| maps.google.com/maps/api/js?sensor=false&ver=4.9.25 |  142.250.74.46 | 200 OK | 68 kB |
URL GET HTTP/2maps.google.com/maps/api/js?sensor=false&ver=4.9.25 IP142.250.74.46:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text, with very long lines (10219) Hash8cf124a82606b3dfcbf0ec4617cc979c d14182f1f0f1569390c218bd31965884f0d943a7 fb9f57d04af14040c968b7ea33d74d02f1f670c31b8e5abb2ae86d6c90902189
GET /maps/api/js?sensor=false&ver=4.9.25 HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 02 May 2024 13:57:27 GMT
server: scaffolding on HTTPServer2
content-length: 68217
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-MNTLWGD | 142.250.74.168 | 200 OK | 95 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-MNTLWGD IP142.250.74.168:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (2821) Hash405126b4c6b0b85542d0f5ce15eddccc 785ffbcfcf4e5d596bdfdbca15c7eb6d394ba42a 224673ee3a2d769739167a2694a35cf8e10d1ca3ae88c1af9e0976427aea0051
GET /gtm.js?id=GTM-MNTLWGD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 13:57:27 GMT
expires: Thu, 02 May 2024 13:57:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 May 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 95208
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 |  107.175.35.20 | 200 OK | 3.9 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (3704) Hashe6784d91bf2c668bc4093063c5b15113 687e1d2e957a821280dbd205ae66182f16dfdc30 194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 3929
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FptN7ntGjfBI76gO9qpMtplZowYE79mLoo6TeGfAO7Nn1abd3ViXphLhMKNIEeNzVDttegJ66CTKYtzm86RkI9GvF9ZPsRjwinJc665nM%2Byb5%2F3Q67V3Ei%2B7wPVqwo%2FdrZ7kF%2BJ%2F5QTpqqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88542f85d4bd8-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 | 107.175.35.20 | 200 OK | 3.1 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (2927) Hash412416b5df69805b1e084e50d4283c2f b8c47463c0793854638a8981cfad35503f393297 7e8d54d6c6a4ebd0237786d41ff5d205096eda696f2a5b591e074fe94ba3b3af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 3142
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HfIYiBDdX3gBBaQQII3gEK%2F30kkEAY7aRXjK5bpau736SwrMHLrk%2F9p22dq58BhCw3avkPaxAAnvirHLb0XRJo%2BdXVdeII%2B1YXpS%2FU178bg308nTifxI8ye%2B74fP8XHsmPPZER05z%2FQFPfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88542fd2c4bd3-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4 | 107.175.35.20 | 200 OK | 11 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (10694) Hashfed3d046b5386c8ff27b6f32c6dcf826 b4379dce076339632f8406caa4a903d01d92329c 07e17947022b51db57045acdbb0afac576e02b19eaa323190a395e127db45dc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 10911
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CCUTcO2MrYWR8EE1D%2BAtm4VKWgsG7QS53tHeKgxEeVy9aYxJLomBB8hLMjw%2B%2Flw2ev2fsT23aUrTwTo10U4RW%2B4zA6JcKwF8yaiPdNUfmG8Rfkuw6Z99JEZqk5yNKP1HSR3Q2sLr70pDKbA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88542f8024bcf-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/wp-embed.min.js?ver=4.9.25 | 107.175.35.20 | 200 OK | 1.4 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/wp-embed.min.js?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (1443), with no line terminators Hash43928880ff5ebadcd513755b011732cd d0fdb17db490123ed700c2caa5d2d764794cb6d5 37c5f58f12814dd0ecc28f15b7765c6bcd31a9479d330b4ef896e140bf89dc38
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/wp-embed.min.js?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 1443
last-modified: Wed, 17 May 2023 02:22:23 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kw0t5BIP3alubOPK3G7oH%2B1V%2FO45j6CkcQyZ0%2FOoZ8emPYzjnAM9viYiaK7S4hXrSJr8vFH8JTGp48iT3N5IRf%2FYoNZLzuZxnH%2FneGhSTWDQX1EKt20wCxo7CRH%2FBQSFuNX0PtXWc%2BL7%2FT0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885438a634bc6-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif | 107.175.35.20 | 200 OK | 42 B |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
x-cache-info: cached
cache-control: max-age=14400
cf-cache-status: HIT
age: 18
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnVKqlkyrV4vIX%2B7bsAkjJs1rl7JNWyY%2BeQDbkcvOEdUQJxXO9Nfk2tdOLvOn%2B8Av9OBOZPoY1cfhATJN2NfYXlwIlixQ9oLYHCetm2qzQ9cLgLOzbq3SenX3hvevjqm1mIC6AhKqMq89QU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543889d4bbb-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/comment-reply.min.js?ver=4.9.25 | 107.175.35.20 | 200 OK | 1.1 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/comment-reply.min.js?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeASCII text, with very long lines (1076), with no line terminators Hash9ef21a469fc37e845d6303fcfea70897 a86ec94ec7bee9227bcdf8d6374cabe82ae43e49 6b2e2d56e7b0e80d919bc65dd94f8cd95e57ad9298fc4fecc005301ea8339c9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/comment-reply.min.js?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 1076
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KTXzS%2BEfFIWRQUokx78XBlydpY2NxfuZvop1AlK%2FoJJUeoxTYjOijG%2BMvKkuTGh1aRGtBFNpGz3Rtb8BPN8P0Qry49IIeohXnkbh3fsLx0nYWRS2FLfbEHxoPDEWm8PyevB%2FgJxY%2B7aVCFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885438e6b4bc3-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-3KVDT0R2ZZ&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 103 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-3KVDT0R2ZZ&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (7711) Size103 kB (103377 bytes) Hash4b01663f700f5c7946f418bed12ec966 ca1bacdc8764905ed27723139fe0227b49e2ae67 675d0fcaef6911c26bc5879ac323dcf9426d477846ba8a1aab2350a2c216f774
GET /gtag/js?id=G-3KVDT0R2ZZ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 13:57:28 GMT
expires: Thu, 02 May 2024 13:57:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 103377
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/jquery.js?ver=1.12.4 | 107.175.35.20 | 200 OK | 97 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/jquery.js?ver=1.12.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (31997) Hashdc5ba5044fccc0297be7b262ce669a7c f137ff98ae379e35b0702967d3b6866a0a40e3be cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 96874
last-modified: Thu, 05 Sep 2019 02:40:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 18
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16hUSx2JjnIcGJViVOM3veOk85Gq1VkFoijRZHHGjOdMcKV9q%2FLIOydDDr8X9t%2FHQF472Qd1pgqtag%2B90GkGAO552O1G9bU%2BVVGbr0xP3A7e8Rq80cWKKSda6MEAVuvosQR%2BkWw6p2YlzQI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d8854399094bcd-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=4.9.25 | 107.175.35.20 | 200 OK | 311 B |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
Hashd4a56d3242663a4b372dc090375e8136 7815fa6a775fd92a2399a791aaa50146d9d3aabf d982c4fff78c63ed84481eb36845e3b9e2753bfe996a3ba45835f75c6af1dc55
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: text/css
content-length: 311
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 18
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZUTY5OTHsZu5nmZ4vDMAW1p7NAzulOITBKtlUErFnDmrPWh1dif1cADybQFboPWUcBZx%2BmuCEH7%2Fo0oW3bV%2FhnOkZv9wNK45m04iMOac1ix%2BCcus7W1t3kPYMq92FjgOVN1rbj04HD%2F9Y8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543990b4bcd-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0 | 107.175.35.20 | 200 OK | 74 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1114) Hashe944d882a39ed0396e71e89da83421d2 3c0166e5b67b227f726198efc72b79119322cc88 49addbb92fa8ee54e52fbab56ce7ab9163f6c60733bfdb8372f7ecf0bb72ad31
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: text/css
content-length: 73782
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 18
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiuIRnJRF5B7zzE47N6XAshXbrngvjy%2BfOcKBwILpMqAFJsU3aRNshWZ8Imt5O99TQD58P4fE5fhWMR2%2BOCkN2mS5SY7%2F8at7bdXNYhYeuAARztyMMHyCzncl8gAd8UKXCxP59x9KbWCfwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543990a4bcd-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 | 107.175.35.20 | 200 OK | 10 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (9959) Hash7121994eec5320fbe6586463bf9651c2 90532aff6d4121954254cdf04994d834f7ec169b 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 10056
last-modified: Fri, 22 Jun 2018 15:40:36 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxwMXW6MDwQdK2MCVPe%2B3s78UymvgZa7bczAPiwIiq8Yr23ucnU6U%2FEXlEsxX5J9ww2UgMrDB06guaEhHAtZUG9ccwwg6WUlZcP3AMs9Zq0M7zghtwWnwBFhZwDM%2BFP%2B0VovjpiackqeuJI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885434b48aab6-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/fancybox-for-wordpress/assets/css/fancybox.css?ver=1.3.4 | 107.175.35.20 | 200 OK | 19 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/fancybox-for-wordpress/assets/css/fancybox.css?ver=1.3.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
Hash592ead116e192a422e3e033ccad4f39d 400864dad5091d5e1bc38b94e9ae4121b7bf265a 8e6630390ef512b8785eac0eac76219d07d16c69f68760f0e3677e9b7348f1e3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/fancybox-for-wordpress/assets/css/fancybox.css?ver=1.3.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: text/css
content-length: 18738
last-modified: Thu, 06 Jan 2022 20:36:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MNx6vutXv8xlvSlcamH%2B5EQ27J8zMZlLR9kr%2FhPVLZQh1JCP0JcOkKXQutzZqUlAcJo%2FD%2FJerSN2LF23lsyPNCnhGYtYG3L62%2FC%2FlrtEtPt795vyHQOYus1uNCt2hMT%2FNQnKLCTnZ62SZ1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885433a87abe8-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.4.3 | 107.175.35.20 | 200 OK | 3.0 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.4.3 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (2976) Hash53e0fbdc5d79d07d6d955e523f8d2996 e830d0de78b481e31995d69bfda2e71f4cc1be56 2b3c6f1d3cea37b4d8cc609a141b421a88bcaf2f3646965f9f95f4d4a683c949
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.4.3 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 3015
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jepv1Z8J7SOAbcCGk9MGFLDaW%2BIBWCCEshACnCGwX%2FUrT%2BPoNc14yk4At50uN6qSYhZz5Go%2Bp8cgkGS9wlvtSZVQ6ENwShS4ibv5KaCBeICwLmEjuPN3ig77C%2BtlijDG9mVKbctXPCfIXSQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d8854398a34bbb-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/jquery-ui-timepicker.js?ver=4.9.25 | 107.175.35.20 | 200 OK | 84 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/jquery-ui-timepicker.js?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text Hashd7b3cb53357267a9b3b3eeb28958a733 010c0b6f73a2b50c9011d56f2de865bd6d0fd065 b0b84da11dcb8cbf5b91e6b4c64ee7f44d2c9209e23ad633f87919d4e4a426af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/js/jquery-ui-timepicker.js?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 83744
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 17
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdZqGyic5mtVpq%2FmK83kmQxCOsNKJmIXhbLCHAVawYgSzeEAOUn1Yn2lsB%2FWlFJY3NvLpqdXbLpyyHYw9O%2FmcvsO1Dxd9qdTXBCQri1OoBAt8H7Nhx2km0laiIgRJ%2BKu%2BoPXxf50CvT3piw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885439d984bd5-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 | 107.175.35.20 | 200 OK | 6.8 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (6608) Hash664c2622f0d31d62678f4830aabfe291 4e317239cbcadf241bf89340262542e6962ea69c 99ada7e01817367027759ac452a1dd11eca7557272b8940d659c07adb6bc8cbe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 6832
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=1E8D294B714CC7FD510ED934D8B6EF29; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l4c3Nyhj8juWNkv2fqRxp1dobOFYmHIkR7uNinj1qxNeHktkhdu4T9Ov74eSNgonliH4G1bK2dGj8Xu%2BKHgBjubU2feh2PzLCjmSBgcKDT%2FfwlbRGrX34zHKb3IRSuRT1GiKD9r6oyUaauE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885434e0eac9c-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/wp-emoji-release.min.js?ver=4.9.25 | 107.175.35.20 | 200 OK | 12 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/wp-emoji-release.min.js?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (9063) Hashfe0575b66568074463f12485d90f6d4c aeedd9ab3b7874e63f647042963cb1301a38b391 647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 11943
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=1E8D294B714CC7FD510ED934D8B6EF29; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XOWjtUQEsFS2CVqvZKr3MNFgnr5PeFSYYuAYQEOtYx7Ktrpa4km3vLgT6tUmFNJAo8ZvUneVY1lXxaMlEHGE7NsrPhwSwDRY9w7tFo8gU%2B6rimPSQdDXSxyN9ZK0dL8JdUhqya%2Fig%2B0psrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885433d59a232-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/underscore.min.js?ver=1.8.3 | 107.175.35.20 | 200 OK | 16 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/underscore.min.js?ver=1.8.3 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (16194) Hash6a3a434a1360cc744341e97de9177bc6 d110825c3252a677ce8b6fd81cd2eda0201e4e1b 4f5b2528815d8b1cd9b68b1a4bb1fe689696f8dcbc2c4a5104343b886ee68828
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/underscore.min.js?ver=1.8.3 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 16410
last-modified: Fri, 22 Jun 2018 15:40:36 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=geAKU3cZptW2ZgfT2ANnLtsTPGPMuTlDo7Et7RwYU5SmutD%2Br1HNuMUeOjnN%2F9WQUKLV2wwN6CLt0%2BUBnSEN67h1xL4CczkgqlL08L9ZdYwxBNTc8CNOSX8hfbu8e8TKwZGo%2FZTi9yNT8eE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543889c4bbb-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/jquery-ui/touch-fix.min.js?ver=4.9.25 | 107.175.35.20 | 200 OK | 1.2 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/jquery-ui/touch-fix.min.js?ver=4.9.25 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (997) Hash73894e81bd18ee8f005aa7c9970a2d7f 9868783d1b3986484bcef352004e532951d4f961 13da7278ed459882028e73966c1bdd4dcc866096774bf634b31df41d9a04e420
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/jquery-ui/touch-fix.min.js?ver=4.9.25 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 1203
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ff3pVdZglXS2hSBGbLGnYDa9v8CN1Tca%2BQHRfZFpsxUb6z30TalcD8BIy0uin%2BtinB%2B2kRCA7MbX0lnv5BCFkfPn7UqrzL5qOFy4MvwgKhV2Ys5YEq9yHcX7iIjNe7%2Bk4E0HdXnuiL64XU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885438a624bc6-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/custom.js?ver=1.0.0 | 107.175.35.20 | 200 OK | 5.1 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/custom.js?ver=1.0.0 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text Hash2d33858613d915ef7ca71d231bc724c3 1e4641b2008453fe52a996b313a3f2dc6a4be317 4f2d93fac674d2169c338a935a2d04968f22d8d22239ff9f9eb7f96d59b55e14
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/js/custom.js?ver=1.0.0 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 5069
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjOxj32duwrEi2JC6OuscWHNmJu9Rker1R6VEOfzFv7LMWvbmHk7fAu4vPnoNguuWx2eC4rGgvoRIhcdht4laZzENqD9ziandFqSVKLwgL3AV8XXiC1EBeUpfSJOKwVcGOtR6%2FC2dShHfRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d8854398a14bd8-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/bootstrap.min.js?ver=2.3.1 | 107.175.35.20 | 200 OK | 29 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/js/bootstrap.min.js?ver=2.3.1 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (28514) Hashc4e4ebc476cf62d4840a19cd42b06255 cb08ba1f44fb4197ae2ac131fcf529501c1e72d3 84bfeafbe3d9d01c9a2addaa1cde48ea6c6cd76b467860427304d758a541762d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/js/bootstrap.min.js?ver=2.3.1 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 28638
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OD8NHkKZpA0vKpfvkdRQednT1sz3PQXabnRGNqBYP64cxoT2ROL7L5swL5oNVGV%2ByXz7gxKHtpPdK2XlCoHZOQFs11axv88Hbb7r7w6Uoa%2BxyxwqMsvogQhpmOu1mQTXPdfH%2B%2BD9Zs2QlR8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543984a4bcf-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.4.3 | 107.175.35.20 | 200 OK | 1.0 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.4.3 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text Hash624ebb44eb0fd0fd92d0a0433823c630 44010ca531b82a13513375597adb4c08b77473fa a8a819d7548b9c102d7776cb645212ca1e324ac2de2170598699061e29bc6cbf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.4.3 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 1045
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEOaU0LElymAxQrKTC75HIPMoYh5PArfgM1NAtTE7M4IdoVzdW4Nt%2FSwkTJRocO6eYt2F51Fe2WMrEpMLwPKzgaSqpsK5wUkhtW4nVm3T3saS%2F7ffsO1p0cyqbYKanEfHL88t5qgNRrJQE0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543984c4bcf-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4 | 107.175.35.20 | 200 OK | 36 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (35951) Hashcb1f7699be677def94bc41a5d9da4f82 b1aff76bd04ba59abed8e19a71db339332d9e15d 131c19ca61ef3ab0c3199b1db78997ec2efb8327722cef4df46f09c4892d273d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 36176
last-modified: Fri, 16 Apr 2021 00:59:43 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSx8ZzY3SboLmUtaQULXRtKBzieSZMdygbycytQ5cTjGbLFLiulTOJOdDSKknkLZpaXT4KgPlhQV2cjCWTkkv3V5xudEq6hXbvltZRmdhm7ur3lemWrtx14umKhzuoqXTG3LVb61eXFsk0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885434cd236ab-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.4.3 | 107.175.35.20 | 200 OK | 1.6 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.4.3 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeASCII text, with very long lines (1533) Hash3e6902b70ee52754121f017fd48175db 0a5d8a5716c7b249eb5e0b02d04aa74c5b9948cb 21dc21cf1cc77b458d114634e3775e70f229dc0c215b0c8958920e2079cb5a16
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.4.3 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 1573
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=1E8D294B714CC7FD510ED934D8B6EF29; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AY5CLrTkp5AH6%2BgZX1gcJaoMfX3WrnKIAAjmYL%2BNr6WMAeeiS%2FTG8MI21jFecMzbS48jxIo5GddZZu2WpmFr%2Bqq3FI03mzddEuGGaA11BOnGPrAhruismLI2f%2BKcbQdy5iRx2BximOEMDoc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543dfc6aaba-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| jfzsdzu.jjjhhhhgggffccccff.men/ | 172.67.146.225 | 200 OK | 23 kB |
URL User Request GET HTTP/2jfzsdzu.jjjhhhhgggffccccff.men/ IP172.67.146.225:443
CertificateIssuerGoogle Trust Services LLC Subjectjfzsdzu.jjjhhhhgggffccccff.men FingerprintCD:FF:A2:BC:8F:07:76:95:CA:7F:72:C6:B5:EF:A8:F4:57:58:CE:EB ValidityThu, 25 Apr 2024 03:44:40 GMT - Wed, 24 Jul 2024 03:44:39 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3521), with CRLF, LF line terminators Hash2c904dac360d09b0e81fe44d6d464bcb 9b530ca46753ac9e055f506247c6d195b89a1fa0 4140228c4b4798bebedc52006200926111528043711979ebd2f7202905f586ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: jfzsdzu.jjjhhhhgggffccccff.men
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 13:57:27 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
link: <https://www.germanmastertech.com/wp-json/>; rel="https://api.w.org/", <https://www.germanmastertech.com/>; rel=shortlink
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
alt-svc: h3=":443"; ma=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7taEWBbJx3%2B482AFCwEwC02PCr2akaebdcIpV2aKdDWrSvy1P3UThPiqBwP6%2BAbKYEaArvx9CNmLOkg2PuFeAgo3JNY%2F%2FOfsrR2mAMwvH7CAv7eQriLpRU2IsFODw8NuK%2BsMa0hQj4ZcLak%3D"}],"group":"cf-nel","max_age":604800}
x-pingback: https://www.germanmastertech.com/xmlrpc.php
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d885387a995687-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/jquery-ui/css/smoothness/jquery-ui-1.10.2.custom.min.css?ver=1.10.2 | 107.175.35.20 | 200 OK | 20 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/jquery-ui/css/smoothness/jquery-ui-1.10.2.custom.min.css?ver=1.10.2 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeASCII text, with very long lines (18307) Hash366a71af16574261635f71a4ad8a0e81 fb8edb3e9cbe0eb8f4f8750e852988d7ea8cd20c 87ee6e7c07ef248005c0fcdc575cdd2716b9bfe80d5f945249126ae0a2858f54
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/jquery-ui/css/smoothness/jquery-ui-1.10.2.custom.min.css?ver=1.10.2 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: text/css
content-length: 19785
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BBEfyzWvxQIcIzvzMoc0iC9zHtYRcNS85KA%2BerUH4vkvsHNeaAJSXJf67qnFR0hGXcq9okdUO5z811%2FezfrWB3srbMtAfn8tqBdepBdGk1cHV%2FjQeRg%2BkWlPOxMKseLK9H6ouIDU7YcKuHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543d9b136ac-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/fancybox-for-wordpress/assets/js/jquery.fancybox.js?ver=1.3.4 | 107.175.35.20 | 200 OK | 162 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/fancybox-for-wordpress/assets/js/jquery.fancybox.js?ver=1.3.4 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJavaScript source, Unicode text, UTF-8 text Size162 kB (162140 bytes) Hashcd979ada3d42377f0f6ef56c3cdc8010 70ac78368d6200b86465f3966ea79c37a63ac2c2 fbefbec9195c7a222e896bc45b0afa18af494fdc038c0977cefe1401efc64be2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/fancybox-for-wordpress/assets/js/jquery.fancybox.js?ver=1.3.4 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: application/javascript
content-length: 162140
last-modified: Thu, 06 Jan 2022 20:36:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J9fxLoCP7XNdisBbqPX61Yl9Tozhoue6atQmt4naBhHXdeVK4Maq8NyJ1kLAOOLTobkxa%2BZQREOZ3KmXUbu3UKw6mf9%2FiJ8X9OG72HDIxqhacyBwjCvzWTvJC%2Fv29MXeFVPh4XBmz8M7%2Bz4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885434934ac58-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/bootstrap.css?ver=2.2.1 | 107.175.35.20 | 200 OK | 87 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/bootstrap.css?ver=2.2.1 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeassembler source, ASCII text, with very long lines (1437) Hashca3b34c3e53a377928e06c367457ed33 647fc575a86ba494bae81cf67c5394d23888463c cd2595924d54633af66e9f6d8c2ace546f80435253d6f4c3e622c2b2da25736a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/stylesheets/bootstrap.css?ver=2.2.1 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: text/css
content-length: 86652
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYJR9a65SN9sL1pVXXJcV3hy9dzCYnyg5ZT19A5O9PwH4G6h6q60jkdhRbBwouC%2FOhfbsZMU7UK7y5AyFOaMMHBnuK7FqG62IhdBS%2FWQKdaNNBAsohE2FeCtMTS3reKyG4O4pwfoIPRMAAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543dcb5ac5a-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xME.woff2 | 216.58.207.227 | 200 OK | 17 kB |
URL GET HTTP/2fonts.gstatic.com/s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xME.woff2 IP216.58.207.227:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16552, version 1.0 Hash06b620a23fa223fb235f57d55e09e742 c54ad34ee5dfb99802b80714dfff65173cc790d5 3830ba0a1c13e1a44b25b86be30bcbc4581a104b2d875aa377bd613477a2e6b4
GET /s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJN7Ml2xME.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:55:46 GMT
expires: Fri, 02 May 2025 02:55:46 GMT
cache-control: public, max-age=31536000
age: 39702
last-modified: Thu, 24 Aug 2023 20:45:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/css/loading.gif | 107.175.35.20 | 200 OK | 1.7 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/css/loading.gif IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeGIF image data, version 89a, 32 x 32 Hash265808cc54404f22de9785c713e0cb7e bf3d1b71957caee1c6273061ad00c99c5d785a0f b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/a3-lazy-load/assets/css/loading.gif HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dwuiyknznmwokr.trade/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=4.9.25
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/gif
content-length: 1690
last-modified: Wed, 20 Jan 2021 21:27:42 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=9CB53FA1EA2298BCDF3E3234F5D05E00; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0dYnEWcP8TbQMw8vrFEJ4V3ez78Z6PBjG1yy8M6dbFWB9LjqbKKkYJS%2F3rsAC0R8g%2FA6bU39jJVDa6ejsXhFznuduelzZ6vynuJLtN6R4ROx4GZL6%2BnvJpAglJ50KhrLe1Xw7c6%2FMSz4JUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885479d0cab9c-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/pattern-1.png | 107.175.35.20 | 200 OK | 166 B |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/pattern-1.png IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typePNG image data, 80 x 160, 2-bit colormap, non-interlaced Hashf791732a9676299b0f778ab900ef3b24 497493b9452d78c8c1dfcdd1dda6857ba0ddd314 863c0e46e6149034ab97b86d89928047073060c2804246a089e7014ab0598926
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/images/pattern-1.png HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/png
content-length: 166
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=9CB53FA1EA2298BCDF3E3234F5D05E00; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6HDeDewZ%2FfVNuLA64B7B8wJeekoipZowxrFn1IuwkydyEn39KVZ3YGeUdFpkHXgNU0OD1k97l%2F54YYcILzLccaTCR59HPzPi%2BnLSBTUNoLPzAXXiYgDYXpXOksqW9cX2GIFNB0UToTaxuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885479a9a36d0-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/quote.png?1411371419 | 107.175.35.20 | 200 OK | 1.9 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/quote.png?1411371419 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typePNG image data, 50 x 41, 8-bit colormap, non-interlaced Hashe8bc551a3ee2511f9ff6a03b0db73a89 79f501b3761b483eeb127110c6c61d2ef5029eb6 472b225dd31e8bdf909023a52c3ffadeb88c9e20a3971c755b5d3fc973680676
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/images/quote.png?1411371419 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/png
content-length: 1917
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=61A8627BEF23B3172D64A91E51594640; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q0YC2Rl8xgIEEY5f67rqe4xmAAMqDSW2WeofLoKEaZo3EruQXNX81xjeIJEdJ0jUJB2hU72JMijBCuf2BzgzHcBz%2FZI6ZckhmcgMmI5opNKswTEVXpM3y0cT9yyJdBP8eY7lw8oozPBBrIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885479f0339fc-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/sprinter-repair.jpg | 107.175.35.20 | 200 OK | 5.1 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/sprinter-repair.jpg IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 250x113, components 3 Hashecb4d992c793cdd02e7bd267fca2e035 a3ac4e525fec7988ceb52cd4bf8d527b1416d573 c56b43d87402e345f150a26b8b83e9e71ec41d3525c6f2769434e3ca53b9ca73
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2015/04/sprinter-repair.jpg HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/jpeg
content-length: 5063
last-modified: Mon, 30 Jan 2017 22:05:02 GMT
x-cache-info: caching
cache-control: max-age=14400
cf-cache-status: HIT
age: 11
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mxljI%2BIq5z%2FMxA8pXTkLWjOUho9zOBaorpuvb7tVw6O0k%2Be6cb6Be8qvfnjrZofUnh1G44KZ%2FCG%2B5HU%2Bx3%2F2A2HaMfthX97FrTOkI5%2B0V2668oLimKfcV%2FwDWwYKKCN7dkA9e%2B1C4uWjpqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88548cadd4bbb-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2014/03/german-master-tech-slide1b-1920x592.jpg | 107.175.35.20 | 200 OK | 130 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2014/03/german-master-tech-slide1b-1920x592.jpg IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x592, components 1 Size130 kB (129477 bytes) Hash7ce8f4d2040a2e8df96b56838eb7dd24 ea4edb7e40a77d9388ff389f9dbd33177feca8d7 9403c4e9199ced1db84f3946820ac2db83320c500875db8d05c6eaed4815bd9e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2014/03/german-master-tech-slide1b-1920x592.jpg HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/jpeg
content-length: 129477
last-modified: Mon, 20 Apr 2015 21:54:17 GMT
x-cache-info: caching
cache-control: max-age=14400
cf-cache-status: HIT
age: 11
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFAou4%2FKHnS%2ByJX0rLz8vQiJngIkqk2eMzar3%2FjxCSSRIYy4CYPnLAVHmM%2BvGegMwg0YS7DA7Xzbk6D96BYtkkeT5dndVj8lqm%2F60mgaYSqmQ3bR9U41W7SH4B%2BfqiMZ%2FqxyDkdng1BAfyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88548dadf4bbb-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964z8810250475za200&_p=1714658247756&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2118 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964z8810250475za200&_p=1714658247756&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2118 IP216.239.32.36:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964z8810250475za200&_p=1714658247756&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2118 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://jfzsdzu.jjjhhhhgggffccccff.men
date: Thu, 02 May 2024 13:57:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/pattern-2.png | 107.175.35.20 | 200 OK | 92 B |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/images/pattern-2.png IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typePNG image data, 18 x 15, 8-bit colormap, non-interlaced Hash70684604029d9fea1a9f929e96ae3893 609c08e181cfe1a9796d08081cc507c6db3f53fc c4117ecddc6db6cecf5fefbe270ff9ce6df16a186dd381cdf081a90b67bcb792
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/assets/images/pattern-2.png HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dwuiyknznmwokr.trade/wp-content/themes/carpress/assets/stylesheets/main.css?ver=1.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/png
content-length: 92
last-modified: Fri, 17 Apr 2015 02:49:57 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nZRSIm5KrRJtWCEIi6QlYHqWtbInAXr%2FgSefzNB7o8StgySNLSL8Kpp9iLgQOCtTPM0c9CkH7mfCFL03fsXpJZzMlUL6b6mUyMX7iaWoKJ8afcwi4fcC1KCoRGJFXBMtiNIOi5TEiCNh%2F1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88547d828ac18-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/car-repair.jpg | 107.175.35.20 | 200 OK | 6.5 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/car-repair.jpg IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 250x113, components 3 Hash28d52a59ab587672a32a1aca5ffd347f 25290acc89e1709817a2c41cd72a46db61c962d4 48234442ddcb500fca52fb8b7d31b9038b959c0bc94564f186e9692f00dbb6a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2015/04/car-repair.jpg HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/jpeg
content-length: 6467
last-modified: Mon, 30 Jan 2017 22:04:10 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWhFGUAlrI9o%2F1IS9%2FE5YATU6NcG1vtmOZT5SwLa%2FfUZkGZPGLuoCKravzXkDTKV%2BxE3k6JXEp4DJCAP9Lr%2Fa6bypWj9HKrHXVrtGYY0XQlTEwzfq2sgzsBPI8jUccZP%2FMhCx%2B6vsPzO4Hg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88548cfc84bc1-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/gmt-shop-270x172.jpg | 107.175.35.20 | 200 OK | 22 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/gmt-shop-270x172.jpg IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 270x172, components 3 Hash9b1d793c1163ab1cad879e09b047ebfa f08678e04ee05b2c64488f1950ee3fb39c18a3d1 3da6d860bfe751a8ca70b0cca14f607e0a80e810e026b9be9510866a6f06f266
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2015/04/gmt-shop-270x172.jpg HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/jpeg
content-length: 21622
last-modified: Fri, 18 Aug 2017 21:23:30 GMT
x-cache-info: cached
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgD8xMnwUn1C35zCnsztj40GmAsQ9E81gYLy4768QK9TbPD7gy1%2FlZu%2F6aEe42iTbyflVbNHya3bEbJwJfmJtfUkQgxiDlGSs0zweLrcxuBbmliTmcv5mBKcTHYhSdksYU7BNUwfy4DJOVs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88548dbb16aee-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/webfont/1/webfont.js | 142.250.74.138 | 200 OK | 5.4 kB |
URL GET HTTP/3ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP142.250.74.138:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typeJavaScript source, ASCII text, with very long lines (2134) Hash7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:00:28 GMT
expires: Fri, 02 May 2025 02:00:28 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 43021
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| bat.bing.com/bat.js | 13.107.21.237 | 200 OK | 13 kB |
IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (46429), with no line terminators Hash72bca04fd669eb89fc65d59052d0fc00 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13261
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ranges: bytes
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E65ACF9CDBD45BBAF38091158E6CC24 Ref B: OSL30EDGE0210 Ref C: 2024-05-02T13:57:29Z
date: Thu, 02 May 2024 13:57:28 GMT
X-Firefox-Spdy: h2
|
|
| bat.bing.com/bat.js | 13.107.21.237 | 200 OK | 13 kB |
IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (46429), with no line terminators Hash72bca04fd669eb89fc65d59052d0fc00 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13261
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ranges: bytes
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47C3ADAA594443E3910261C356DCE6A0 Ref B: OSL30EDGE0210 Ref C: 2024-05-02T13:57:29Z
date: Thu, 02 May 2024 13:57:28 GMT
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.ttf?v=4.2.0 | 107.175.35.20 | 200 OK | 28 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.ttf?v=4.2.0 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeTrueType Font data, 17 tables, 1st "FFTM" Hash04b2b6d5ffc785d0444354a9234af313 6a56e1132d98eaef672d8501df778b78b2d4b156 eebf501c42f0bee73f34cbda780b20e80fe17e386ca3c79a2f2aacc913a629ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.ttf?v=4.2.0 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://www.dwuiyknznmwokr.trade/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: font/ttf
content-length: 141564
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F002D195FBC2218FC11B2040547B0567; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9o6Zv6Tgy6QQuZ7gvOoLPfcD2LlxIgLXgac1%2FGCn%2BmqMs7F8wuqueEb6eCRGsX74QVyD5wEu6ay1GdCCIoSHz%2FTb8yGGuURJva%2FhSDB8GQy72mxV%2Ft5bbh44OpTGbNyC6wLpvrYlfaglxY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885480c444bd2-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true | 142.250.74.106 | 200 OK | 23 B |
URL GET HTTP/2maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true IP142.250.74.106:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
Hash8a80554c91d9fca8acb82f023de02f11 5f36b2ea290645ee34d943220a14b54ee5ea5be5 ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 02 May 2024 13:57:29 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://jfzsdzu.jjjhhhhgggffccccff.men
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/Germany-Flag-icon.ico | 107.175.35.20 | 200 OK | 1.2 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/Germany-Flag-icon.ico IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash304ad21c26c2b027017869c4b139c094 a0b0bd2b6c9b9f46b2c483d15bf41af88aff3f0a 40ab121ba66cc3ce484d5222a1558361b7b23e489d91b47eb2e3cc7f75ce03b1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2015/04/Germany-Flag-icon.ico HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:29 GMT
content-type: image/vnd.microsoft.icon
content-length: 1150
last-modified: Mon, 20 Apr 2015 13:56:07 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8i08TyPO1JCM5PCwf1NoW%2FQMCDso4pPzd2Rg2nJhD93K1M%2FZGBN%2BabGxlHbgSrf5HsNWLV4XbWTK0xIUo%2BcBrsstjk8MdXxNVl5S2PnzuYtoNBFjIxh%2BVsr1wtOQn1i1A2gOEEp52WJEH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d8854a39f64bbd-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bat.bing.com/p/action/5000156.js | 13.107.21.237 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/p/action/5000156.js IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5000156.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F3A1FFA090F452EA9AE4857D15C362A Ref B: OSL30EDGE0210 Ref C: 2024-05-02T13:57:29Z
date: Thu, 02 May 2024 13:57:29 GMT
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Dosis | 142.250.74.138 | 200 OK | 49 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Dosis IP142.250.74.138:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typegzip compressed data, max compression Hashee105728f2b38b3496c56e4542639e1b 7bab4b6669a383c693963aa1138ef42bf48fdb25 4e3f5151e35e894e355658ad7d063b61ab4881cd89d8bb5c3eca0c20afa197c9
GET /css?family=Dosis HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 May 2024 13:57:27 GMT
date: Thu, 02 May 2024 13:57:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 | 216.58.207.227 | 200 OK | 30 kB |
URL GET HTTP/2fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 IP216.58.207.227:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 30208, version 1.0 Hash21ebbd28e8542cf12700a838738e0d70 b387fb6e48c8f2822411eeccddcff007fe38f867 0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722
GET /s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:09:23 GMT
expires: Fri, 02 May 2025 02:09:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:45:32 GMT
content-type: font/woff2
age: 42486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 40949
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bat.bing.com/action/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta,%20GA&p=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&r=<=2570&evt=pageLoad&sv=1&rn=314978 | 13.107.21.237 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/action/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta,%20GA&p=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&r=<=2570&evt=pageLoad&sv=1&rn=314978 IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta,%20GA&p=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&r=<=2570&evt=pageLoad&sv=1&rn=314978 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2187DE184CF161CD3372CA6B4D046043; domain=.bing.com; expires=Tue, 27-May-2025 13:57:29 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 993E425FE93943E5A1A6AF86A0E03F97 Ref B: OSL30EDGE0210 Ref C: 2024-05-02T13:57:29Z
date: Thu, 02 May 2024 13:57:29 GMT
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 | 216.58.207.227 | 200 OK | 30 kB |
URL GET HTTP/2fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 IP216.58.207.227:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 30208, version 1.0 Hash21ebbd28e8542cf12700a838738e0d70 b387fb6e48c8f2822411eeccddcff007fe38f867 0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722
GET /s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:09:23 GMT
expires: Fri, 02 May 2025 02:09:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:45:32 GMT
content-type: font/woff2
age: 42486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bat.bing.com/actionp/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&evt=dedup | 13.107.21.237 | 204 No Content | 0 B |
URL POST HTTP/2bat.bing.com/actionp/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&evt=dedup IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /actionp/0?ti=5000156&Ver=2&mid=c04cfcf3-7969-4b82-9f78-b4baf98ebefd&sid=ea4a3860088b11efa4e50397c4f77fde&vid=ea4a3d90088b11ef920e2d07b5a0556d&vids=1&msclkid=N&evt=dedup HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2BB287B9EF356FBB3C3093CAEEC06E39; domain=.bing.com; expires=Tue, 27-May-2025 13:57:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B02D835D1E7A400081E13AC6E84A53B7 Ref B: OSL30EDGE0210 Ref C: 2024-05-02T13:57:30Z
date: Thu, 02 May 2024 13:57:29 GMT
X-Firefox-Spdy: h2
|
|
| maps.google.com/maps-api-v3/api/js/56/10/common.js | 142.250.74.46 | 200 OK | 57 kB |
URL GET HTTP/3maps.google.com/maps-api-v3/api/js/56/10/common.js IP142.250.74.46:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text, with very long lines (7031) Hash4174a6883e13ea8e5fcffd7de8aa5c6d 7f7e385b667dfd9ef9961a7771dc06106e05c958 ae893056d443a5efc9f0386895d69e7b56850a1eb7891f3de0786fdd9a2a99c9
GET /maps-api-v3/api/js/56/10/common.js HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
timing-allow-origin: *
content-length: 57066
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:54:09 GMT
expires: Fri, 02 May 2025 01:54:09 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Apr 2024 20:46:38 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 43404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| maps.google.com/maps-api-v3/api/js/56/10/util.js | 142.250.74.46 | 200 OK | 57 kB |
URL GET HTTP/3maps.google.com/maps-api-v3/api/js/56/10/util.js IP142.250.74.46:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text, with very long lines (562) Hasha5ea9d7924eb77a8f02576f93f05f528 8ba34c1c36c9b71765d6bc7ddcce5a2d4bdcb804 595a75d8700c4869f4b168f94440d35c042ad6fb3c6f76fdc302a645ffd3dbd1
GET /maps-api-v3/api/js/56/10/util.js HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
timing-allow-origin: *
content-length: 56863
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:13:48 GMT
expires: Fri, 02 May 2025 02:13:48 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Apr 2024 20:46:38 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 42225
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964za200&_p=1714658247756&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=scroll&epn.percent_scrolled=90&tfd=7141 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964za200&_p=1714658247756&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=scroll&epn.percent_scrolled=90&tfd=7141 IP216.239.32.36:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-3KVDT0R2ZZ>m=45je44t0v881629964za200&_p=1714658247756&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=274932271.1714658248&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714658248&sct=1&seg=0&dl=https%3A%2F%2Fjfzsdzu.jjjhhhhgggffccccff.men%2F&dt=German%20Master%20Tech%20%7C%20Car%20Repair%20%7C%20Mechanic%20Alpharetta%2C%20GA&en=scroll&epn.percent_scrolled=90&tfd=7141 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://jfzsdzu.jjjhhhhgggffccccff.men
date: Thu, 02 May 2024 13:57:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/german-master-tech-logo.png | 107.175.35.20 | 200 OK | 8.3 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/uploads/2015/04/german-master-tech-logo.png IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typePNG image data, 390 x 70, 8-bit colormap, non-interlaced Hashd0166ca64c154d05fdaa2f116d5aea21 82d0e35177866a1aea3b7284c1911b0c907d998a 5a01b0c70f85707e2738adcb51eb6632ded7dca853809d1787c02ec2a8a40d35
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2015/04/german-master-tech-logo.png HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: image/png
content-length: 8290
last-modified: Mon, 20 Apr 2015 21:05:51 GMT
x-cache-info: caching
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=F94C4F77A373C4568C29ADA370D97BAD; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eG5Ri6C0cxXFh8Tkd6we48OLN0ZEXnd3r53UrAFZTO4%2Bo%2BfqGDdt%2Fa%2B3QDuru%2BS1pPzM1OIQ6dAD7FM%2F5MqEQZOO9xG0Z2%2FXV%2F6hF27oWFgLRgSZnCJuD4T35IQburOpLaGI5L2AbwQSwXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d88543da2aab22-YYZ
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3KVDT0R2ZZ&cid=274932271.1714658248>m=45je44t0v881629964z8810250475za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1560128315 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3KVDT0R2ZZ&cid=274932271.1714658248>m=45je44t0v881629964z8810250475za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1560128315 IP142.250.74.163:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subject*.google.no FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9 ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3KVDT0R2ZZ&cid=274932271.1714658248>m=45je44t0v881629964z8810250475za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1560128315 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 May 2024 13:57:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.dwuiyknznmwokr.trade/wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 | 107.175.35.20 | 200 OK | 7.5 kB |
URL GET HTTP/2www.dwuiyknznmwokr.trade/wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 IP107.175.35.20:443 ASN#36352 AS-COLOCROSSING
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerLet's Encrypt Subjectwww.dwuiyknznmwokr.trade Fingerprint08:55:33:BE:70:04:E3:53:CF:C6:05:57:63:2E:54:1D:D3:F1:3A:08 ValidityTue, 30 Apr 2024 04:31:40 GMT - Mon, 29 Jul 2024 04:31:39 GMT
File typeWeb Open Font Format, TrueType, length 83760, version 1.0 Hashc473f144551bca7422fb803cd66ffb29 f60d8f486288f0a0e446f2faea381a3c607b65ba 21493395050f36430478ac4ba864b26b66dee9663b495eaad4c0040c36cca7c6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/carpress/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: www.dwuiyknznmwokr.trade
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Origin: https://jfzsdzu.jjjhhhhgggffccccff.men
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.23.1
date: Thu, 02 May 2024 13:57:28 GMT
content-type: font/woff
content-length: 83760
last-modified: Fri, 17 Apr 2015 02:49:58 GMT
cf-cache-status: BYPASS
set-cookie: X-Mapping-gnlapjep=61A8627BEF23B3172D64A91E51594640; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Co10qyjgZk5LenmehZcNRAHwwcpUKlEQdrp8UnBS43KTht0Ueq534cb9THQ4PU8y0LymQhNKrtK1E2TyTmKW4cieoi%2BQsVNHIoslcADil6Mv7e9mi%2B6v83Tu%2F5gO6iNvRAxtaef3t%2Fl30LI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 87d885437b944bc9-BUF
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Open+Sans:400,700%7CDosis:400,700&subset=latin,latin | 142.250.74.138 | 200 OK | 13 kB |
URL GET HTTP/3fonts.googleapis.com/css?family=Open+Sans:400,700%7CDosis:400,700&subset=latin,latin IP142.250.74.138:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typeASCII text, with very long lines (1572) Hash449f1c68e9b1b6a598bbb4c5ef7c87f1 5bc57f3f5809a2e747af748400360b1b1604da03 f0012a8943c7c900d33fe86552e60d2fb021f944bf3a30f75b91fa67ee257037
GET /css?family=Open+Sans:400,700%7CDosis:400,700&subset=latin,latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 May 2024 13:57:29 GMT
date: Thu, 02 May 2024 13:57:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 364.tctm.co/t.js | 54.230.111.116 | 200 OK | 47 kB |
IP54.230.111.116:443
Requested byhttps://jfzsdzu.jjjhhhhgggffccccff.men/ CertificateIssuerAmazon Subject*.tctm.co FingerprintE2:09:DF:F0:C6:E3:5B:C1:E2:22:FA:66:59:94:2A:7A:D2:B1:48:C4 ValidityTue, 08 Aug 2023 00:00:00 GMT - Tue, 03 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (33234) Hash1339a1fa8cdb4ddf9946eef2a3e3ce13 f779e3d69925b83204d59a68284270acc5c515e5 c256f5ed324be322f52a5eca6807343c3c01e7f5fabbe213ceace5d06d473b2b
GET /t.js HTTP/1.1
Host: 364.tctm.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jfzsdzu.jjjhhhhgggffccccff.men/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript
date: Thu, 02 May 2024 13:57:28 GMT
set-cookie: ct364=66339bc80000016cfea19de0; path=/; HttpOnly; SameSite=None; Secure
etag: W/66339bc80000016cfea19de0-364
last-modified: Thu, 02 May 2024 13:57:28 GMT
cache-control: no-cache, no-store, must-revalidate
server: ctm
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: wCQGOCKGUt8vv-hnkD_SaOCbdkpSOCtlA8mmz3104Zz6YgHOSHcZgw==
X-Firefox-Spdy: h2
|
|
104.21.57.156
0.0.0.0