Report - wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662

Report Overview

Visited public
2023-11-13 18:28:37
Tags
URL
wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Finishing URL
wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
IP / ASN
172.67.189.253
#13335 CLOUDFLARENET
Title
wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wkvspsb.com	unknown	2023-09-08	2023-09-12 20:09:25	2023-11-12 12:33:34	5.5 kB	110 kB	104.21.81.146
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-11-13 07:17:38	903 B	132 kB	152.199.19.160
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-13 14:37:23	454 B	32 kB	142.250.74.10
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-13 12:50:12	1.3 kB	196 kB	142.250.74.168
ka-p.fontawesome.com	4489	2012-10-18	2019-12-16 21:35:53	2023-11-13 06:30:19	1.5 kB	62 kB	172.64.147.188
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-13 14:06:59	1.6 kB	83 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-13 13:55:32	435 B	1.2 kB	142.250.74.106
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-11-13 06:18:20	887 B	13 kB	172.64.147.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed
2023-11-13	medium	wkvspsb.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	127 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen16 Hash f92940178528cff899349c6b3bc8f6b5 71946185435cc4ee489eed6d3b8cb89c9e482857 1c176f72b1e82fdcc2b59f3161850788a57e77e4e9df64f1147a6d8a5228552b Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	391 B	2023-11-12	2024-08-20
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen6 Hash 6ad29f62c91623b91b6ee31ae79351f0 4df1603346f9519e3506f625d1695e5778e7a095 dcdeb8a1a35452c114257a3c7b98df47e3a83c3779dcc1ebadf908999b703b76 Loading...

	www.googletagmanager.com/gtag/js?id=UA-208173773-2	ScriptElement	190 kB	2023-11-13	2023-11-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-208173773-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 19:28 Last Seen2023-11-13 19:28 Times Seen1 Hash 1f152b573451b78b92355217a0a03104 d474ee6fec83e1947ae7fd4589d8ed76b2fa047c 4b66a55f0a470db3aa6a2e32522bed723b9f24d705371d3eabc4c3da2c9c53f7 Loading...

	wkvspsb.com/user/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL wkvspsb.com/user/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 12:21 Times Seen341428 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	264 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen22 Hash 50b8d257c149e4c89eb8fcd42cbb90bd ec36a40fb37b6fcca17ac892e3b274ecff9c5164 04b5d8be7fc682489a5060b6832c7a14ebe5480a284f3f9d55f0a0407aeff7b0 Loading...

	wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35	ScriptElement	26 kB	2023-11-12	2024-08-20
Pretty URL wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen24 Hash 44bf7e2fb58e77a3ab76bb6191b1a862 f6516881e1c2b17e923ca1a651de92a22c4ccaa7 b3f9ad8a6b5ee12a78a32d898be23898f6d340765e340873e0253feb3b0e8825 Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	166 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 08:25 Times Seen35 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js	ScriptElement	13 kB	2023-03-07	2025-04-17
Pretty URL wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 05:46 Times Seen84 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c	ScriptElement	229 kB	2023-11-13	2023-11-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 19:28 Last Seen2023-11-13 19:28 Times Seen1 Hash e41b4f194b4a8533687e8625cc21b1e7 d04572a5a1c21ea0bd975827e5d62312aae6ad2b bb750b33192d3fafbf0cad16d1ed3df063df18c4b9a4fdd640e3b892cea03df2 Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-09
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:14 Times Seen27458 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	kit.fontawesome.com/b314bdf1b3.js	ScriptElement	12 kB	2023-06-20	2023-11-22
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 172.64.147.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-20 05:08 Last Seen2023-11-22 21:59 Times Seen16 Hash 4fc6cefe553c0690d16534ebf9d89181 aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f 8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb Loading...

	wkvspsb.com/common_tpls/js/form_support.js?v=1101202201	ScriptElement	3.8 kB	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/common_tpls/js/form_support.js?v=1101202201 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25 Last Seen2024-08-21 08:25 Times Seen40 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	528 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:11 Times Seen24 Hash 10dd1b2ab36045f6dd30390708c046c8 5ea106d1b689de5bda25b576ae36d26160ed6795 6d5167f39f1f849ab2050bb2429f122ed1e62a41d7bdcf18a9ec09438f087e88 Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	500 B	2023-06-20	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-20 05:08 Last Seen2024-08-21 08:25 Times Seen30 Hash b3a1b315d6288a561818ce4d5253d7f6 2ce9c680b598f3cc1e3962a44ef82ae5fa4494fd 91fd13dbb2b63dbb6392347bd6b26447b1e7aa12711de8bd71979cd981ff1cb4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL	ScriptElement	115 kB	2023-11-13	2023-11-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-13 19:28 Last Seen2023-11-13 19:28 Times Seen1 Hash d9f6d6dfa52f575b3cac80f16c325f08 e9aa0e87328e28341ecb6ef8d0427b8a0ac740d3 9cfeb83eb03e15601f2a6f9afd511103bc5dec096a415026cf116b4582137aac Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 12:21 Times Seen340627 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	2.5 kB	2023-03-12	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 21:04 Last Seen2024-08-21 07:54 Times Seen14 Hash ac428da6c58b59908e1e32ae534c701f 6762e6723215e67f3bc59d70921dff1c31cf340f 99f03e720b2056ee9fe812f4e55e01df1e9ff78e25b193457cfea0e9bf452cce Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	154 B	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash dc4c63848f107674326b8a0a96341bc9 5d248cb3bf93f521d169b6bad32476850a605b12 07efc655541b0925fd8e283a50d37b7eb16785091a5e304f2e6485eaaf93538d Loading...

	wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662	ScriptElement	341 B	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash 1a58b34370509f63981cc45d340f1d57 075e95758b3f8f503e2a73afea9dd289368622df e173425383a257827382039e598338898d2206eeb509092c25bec541d8efd01b Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:36 Times Seen68113 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

HTTP Transactions (25)

URL IP Response Size

wkvspsb.com/common_tpls/images/icons/email.png

104.21.81.146

200 OK

1.3 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/email.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1254 bytes)
Hash
a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/email.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u4btXxqKTPLbgA2EgWVXseCH7W5t2vwyyDckmNSFgI0fA5N%2FRZ%2Fux8SLUWOJ2K%2By2RSXeurfIKbwYItkZJxCsqdef3Rc%2F6Ikjb4KDpckBRx%2F%2FWgFF%2FHoR%2FqxvdCRLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e768c256b5-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/ajax-loader.gif

104.21.81.146

200 OK

3.2 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/ajax-loader.gif
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcgc%2B22uvLuMJ%2B8ku3Yuf1gGvTQPfrOZdpvy1EGeHMSffLcVmyVeZBHmkeUkS%2B7DbxRRCAwkhxBYo8OtRT9mRR7TgBXBE2HXAHxs0bE6bafExRBuI3iP7FLM7wpreg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e768c156b5-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/icons/user.png

104.21.81.146

200 OK

1.5 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/user.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1491 bytes)
Hash
d2ace1024969666b8ecfd48b0091a0fd
fb2988bb4203176476469b8ad12abc3cf8ce2113
a28165011050b8c217837b2ce4692f49413e27b7b259144cd128d0a9db9f63dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/user.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: image/png
content-length: 1491
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-5d3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEhJDTNCrlBx7xU8Ol1cYYZ%2Fu790%2B4DqYTcD5ogvDsrqotuEym0vNZLzjWYjJDjXanZSCpTACabPtmIvIKNL2Z%2FEaaHMHSWQu%2BOe2D1FdvX%2BCqvDf0lwd40WTvtaig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e768ce56b5-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662

104.21.81.146

200 OK

24 kB

URL User Request GET HTTP/3
wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (536)
Size
24 kB (24057 bytes)
Hash
e39f2a48df77a6a71943a88111469aa6
960343058b37dd453b60f4528e8dbf4396621787
7ac85bb4d49c64c0554efa2d1319395fd07e26e31c6073c6648599ee3cdb821d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/?SID=714fa518e3b65a61c7fc2fa23d078662 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEx4iDckFn18wcjlswGHReG7aR18tfA%2FJctV%2BDBAfW7Cjgc00KEZWSf46GnqUTd8DQLJrUKGlizS4h5IcKsQSYtN5s7mEmT35qxotyR%2B3aWpVgjHBSKydJ%2FQY1wsXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 825912e5bea756b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/icons/password.png

104.21.81.146

200 OK

1.5 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/password.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1452 bytes)
Hash
6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/password.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROb%2B57hP4g7YKVJl5PIqFvGzTM6Ic01luwwj8bgG%2B8ztVPlTtRiPTonpcEKQ7CD2j2UWe%2F6MMBo3IDza8UPRbBW%2FZ50B7KPXBtIxq7qTBQW7HfgIalVF6hKD6GC3BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e798f556b5-OSL
alt-svc: h3=":443"; ma=86400

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 9996632
cache-control: public,max-age=31536000
content-type: application/javascript
date: Mon, 13 Nov 2023 18:28:19 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.10

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Nov 2023 21:30:55 GMT
expires: Fri, 08 Nov 2024 21:30:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 334644
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-208173773-2

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-208173773-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68693 bytes)
Hash
1f152b573451b78b92355217a0a03104
d474ee6fec83e1947ae7fd4589d8ed76b2fa047c
4b66a55f0a470db3aa6a2e32522bed723b9f24d705371d3eabc4c3da2c9c53f7

HTTP Headers

GET /gtag/js?id=UA-208173773-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 13 Nov 2023 18:28:19 GMT
expires: Mon, 13 Nov 2023 18:28:19 GMT
cache-control: private, max-age=900
last-modified: Mon, 13 Nov 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js

104.21.81.146

200 OK

5.1 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text, with very long lines (12990)
Size
5.1 kB (5109 bytes)
Hash
2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: application/javascript
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YOp2%2FVfXWEGQiXcuddJ0Th%2BbdfqgF8pLbVVJ4jIjMZxFiJ9ZZrH7e%2B88A6kz61jtwdrNrkVE6kVq7bDg2z7bTnbhzhQ9tHL7JYiZO31Qae2u4edUUkA8N9ncontnEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e798f756b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

172.64.147.188

200 OK

2.6 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
2.6 kB (2603 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Nov 2023 18:28:20 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1441889
accept-ranges: bytes
server: cloudflare
cf-ray: 825912ea6db256bb-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

172.64.147.188

200 OK

54 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
54 kB (54194 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Nov 2023 18:28:20 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1427799
accept-ranges: bytes
server: cloudflare
cf-ray: 825912ea6db856bb-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

172.64.147.188

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 13 Nov 2023 18:28:20 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1441889
accept-ranges: bytes
server: cloudflare
cf-ray: 825912ea6db556bb-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL

142.250.74.168

200 OK

44 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
44 kB (44352 bytes)
Hash
d9f6d6dfa52f575b3cac80f16c325f08
e9aa0e87328e28341ecb6ef8d0427b8a0ac740d3
9cfeb83eb03e15601f2a6f9afd511103bc5dec096a415026cf116b4582137aac

HTTP Headers

GET /gtm.js?id=GTM-TZX6ZCL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 13 Nov 2023 18:28:20 GMT
expires: Mon, 13 Nov 2023 18:28:20 GMT
cache-control: private, max-age=900
last-modified: Mon, 13 Nov 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44352
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf

216.58.207.227

200 OK

21 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Open Sans Project Authors (https://github.com/googlefonts/opensans)Open SansR\012- data
Size
21 kB (21006 bytes)
Hash
4e6feb3d0ab3cb546db1152394983bdb
8feb43afdb5a47fc1c8c03b53be6822c72f845b3
294ed1734fd63bdeca41e4ac6d668c513ea6932b0030ee10c605d09efba1900e

HTTP Headers

GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21006
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Nov 2023 21:29:56 GMT
expires: Fri, 08 Nov 2024 21:29:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 334704
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/js/form_support.js?v=1101202201

104.21.81.146

200 OK

18 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/form_support.js?v=1101202201
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text
Size
18 kB (17832 bytes)
Hash
4ffa5d12f2aa2394aa284438d9ab1658
66a6678dc24eae37e35b8ee571e78f6e8af796da
a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 21:23:37 GMT
etag: W/"6377f7d9-ed7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u84WmRlt7ew69%2FCVx4lqHUYmDfqyT3W6aPRZGZPc9%2Fys%2BSP2M0dSJC9yBjPlBflhR2ay5PAqfYCqp%2BMJB2053OIE1m2v2ri4vp%2FMcauQRwBZLvCxxaRqCW%2FkMTWZTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e758ae56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2010 The Raleway Project Authors (impallari@gmail.com), with Reserved Font Name "Ralew\012- data
Size
28 kB (27688 bytes)
Hash
bdebf93c5407fe68ebcf28ea8e7bf5cf
efea252ba989bdafdda75070b433706be9eb60c1
ccea64b644439db63b8dbe4e042401ceffbb0ba0ab7338e856aa7fb1f4d33e49

HTTP Headers

GET /s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27688
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Nov 2023 21:29:59 GMT
expires: Fri, 08 Nov 2024 21:29:59 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:57:58 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 334701
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (5955)
Size
81 kB (81011 bytes)
Hash
e41b4f194b4a8533687e8625cc21b1e7
d04572a5a1c21ea0bd975827e5d62312aae6ad2b
bb750b33192d3fafbf0cad16d1ed3df063df18c4b9a4fdd640e3b892cea03df2

HTTP Headers

GET /gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 13 Nov 2023 18:28:20 GMT
expires: Mon, 13 Nov 2023 18:28:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81011
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 13 Nov 2023 18:28:19 GMT
date: Mon, 13 Nov 2023 18:28:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

121 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19086780
cache-control: public,max-age=31536000
content-type: text/css
date: Mon, 13 Nov 2023 18:28:19 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/compactML/css/wideBaseML.css

104.21.81.146

200 OK

23 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/compactML/css/wideBaseML.css
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text, with very long lines (22986), with no line terminators
Size
23 kB (22986 bytes)
Hash
5ede9814b7457a64e5c8ee8aa036c3f0
0b05378651df8ed45fb3c40ec99dd98aa1c2d7fd
c776450a0b93289511851e3e32db4e620b99121990869c2f377ce61a5defdfe7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/compactML/css/wideBaseML.css HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: text/css
last-modified: Mon, 08 May 2023 14:48:38 GMT
etag: W/"64590bc6-59ca"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1qJ2m5wrVU0AM8YZX%2Bn3c%2BVC%2BEGfYql8%2FD%2FSpA1rBc6Kbnbw9j%2BnQIlU47xjuI%2FcP%2BsPpAUP6%2FOzdRHPvSeqlIvJddHVWiPg5%2FdW%2FqChLPmaJ1wlbRWaRepLtlumA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e748ac56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wkvspsb.com/favicon.ico

104.21.81.146

404 Not Found

162 B

URL GET HTTP/3
wkvspsb.com/favicon.ico
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
42b7c03ebcddafdb2aa3078e3a9ceb69
57570cf4712b36bce96f68228e6c72137c2156dd
a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 13 Nov 2023 18:28:20 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htvgDsBD41cWA95JmR%2BMOtnmE%2F7rsMZ1HJsO26iEeklO0uJjFXB0hNGpcJiBi%2FpdYSoLkIBo1XSRMsVEwMXYB9bs%2F2s%2FnTyfgEDYDkNXqpy8dVVVHQ3nIGOHmSoQNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912eb9d4b56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf

216.58.207.227

200 OK

31 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)Montserr\012- data
Size
31 kB (31448 bytes)
Hash
7537927902d147b33daa33bde3d17670
201f909e6a91b0f7af89c68c7c9683463f944ee3
c8861d4f88efa374f573575cb6063bf54ee05e7d65d83eb8668c531687d06c85

HTTP Headers

GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16454
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 12 Nov 2023 06:46:27 GMT
expires: Mon, 11 Nov 2024 06:46:27 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:58:46 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 128513
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35

104.21.81.146

200 OK

26 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type

Size
26 kB (26000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=35 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Cookie: PHPSESSID=714fa518e3b65a61c7fc2fa23d078662
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 00:24:58 GMT
etag: W/"6530775a-6590"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLyUt6cLehwmdXP7WFDbWPaTMrE0nftV9YvfiR9OH33DZWWeOpK1u4PZLPW61WNRcxtC9jkq5OMsq7TMy3BZv%2FAp4iHrbLURfxYfDnyAbJnyJUmcASDH3l%2BQ%2ByUZRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825912e768bc56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/b314bdf1b3.js

172.64.147.188

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11213)
Size
12 kB (11753 bytes)
Hash
4fc6cefe553c0690d16534ebf9d89181
aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f
8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 13 Nov 2023 18:28:19 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F4rzVOEZUQ-WlBJ1TBmB
cf-cache-status: HIT
server: cloudflare
cf-ray: 825912e7891956bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css

172.64.147.188

200 OK

0 B

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=714fa518e3b65a61c7fc2fa23d078662
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 13 Nov 2023 18:28:20 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5OgcseEWDn6S7kqi5gj
cf-cache-status: HIT
age: 537772
accept-ranges: bytes
server: cloudflare
cf-ray: 825912ea4d3f56bb-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by