49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
49.51.43.12 827 B URL 49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 49.51.43.12:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1681), with no line terminators
Hash b12c04bd0646e10c5dddfa1b4a2fce72
cb7f68d5bc6a8918ce3f2e13eae1ce4ae0de8108
163c6b06b986e028439332f5f189be7ba56a252a1f32858ce308804cd0904ff3
Analyzer Verdict Alert quad9 Sinkholed
GET /v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: 49.51.43.12
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: openresty
Date: Thu, 20 Apr 2023 04:02:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/images/errors/robot.png
216.58.207.228200 OK 6.3 kB URL GET HTTP/1.1 www.google.com/images/errors/robot.png
IP 216.58.207.228:80
Requested by http://49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
File type PNG image data, 171 x 213, 8-bit colormap, non-interlaced\012- data
Hash 4c9acf280b47cef7def3fc91a34c7ffe
c32bb847daf52117ab93b723d7c57d8b1e75d36b
5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7
GET /images/errors/robot.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://49.51.43.12/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 6327
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 20 Apr 2023 00:40:43 GMT
Expires: Fri, 19 Apr 2024 00:40:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
Content-Type: image/png
Age: 12092
www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
216.58.207.228200 OK 3.2 kB URL GET HTTP/1.1 www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
IP 216.58.207.228:80
Requested by http://49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
File type PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d73b3aa30bce9d8f166de5178ae4338
d0cbc46850d8ed54625a3b2b01a2c31f37977e75
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://49.51.43.12/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/png
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 3170
Date: Thu, 20 Apr 2023 04:02:15 GMT
Expires: Thu, 20 Apr 2023 04:02:15 GMT
Cache-Control: private, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
49.51.43.12/favicon.ico
49.51.43.12 180 B IP 49.51.43.12:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
Requested by http://49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash b9953cac5b06826ad2567613a6745706
cdb721c79751e21f27c704474b8708fe7fd585e5
2246f448645fc9bb378115c015ccfad2b61b7046ec2c86a1ceb4929057e49203
Analyzer Verdict Alert openphish Google Inc.
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 49.51.43.12
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 20 Apr 2023 04:02:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://www.google.com/favicon.ico
Strict-Transport-Security: max-age=31536000; includeSubDomains
Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
Content-Security-Policy: script-src 'nonce-wpv9wuXJbDidlICcLAkAQw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 6ed663834426f0f7936d696aea93bb0f
437e53d625099a838728b3dcef3b1dcd2647bd99
abe8ff563b98428a328ebe3f071bfc45969990fb8eede03aa17b395fd2db03cf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 04:02:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/favicon.ico
216.58.207.228 1.5 kB URL GET www.google.com/favicon.ico
IP 216.58.207.228:0
Requested by http://49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint3E:43:00:13:2A:5D:12:97:9E:3A:1C:62:F3:7E:D1:C4:FB:DB:B7:73
ValidityTue, 28 Mar 2023 16:54:58 GMT - Tue, 20 Jun 2023 16:54:57 GMT
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 3c7dcf00b5ddece397782818b2cf9d74
fbf7d59857a3ca4d6c94f0819b58a191d76e7db2
08d60d0844bc4457bc7badb32545ad3a3d037d941c8d5f7d0de6aad1517b15a5
GET /favicon.ico HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://49.51.43.12/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1494
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Apr 2023 23:58:16 GMT
expires: Thu, 27 Apr 2023 23:58:16 GMT
cache-control: public, max-age=691200
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
age: 14639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8dbc87c4101cd8eb0577f41552161629
171e9b9ea26fccac9097475dcedad685e57ea949
72df8175e1db39e3e042d55d7f4d6d79165ca2ebad79c8306293adebf4b48d17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 20 Apr 2023 04:02:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
49.51.43.12400 Bad Request 1.7 kB URL User Request GET HTTP/1.1 49.51.43.12/v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 49.51.43.12:80
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1689), with no line terminators
Hash aa9448b83f51d60038836fa3c2abe00e
dc9f69e43a5ed5155ed47de73ac06c4011503465
abd0070e55d052b8921f90480de90b525eb8b3da34f0d8f1ed0712fe68e51917
Analyzer Verdict Alert quad9 Sinkholed
GET /v3/signin/identifier?dsh=S-217341698:1681960048790823&continue=accounts.google.com/&followup=https://accounts.google.com&ifkv=AQMjQ7RBgqObkmdsNrBOH3JEfcbE3uTOMu47_HQGULI10JYrV89wlUIhfKOeY3eOCBKGXcjEEhsLMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: 49.51.43.12
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Server: openresty
Date: Thu, 20 Apr 2023 04:02:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000