.com/	136 B	2024-04-25	2024-05-01
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-05-01 04:34:00 Times Seen2 Hash 43f1602cb98704ad020861b1dc50f5ae cbc9605d3857fce5faf9c3f7762a6379a8832258 d336014f9785dd984b7d5ea49b29212acb4ec12c49f1aeddee34077a558e4021 Loading...

	www.ahmedabadcitytales.com/	953 B	2024-01-04	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 11:49:58 Last Seen2024-05-03 19:48:23 Times Seen115 Hash b71c87d2a0f1cff364199e3b806c9f88 ac6c1f82084e7d56faabe25f7285f69580f2bad8 4cba90ab03982f0f3fcf5749c424ee5ea3d3307ac3deadbd20aa7ac311a40ab6 Loading...

	www.ahmedabadcitytales.com/	441 B	2023-03-07	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-05-03 19:48:23 Times Seen889 Hash 23ca0b3a0fde2fc9a555587728c5957c 7f0efa6919fb0217494430cb6bf1d363de29cb22 bf6041d623e98d8ce3224e766a2c61ac436ddefaab7f3363096553c1eb553114 Loading...

	www.ahmedabadcitytales.com/	1.5 kB	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash 22849ca59bc0f183eb99a435a33074ba f331792d5a37977bb8d2985e8982675ab6764890 81954330dc4eeec2aea7e10eb1133ff0c3aee47dbba926f3f9ebd755333aed4f Loading...

	www.ahmedabadcitytales.com/	716 B	2024-04-25	2024-04-25
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 05:32:29 Last Seen2024-04-25 05:32:29 Times Seen1 Hash 70865d90bbc86728272daf843f9f7fc4 7f0296d11b233393db97dd4436eccffa428efaba e4aaa713a34d7b2ad0c2f1cc04c9aa5bbb71df7423ea38e5165b503280c79f38 Loading...

	www.ahmedabadcitytales.com/	792 B	2023-03-07	2024-05-03
Pretty URL www.ahmedabadcitytales.com/ IP 91.215.85.65 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:43 Last Seen2024-05-03 19:48:23 Times Seen470 Hash 428e7e32cb2aa31b23ff61053c640eaa 60571b5600bbc843e699117baabaa1a713eb6fec 79de8aae5d5cedc30ab538730eab164f13563253e9340c03b04a50d7624ac2dc Loading...

HTTP Transactions (51)

URL IP Response Size

www.ahmedabadcitytales.com/

91.215.85.65

200 OK

28 kB

URL User Request GET HTTP/1.1
www.ahmedabadcitytales.com/
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (16833)
Size
28 kB (27554 bytes)
Hash
6701e1e547dca398dfc1ce81aff80fb4
5f11482985e653f4b29de9d5f81ab2fa230e1d65
9697e4a2e7d2876ff689a94ccca703ffee823698403fe7e2ba89263d5bc9a5fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/webfont.js.nedladdning

91.215.85.65

200 OK

4.9 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/webfont.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12282), with no line terminators
Size
4.9 kB (4903 bytes)
Hash
f4c9ec478b9cff0933ebf1acf9efd1db
5a3718f1bfe79a237a33716fdf266bb920f92e1a
738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/webfont.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: application/javascript
Content-Length: 4903
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "300e-616b3be1f99f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

thegcatcom.files.wordpress.com/2018/01/logo_big.png?w=284

192.0.72.21

200 OK

23 kB

URL GET HTTP/2
thegcatcom.files.wordpress.com/2018/01/logo_big.png?w=284
IP
192.0.72.21:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.files.wordpress.com
FingerprintC0:8D:DA:1D:78:59:02:AA:18:87:8A:02:6C:67:24:E4:30:8F:C4:97
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
23 kB (22814 bytes)
Hash
427e5cc8de1f8b3183ccec0829b77829
cc9b400a81271fed2f2d0a1aa0d32297c9a4a46c
c3c5b7972591539ca62051fa928736cc38873b5c30fe2735d993f204e0eb4e12

HTTP Headers

GET /2018/01/logo_big.png?w=284 HTTP/1.1
Host: thegcatcom.files.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: image/webp
content-length: 22814
last-modified: Mon, 08 Jan 2018 09:50:29 GMT
expires: Mon, 06 May 2024 03:16:40 GMT
x-orig-src: 0_imageresize
access-control-allow-credentials: true
access-control-allow-origin: https://thegcatcom.wordpress.com
vary: Accept, Origin
x-nc: HIT arn 21 np
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=50

192.0.72.21

200 OK

2.0 kB

URL GET HTTP/2
thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=50
IP
192.0.72.21:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.files.wordpress.com
FingerprintC0:8D:DA:1D:78:59:02:AA:18:87:8A:02:6C:67:24:E4:30:8F:C4:97
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (2004 bytes)
Hash
11ceeed029d107f379afaf7837b49ddb
43f694dae3691e4dad39fefb0158b9c50877befd
527c7d4fd430e2cb03e018be93a86178d7a3bc2431f666434bd6aeded0fee6d4

HTTP Headers

GET /2018/01/cropped-logo_big.png?w=50 HTTP/1.1
Host: thegcatcom.files.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: image/webp
content-length: 2004
last-modified: Sun, 02 May 2021 05:04:33 GMT
expires: Sat, 04 May 2024 05:38:28 GMT
x-orig-src: 0_imageresize
access-control-allow-credentials: true
access-control-allow-origin: https://thegcatcom.wordpress.com
vary: Accept, Origin
x-nc: HIT arn 21 np
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

www.ahmedabadcitytales.com/index2_files/infinity.css

91.215.85.65

200 OK

4.3 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/infinity.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (4277), with no line terminators
Size
4.3 kB (4277 bytes)
Hash
fa9d4a076eba17147bb14e529c2106e7
5d9917f23900c2d72e4eb7ee02d3d86437a73b3a
f037f98a71bb59b4aec4e4f54d3915489a84376c82d0c95e61c3e0cb60b61785

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/infinity.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 4277
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-10b5"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/saved_resource(2)

91.215.85.65

200 OK

369 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(2)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (369), with no line terminators
Size
369 B (369 bytes)
Hash
70cd7908a2cc98d079d8e6d79484e95d
0f08cf1458ebf5bd79439de9a82df7c30d98287d
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(2) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 369
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "171-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/font-awesome.css

91.215.85.65

200 OK

17 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/font-awesome.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
Unicode text, UTF-8 text, with very long lines (16111)
Size
17 kB (17015 bytes)
Hash
6fcd4cc0e93767f3b45706cdbc25c978
4ac171954190c1b4b98aee912efe11b2ac42604c
5b291afd5dd7960f7198eac31fdcd74feb6673db69a83bfe04b1cb843e35c1dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/font-awesome.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 17015
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-4277"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/saved_resource(1)

91.215.85.65

200 OK

148 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(1)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
148 kB (147730 bytes)
Hash
cb52e320a8adc3eefb6759706d5d040a
c9566aa0279d61f43c6e58cc6656180bd9e03048
96fac161fd617b6d46287d9c912fc18ea72b3ab9807eafb076e04c81a8082a6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(1) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 147730
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "24112-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/saved_resource

91.215.85.65

200 OK

16 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (15521), with no line terminators
Size
16 kB (15521 bytes)
Hash
7bf3efd430a9a0592c41552968d38ff7
2e85ea74dc08dfabb4855e4a087535a335b442f2
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 15521
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "3ca1-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/saved_resource(3)

91.215.85.65

200 OK

31 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(3)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (30606), with no line terminators
Size
31 kB (30606 bytes)
Hash
994849e8ecd4f4397d2cbb73a4235957
dda14cdd14262a1f481a7ceff622451aa245891e
575fb4c8447b9129788e3058520ed2bac370b4a9624aca002539d76bc3b82963

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(3) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 30606
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "778e-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/global.css

91.215.85.65

200 OK

311 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/global.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (311), with no line terminators
Size
311 B (311 bytes)
Hash
d29c41f4a6c13f38c2bdeb009c5dcf09
3f3db604bacf02b91aaa59cf223990b727600045
947d703f577549cbb0b1a4143f3b363ec9c7cf309587d5b12b87f0e64ff99db4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/global.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 311
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-137"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

fonts.wp.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/2
fonts.wp.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19740, version 1.0
Size
20 kB (19740 bytes)
Hash
101cf2a65d64322878605fa8472bb025
6dffc15e38c321e4bb567b4bd8107a2e8d97c61d
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8

HTTP Headers

GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://fonts-api.wp.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: font/woff2
content-length: 19740
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 426473
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.wp.com/s/merriweather/v30/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf4jvw.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/2
fonts.wp.com/s/merriweather/v30/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf4jvw.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19900, version 1.0
Size
20 kB (19900 bytes)
Hash
bac4e4fc860f0a92beb62a776048f7c0
26eb7089b1050997d371be35946a12ae0cc7218f
3642df12f0d930d5846a96652080908eb2f383b602a95cf80d1e6227e66e1c46

HTTP Headers

GET /s/merriweather/v30/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf4jvw.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://fonts-api.wp.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: font/woff2
content-length: 19900
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 427520
last-modified: Tue, 26 Apr 2022 15:46:01 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.wp.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/2
fonts.wp.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20028, version 1.0
Size
20 kB (20028 bytes)
Hash
2bfde17b9a1384ce64af78db1b87a82f
8effd23e482511e249c3f8e91cdc503729b93598
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087

HTTP Headers

GET /s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://fonts-api.wp.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: font/woff2
content-length: 20028
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 427097
last-modified: Tue, 26 Apr 2022 16:41:08 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.wp.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/3
fonts.wp.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19780, version 1.0
Size
20 kB (19780 bytes)
Hash
03717344e4dbb2de44988b281bb7430b
0cd3f7724bd0a5bf2460e1a85e35ccfbd5e85c05
499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4

HTTP Headers

GET /s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://fonts-api.wp.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: font/woff2
content-length: 19780
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 426605
last-modified: Tue, 26 Apr 2022 15:48:58 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

www.ahmedabadcitytales.com/index2_files/css

91.215.85.65

200 OK

17 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text
Size
17 kB (16574 bytes)
Hash
337780f3c6b46b7654db0de67f82db72
57a9b7d6dce1cc7c379b37d729259264c2c52c2d
82b632755763bdc1667886e896863661ea973a3d154a4059b9b2340718d5465d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 16574
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "40be-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/style.css

91.215.85.65

200 OK

113 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/style.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
113 kB (113081 bytes)
Hash
b1d1b9d65fab1727aab6509599cc5f19
62c7f7fec8dbd6399943cfb8a383f5fe534bc118
4417b5543eda6c561ebe23f9a4f7521003bdbf58743b5ce4d201848636414fb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/style.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 113081
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-1b9b9"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/css(1)

91.215.85.65

200 OK

7.0 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/css(1)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text
Size
7.0 kB (6986 bytes)
Hash
219972ad79eb21a5b2579c80fb2a9c31
25e004ba9e75a64471d0989a205c8121891e71d5
1b054f85dc47e23e490e6612c4af3dfbe4bcd3436ed72f2b210befab1719127b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/css(1) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 6986
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "1b4a-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/wp-emoji-release.min.js.nedladdning

91.215.85.65

200 OK

5.1 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/wp-emoji-release.min.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
5.1 kB (5062 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/wp-emoji-release.min.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: application/javascript
Content-Length: 5062
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "4926-616b3be1f99f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/hovercards.min.css

91.215.85.65

200 OK

3.6 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/hovercards.min.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (3330)
Size
3.6 kB (3613 bytes)
Hash
ad7fac739d3ad465e69e52c989d6746e
d929f5ecff97ea24556cbda6c539e4a1bf784ab1
4845f9cdb0fbf13f3cf2fbb844bd4152071e338703f737c988051b154529d201

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/hovercards.min.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 3613
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-e1d"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/actionbar.css

91.215.85.65

200 OK

16 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/actionbar.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
Unicode text, UTF-8 text, with very long lines (15502), with no line terminators
Size
16 kB (15504 bytes)
Hash
529e6a6014b4f3e655d1237f5061b157
6dec17ca6212584fe4e9e3413d98aa109851de34
c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/actionbar.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 15504
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-3c90"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/block-editor.css

91.215.85.65

200 OK

336 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/block-editor.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
336 kB (335465 bytes)
Hash
1ffd93e4c29d17168edab0317df9e16b
c6c36c0c5df230ec44ce63ae1063f41e2a0ffc80
ef06ea2f8c619ca5e16fb552f0a7beba09b89dfdb671b2c5f16b4347af8a658c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/block-editor.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: text/css
Content-Length: 335465
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-51e69"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/hovercards.min.js.nedladdning

91.215.85.65

200 OK

4.7 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/hovercards.min.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (13065), with no line terminators
Size
4.7 kB (4674 bytes)
Hash
42e1c5cd9eeafe8d5f7960ebc0b5e009
8ef61d3f16881a010e0f431b63013d0c7dcc954f
4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/hovercards.min.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: application/javascript
Content-Length: 4674
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "3309-616b3be1f99f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/saved_resource(4)

91.215.85.65

200 OK

131 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(4)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (46140)
Size
131 kB (130567 bytes)
Hash
4e64bece4cc6d87182286d47c0ac0f52
1a187ce7282d25855fcd84a2d607db95990618ab
c1eb8436057a2eb6fa5344a23a9811fcd63a65bb7a5055cb6036072c3f034ab2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(4) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 130567
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "1fe07-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/wpgroho.js.nedladdning

91.215.85.65

200 OK

389 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/wpgroho.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (655), with no line terminators
Size
389 B (389 bytes)
Hash
5048b7bf6f335c259cae5d653d50726e
96f45044f726eef7c8e7c7f21f6368bf23a2b3f0
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/wpgroho.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Type: application/javascript
Content-Length: 389
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "28f-616b3be1f99f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/saved_resource(6)

91.215.85.65

200 OK

101 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(6)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33922)
Size
101 kB (101379 bytes)
Hash
a9b5160ab90f885fe668b9b07d14d09f
5663a19b8b5381bf1aed6425db9be05faec63c8b
491150c7f3d3a911085477d6b7c9a77e88e1a0ee0efa343ae9b8f9a79b538069

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(6) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Length: 101379
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "18c03-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/saved_resource(5)

91.215.85.65

200 OK

34 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/saved_resource(5)
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (33877), with no line terminators
Size
34 kB (33877 bytes)
Hash
c20dfc43185f5c84e68d08851c30b83d
ae44509ec88624b47d59404e99b1cc1e97508aaa
45715a58f477840e10d7fefd4b8b58a99451e429f4711fd75820a972d2503aa0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/saved_resource(5) HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:55 GMT
Content-Length: 33877
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "8455-616b3be1f99f6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/w.js.nedladdning

91.215.85.65

200 OK

4.9 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/w.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (12788), with no line terminators
Size
4.9 kB (4855 bytes)
Hash
ef880be61458e4e89c9cb9d99d2d300e
c7740f6524cfab6084682b1ce320b2e5e9c4d4cc
79674b01741c3978417b6b9b4b98d125755e7bb468979d5cd593eac4b94cdb91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/w.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: application/javascript
Content-Length: 4855
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "31f4-616b3be1f99f6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

www.ahmedabadcitytales.com/index2_files/actionbar.js.nedladdning

91.215.85.65

200 OK

2.6 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/actionbar.js.nedladdning
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (8426), with no line terminators
Size
2.6 kB (2583 bytes)
Hash
f466cb6b256973317c2315741fad9f49
ea2c62047a1697c19b06be23871ca839849cb8a3
a6dc271cbdaa05e97c5144483628df9e30b68326e5b04a5fef3322af1c0f22e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/actionbar.js.nedladdning HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: application/javascript
Content-Length: 2583
Connection: keep-alive
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
ETag: "20ea-616b3be1f8a56-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

fonts.wp.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/2
fonts.wp.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20028, version 1.0
Size
20 kB (20028 bytes)
Hash
2bfde17b9a1384ce64af78db1b87a82f
8effd23e482511e249c3f8e91cdc503729b93598
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087

HTTP Headers

GET /s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: font/woff2
content-length: 20028
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 427097
last-modified: Tue, 26 Apr 2022 16:41:08 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.wp.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/2
fonts.wp.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19740, version 1.0
Size
20 kB (19740 bytes)
Hash
101cf2a65d64322878605fa8472bb025
6dffc15e38c321e4bb567b4bd8107a2e8d97c61d
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8

HTTP Headers

GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: font/woff2
content-length: 19740
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 426473
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.wp.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2

192.0.77.32

200 OK

48 kB

URL GET HTTP/2
fonts.wp.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48208, version 1.0
Size
48 kB (48208 bytes)
Hash
c49b7c3643f781d71645c5a40a78b5bf
e71138026b38afc443fb60da5ffc2244c4f5eb11
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808

HTTP Headers

GET /s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: font/woff2
content-length: 48208
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:24:45 GMT
age: 15661
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 1
accept-ranges: bytes
X-Firefox-Spdy: h2

www.ahmedabadcitytales.com/index2_files/1f989.svg

91.215.85.65

200 OK

2.7 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/1f989.svg
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2729 bytes)
Hash
59e611bd4994d2978d695df90db540c4
f492bd38ae37faf7292d7630ff8854e832274df2
9305c70ce193140e274162fd3237143ffa5fcaeedf15ce573291f076ddecc508

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/1f989.svg HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: image/svg+xml
Content-Length: 2729
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-aa9"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/index2_files/g.gif

91.215.85.65

200 OK

50 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/g.gif
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
GIF image data, version 89a, 6 x 5
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/g.gif HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: image/gif
Content-Length: 50
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-32"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

fonts.wp.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

192.0.77.32

200 OK

20 kB

URL GET HTTP/3
fonts.wp.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19780, version 1.0
Size
20 kB (19780 bytes)
Hash
03717344e4dbb2de44988b281bb7430b
0cd3f7724bd0a5bf2460e1a85e35ccfbd5e85c05
499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4

HTTP Headers

GET /s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2 HTTP/1.1
Host: fonts.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahmedabadcitytales.com
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: font/woff2
content-length: 19780
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 426660
last-modified: Tue, 26 Apr 2022 15:48:58 GMT
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 2
accept-ranges: bytes

www.ahmedabadcitytales.com/fonts/fontawesome-webfont.woff?v=4.0.3

91.215.85.65

404 Not Found

288 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/fonts/fontawesome-webfont.woff?v=4.0.3
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
HTML document, ASCII text
Size
288 B (288 bytes)
Hash
7c945e866803ed190269215ea1374daf
45e1befdbd6953907bd985503b90d9a8b93c8539
a8db7150aefdb8a4976548ac93c84200df44591395317f98bead11b6a08b4898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/index2_files/font-awesome.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

www.ahmedabadcitytales.com/index2_files/global-print.css

91.215.85.65

200 OK

5.2 kB

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/global-print.css
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
ASCII text, with very long lines (5168), with no line terminators
Size
5.2 kB (5168 bytes)
Hash
355b6ff3d66ae498b3c1ffcf5372b467
26a83eedfe07c5b13efb596b8f3ab06b76e1a729
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/global-print.css HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: text/css
Content-Length: 5168
Last-Modified: Mon, 22 Apr 2024 18:38:24 GMT
Connection: keep-alive
ETag: "6626aea0-1430"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

www.ahmedabadcitytales.com/fonts/fontawesome-webfont.ttf?v=4.0.3

91.215.85.65

404 Not Found

288 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/fonts/fontawesome-webfont.ttf?v=4.0.3
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
HTML document, ASCII text
Size
288 B (288 bytes)
Hash
7c945e866803ed190269215ea1374daf
45e1befdbd6953907bd985503b90d9a8b93c8539
a8db7150aefdb8a4976548ac93c84200df44591395317f98bead11b6a08b4898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome-webfont.ttf?v=4.0.3 HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/index2_files/font-awesome.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

www.ahmedabadcitytales.com/index2_files/remote-login.html

91.215.85.65

200 OK

312 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/remote-login.html
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
HTML document, ASCII text
Size
312 B (312 bytes)
Hash
ece1c929624a30866b73cf7019d98c1c
e5d4af67932645a4da19b8b8412b6e7b1e136b34
38bf36d56814c8740c6bfbd0853ad1daf685242886194b333069c73f6d593d0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/remote-login.html HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:31:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

pixel.wp.com/g.gif?blog=140893476&v=wpcom&tz=0&user_id=0&subd=thegcatcom&host=www.ahmedabadcitytales.com&ref=&rand=0.9640205129248234

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?blog=140893476&v=wpcom&tz=0&user_id=0&subd=thegcatcom&host=www.ahmedabadcitytales.com&ref=&rand=0.9640205129248234
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?blog=140893476&v=wpcom&tz=0&user_id=0&subd=thegcatcom&host=www.ahmedabadcitytales.com&ref=&rand=0.9640205129248234 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD98W28%2FaDF4Mkl8YjZVeHhafGQyLjMsZC9sdUp6RFQsU0Voei9yJm5vQlVObW5hL3BmS2xGdU8tS1U4Nk55ZnE2PUdiT05KLz1wdVtsNGdfOSZmXy8wUDZGMyZLNlZ1Ny9OJltjfGZkWmFFLGlTSE9kdnFVdGJ3QXhpPy9wWCZ3ZTFxa1dCcGtjYn5Zc3VGMz9WVFdCYmpNNVgsbnkxSnR1JlddZCU%3D&v=wpcom-no-pv&rand=0.9733754739031109

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD98W28%2FaDF4Mkl8YjZVeHhafGQyLjMsZC9sdUp6RFQsU0Voei9yJm5vQlVObW5hL3BmS2xGdU8tS1U4Nk55ZnE2PUdiT05KLz1wdVtsNGdfOSZmXy8wUDZGMyZLNlZ1Ny9OJltjfGZkWmFFLGlTSE9kdnFVdGJ3QXhpPy9wWCZ3ZTFxa1dCcGtjYn5Zc3VGMz9WVFdCYmpNNVgsbnkxSnR1JlddZCU%3D&v=wpcom-no-pv&rand=0.9733754739031109
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD98W28%2FaDF4Mkl8YjZVeHhafGQyLjMsZC9sdUp6RFQsU0Voei9yJm5vQlVObW5hL3BmS2xGdU8tS1U4Nk55ZnE2PUdiT05KLz1wdVtsNGdfOSZmXy8wUDZGMyZLNlZ1Ny9OJltjfGZkWmFFLGlTSE9kdnFVdGJ3QXhpPy9wWCZ3ZTFxa1dCcGtjYn5Zc3VGMz9WVFdCYmpNNVgsbnkxSnR1JlddZCU%3D&v=wpcom-no-pv&rand=0.9733754739031109 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.3143556947428011

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.3143556947428011
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.3143556947428011 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=192

192.0.72.21

200 OK

13 kB

URL GET HTTP/3
thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=192
IP
192.0.72.21:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.files.wordpress.com
FingerprintC0:8D:DA:1D:78:59:02:AA:18:87:8A:02:6C:67:24:E4:30:8F:C4:97
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
13 kB (12820 bytes)
Hash
eb9046c4939b06c0da358aa0ba8c2ed5
1e1dfdeab65dc0bbd92147dbbdb54cca68a5e5dd
03de43d0cf09666b3f95d06dfd62a07b98a58eced3168cb481e4128ece2641ff

HTTP Headers

GET /2018/01/cropped-logo_big.png?w=192 HTTP/1.1
Host: thegcatcom.files.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: image/webp
content-length: 12820
last-modified: Sun, 02 May 2021 05:04:33 GMT
expires: Tue, 14 May 2024 10:38:58 GMT
a8c-edge-cache: cache
x-orig-src: 0_imageresize
access-control-allow-credentials: true
access-control-allow-origin: https://thegcatcom.wordpress.com
vary: Accept, Origin
x-nc: HIT arn 21 np
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891

192.0.77.32

200 OK

6.0 kB

URL GET HTTP/3
s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
6.0 kB (6002 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891 HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: application/javascript
last-modified: Wed, 13 Mar 2024 12:48:59 GMT
vary: Accept-Encoding
etag: W/"65f1a0bb-4926"
content-encoding: br
expires: Fri, 28 Mar 2025 15:24:12 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 2

www.ahmedabadcitytales.com/index2_files/remote-login.html

91.215.85.65

200 OK

312 B

URL GET HTTP/1.1
www.ahmedabadcitytales.com/index2_files/remote-login.html
IP
91.215.85.65:443
ASN
#200593 Prospero Ooo

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerLet's Encrypt
Subjectahmedabadcitytales.com
FingerprintDD:2E:D9:54:0E:22:40:AA:5A:DE:8C:59:15:C2:E3:03:11:8E:46:62
ValidityFri, 12 Apr 2024 06:38:15 GMT - Thu, 11 Jul 2024 06:38:14 GMT

File type
HTML document, ASCII text
Size
312 B (312 bytes)
Hash
ece1c929624a30866b73cf7019d98c1c
e5d4af67932645a4da19b8b8412b6e7b1e136b34
38bf36d56814c8740c6bfbd0853ad1daf685242886194b333069c73f6d593d0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2_files/remote-login.html HTTP/1.1
Host: www.ahmedabadcitytales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 25 Apr 2024 03:32:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

fonts-api.wp.com/css?family=Merriweather:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

192.0.77.32

200 OK

7.0 kB

URL GET HTTP/2
fonts-api.wp.com/css?family=Merriweather:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7146), with no line terminators
Size
7.0 kB (6986 bytes)
Hash
80eb994f284b6e5367968905cf2c8d86
6e5a7885ea19d5c27d14abadcbe3542df726965d
6a25e43a96a0aaa47d74d3aa5363d1a227a000a714b2f7ebb06c26556a92d79f

HTTP Headers

GET /css?family=Merriweather:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext HTTP/1.1
Host: fonts-api.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
vary: Accept-Encoding, Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-nc: BYPASS arn 2
content-encoding: gzip
X-Firefox-Spdy: h2

s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

192.0.77.32

200 OK

12 kB

URL GET HTTP/2
s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type

Size
12 kB (12302 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/custom-fonts/js/webfont.js HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:55 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/12493-1684461148596.7102
content-encoding: br
expires: Wed, 29 May 2024 20:23:53 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 2
X-Firefox-Spdy: h2

r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly90aGVnLWNhdC5jb20%3D&wpcomid=140893476&time=1712566756

192.0.78.18

200 OK

131 B

URL GET HTTP/2
r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly90aGVnLWNhdC5jb20%3D&wpcomid=140893476&time=1712566756
IP
192.0.78.18:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wordpress.com
FingerprintC1:48:1A:12:55:09:A2:A4:81:3F:8F:A4:23:9C:B3:41:78:C0:B6:52
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
6dfe15ce9571ca218e6cc0b9a67be172
09da3fce6f1b364ba13b10eb4300736a52645f0f
c0503d07007316479c4f2ade0131899b9fd37fae1e327a1560c34bf387ab18dd

HTTP Headers

GET /remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly90aGVnLWNhdC5jb20%3D&wpcomid=140893476&time=1712566756 HTTP/1.1
Host: r-login.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Cookie
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
x-ac: 2.arn _dfw MISS
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=32

192.0.72.21

200 OK

1.1 kB

URL GET HTTP/3
thegcatcom.files.wordpress.com/2018/01/cropped-logo_big.png?w=32
IP
192.0.72.21:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.files.wordpress.com
FingerprintC0:8D:DA:1D:78:59:02:AA:18:87:8A:02:6C:67:24:E4:30:8F:C4:97
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1058 bytes)
Hash
4a6de1ce1fe0549fd7182fa655fd7dd6
1da43d55cbcc46e4ee05b0f18f5b2f54673f0f4a
5c1530f220027369cadf7978be553cedc42a134bae8ff829359e1af91b21f0a6

HTTP Headers

GET /2018/01/cropped-logo_big.png?w=32 HTTP/1.1
Host: thegcatcom.files.wordpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: image/webp
content-length: 1058
last-modified: Sun, 02 May 2021 05:04:33 GMT
expires: Sat, 04 May 2024 17:01:53 GMT
x-orig-src: 0_imageresize
access-control-allow-credentials: true
access-control-allow-origin: https://thegcatcom.wordpress.com
vary: Accept, Origin
x-nc: HIT arn 21 np
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122

192.0.77.32

200 OK

8.4 kB

URL GET HTTP/3
s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8768), with no line terminators
Size
8.4 kB (8426 bytes)
Hash
13f5eaad864b86e556aa413bd411de48
e594a37fca4fe42447853b4a384aac2648f57936
f13d3fd96ae3e38a504113d203df8f310f2d527d992774fbca29d1e12d0ab969

HTTP Headers

GET /wp-content/mu-plugins/actionbar/actionbar.js?v=20231122 HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/15307-1700657605806.1843
content-encoding: br
expires: Thu, 21 Nov 2024 12:53:34 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 2

s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20240115

192.0.77.32

200 OK

16 kB

URL GET HTTP/3
s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20240115
IP
192.0.77.32:443
ASN
#2635 AUTOMATTIC

Requested by
https://www.ahmedabadcitytales.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type

Size
16 kB (15504 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/mu-plugins/actionbar/actionbar.css?v=20240115 HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ahmedabadcitytales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:31:56 GMT
content-type: text/css
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/18324-1705283922160.1887
content-encoding: br
expires: Tue, 14 Jan 2025 01:58:57 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT arn 2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML