| | 86.106.20.193 | 302 Found | 1.5 kB |
URL User Request GET HTTP/1.1IP86.106.20.193:80
File typeJavaScript source, ASCII text Hashe3077fa5e5612d87108f30d43c3eb9fd 9be84929d0043469f1d3cecf76aef83b1e5e1a95 ad89ab2d88aa0ca02b8634ab6363c536792555b9057e914d1ffef1b48fedcbc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| cdn.jsdelivr.net/npm/isbot@3 | 151.101.65.229 | | 3.4 kB |
URL cdn.jsdelivr.net/npm/isbot@3 IP151.101.65.229:0
File typeJavaScript source, ASCII text, with very long lines (7056) Hash169643cb628f49d9e741cb01d1a238ac a6a78edd95278b2e79a4887a5b956e35f0a22f3c 3f29e555b1071331ac87b0e494968cc492ced9589b20191b25c6105170a04ed5
GET /npm/isbot@3 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.8.0
x-jsd-version-type: version
etag: W/"1cd4-pqeO3ZUniy55pIh6W5VuNfCiLzw"
content-encoding: br
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:02 GMT
age: 16221
x-served-by: cache-fra-eddf8230155-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3445
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.2.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.6.0.min.js IP151.101.2.137:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:02 GMT
age: 456743
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 340103
x-timer: S1714600562.279270,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js | 216.58.207.234 | | 30 kB |
URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP216.58.207.234:0
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 Apr 2024 01:22:47 GMT
expires: Sun, 27 Apr 2025 01:22:47 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 419595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cloud.51degrees.com/api/v4/AQSSRoCvJFnzy67h2kg.js | 20.105.232.25 | | 2.2 kB |
URL cloud.51degrees.com/api/v4/AQSSRoCvJFnzy67h2kg.js IP20.105.232.25:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeJavaScript source, ASCII text, with very long lines (4564), with no line terminators Hashe3da91b8894aa4ba4e4f837eae1c6cee 97c7af0cfafd6b1b5c15386be86a102f54af22d8 21216acd7f81724ac74f75b12001bbc59d06a7e167f6f2a90d340d83eebf2d14
GET /api/v4/AQSSRoCvJFnzy67h2kg.js HTTP/1.1
Host: cloud.51degrees.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Wed, 01 May 2024 21:56:02 GMT
Server: Kestrel
Cache-Control: private,max-age=1800
Content-Encoding: br
ETag: "c-1144973549-1791519392"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Request-Context: appId=cid-v1:1d4ebf5f-f33b-4efe-97fb-0580a09ad87e
51D-Region: westeurope
51D-Instance: daba568fde7e
51D-Version: 4.3.58.0
|
|
| openfpcdn.io/botd/v1 | 54.230.111.48 | | 5.3 kB |
IP54.230.111.48:0
File typeJavaScript source, ASCII text, with very long lines (15005) Hash234a8c1c15df9b03c65e9e14c82fc872 e5ca36727846aede7dfbc07e88b2b025eb0cae90 29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89
GET /botd/v1 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
date: Wed, 01 May 2024 19:28:28 GMT
cache-control: public, max-age=595493, s-maxage=10578
etag: W/"5co2cnhGrt59+8B+iLKwJesMrpA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sDmKCa25-CiuM2rzwJogB7X92pxYfD7fFKn49kQGnEep1bxqn3y-1Q==
age: 8854
X-Firefox-Spdy: h2
|
|
| api.ipify.org/?format=json | 104.26.12.205 | | 21 B |
URL api.ipify.org/?format=json IP104.26.12.205:0
Hash7d69c71af0f191e9a72db6153f8018d1 f67c5f2887bc05654b47f76e9621e53a4091aed1 5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65
GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:02 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87d304ed9f4856ca-OSL
X-Firefox-Spdy: h2
|
|
| 86.106.20.193/secure/ban.php | 86.106.20.193 | | 21 B |
URL 86.106.20.193/secure/ban.php IP86.106.20.193:0
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /secure/ban.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 12
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| 86.106.20.193/favicon.ico | 86.106.20.193 | | 21 B |
URL 86.106.20.193/favicon.ico IP86.106.20.193:0
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| 86.106.20.193/secure/ScreenSizeCheck.php | 86.106.20.193 | | 21 B |
URL 86.106.20.193/secure/ScreenSizeCheck.php IP86.106.20.193:0
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /secure/ScreenSizeCheck.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 10
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| 86.106.20.193/secure/browserip.php | 86.106.20.193 | | 21 B |
URL 86.106.20.193/secure/browserip.php IP86.106.20.193:0
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /secure/browserip.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 23
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| | 86.106.20.193 | 302 Found | 1 B |
URL User Request GET HTTP/1.1IP86.106.20.193:80
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: ./index2.php
|
|
| | 86.106.20.193 | 302 Found | 1 B |
URL User Request GET HTTP/1.1IP86.106.20.193:80
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index2.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: city_location=Oslo; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
country_code=NO; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
Location: ./views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
|
|
| 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR | 86.106.20.193 | | 16 kB |
URL User Request GET 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR IP86.106.20.193:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (8164) Hash2071c51deef131d93e01563bb7692467 fd71b19e44c7e28739c07f97e288b168243398fe ba1119e00c8bb50e123e05adc87b7b83c2a865f57db77d6f27f8a7f4e46319a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: has_questions=1; expires=Fri, 31-May-2024 21:56:03 GMT; Max-Age=2592000; path=/
Content-Encoding: gzip
|
|
| 86.106.20.193/views/go/assets/files2/roboto-aw.css | 86.106.20.193 | 200 OK | 2.4 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/files2/roboto-aw.css IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Hasheb0e0f915bd01a93eaee26a74f0cbbb1 0df6b4e511a6267660ccf3f81cf337c9ec6e9e45 78ff7318b2b978573d889746e6abb1b6bfc636b2166a402c072ef8710be38dac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/files2/roboto-aw.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 2369
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-941"
Accept-Ranges: bytes
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.2.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.6.0.min.js IP151.101.2.137:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:03 GMT
age: 456745
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 340104
x-timer: S1714600564.880725,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js | 104.17.25.14 | 200 OK | 4.5 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP104.17.25.14:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hash053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2951
expires: Mon, 21 Apr 2025 21:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61FJF3y44s5mj7YmpagbbJdYe3D1qmVbR6hDxLlurAg7W17X%2FwBF%2FGtlolARcRPWpnsZNPvxCzvldY2DJE5dQYuzR%2BqWcv8WAG%2FXziYzkGlYaUG0z5cxdgObgFDlK4ZkHEUpZ020"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d304f44bdbb4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js | 104.17.25.14 | 200 OK | 11 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js IP104.17.25.14:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (45552) Hash79c82646b886e08184f7b9fff25e64ff 804b4b0f8f3443ff05833e33fb5b76780ffafe25 8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
GET /ajax/libs/imask/3.4.0/imask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 10899
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9f-b217"
last-modified: Mon, 04 May 2020 16:11:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 92603
expires: Mon, 21 Apr 2025 21:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ba%2Bw6QBobtk2vidwIlsHbB6ooBBYVbTYuy3AjNzVxfN0t%2Bim8bzv8R2MGuv2nmHQ8jKAvwzCtQvIhLXW2Rl13Jl%2FbHRTmNMvS3zh623pdWkNC%2B8hbAspcnRb0%2Bv8edLcx4u0NRYQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d304f44bd4b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 86.106.20.193/views/go/assets/files2/styles.57e170eacf6043742857.css | 86.106.20.193 | 200 OK | 53 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/files2/styles.57e170eacf6043742857.css IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeUnicode text, UTF-8 text, with very long lines (50948) Hash282ad15d27d65e702c55b4a0b679b0db 6f514e89cf7fae32d1087863a457f35a75244ae0 624dd413217d99cd7ad115a81b9eadf072d10883fcfec014bf21dfc9c3ad1696
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/files2/styles.57e170eacf6043742857.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 52573
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-cd5d"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/levanon/js/cc.js | 86.106.20.193 | 200 OK | 61 kB |
URL GET HTTP/1.186.106.20.193/views/go/levanon/js/cc.js IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeASCII text, with very long lines (18138) Hashabd843351f4606c6f262e00d982da443 1406376a07647717d7acf183038103f0088323a2 f38f4c666dae88e46882f4d5a572a9e919a32d2e14211b3af28f210b1f7fd404
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/levanon/js/cc.js HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: application/javascript
Content-Length: 61249
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-ef41"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/assets/main.css?2 | 86.106.20.193 | 200 OK | 32 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/main.css?2 IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeHTML document, ASCII text, with very long lines (12255) Hashbadd7bd87a04d3afa2d00c4112ff337b c4478d88c5cf30b766ee16a6019141d35657fa26 99d1aed13cb0496fd231f4d812847177d90a3a7758710f392eeccc3f4ee69168
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/main.css?2 HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 32044
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-7d2c"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/assets/files2/d2-0.min.css?1 | 86.106.20.193 | 200 OK | 357 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/files2/d2-0.min.css?1 IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeASCII text, with very long lines (65536), with no line terminators Size357 kB (356774 bytes) Hash85755d12aece724139d66ea3425a7d6c d60a50224967b511ff19a6456bbe682aade0aa4f 650dcdba9035f3f30b045fd26130caa336c276037cbc606f0b8e312d394aa14a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/files2/d2-0.min.css?1 HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 356774
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-571a6"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/assets/files2/bootstrap.min.css | 86.106.20.193 | 200 OK | 191 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/files2/bootstrap.min.css IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeASCII text, with very long lines (65536), with no line terminators Size191 kB (191292 bytes) Hash6437610dcdc9ab922932ff3493179ca9 30ef14c26a530c4e12da3cf0a90eacce6b52398e f530bbbccb8d924a0f705b4d211096cbd00c14fab3e230e29ed85ce2a37665aa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/files2/bootstrap.min.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 191292
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-2eb3c"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/assets/loading.gif | 86.106.20.193 | 200 OK | 166 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/loading.gif IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeGIF image data, version 89a, 498 x 498 Size166 kB (166466 bytes) Hasha742721ea2075bc3956a2ff62c9bfeef bb72fc6b492cfd37d36a2dca0730c1ccf2e97e06 e07efed33aec4356ba72efae1eea9fbe1e922bd270ddbd0dd1a028b5a6db4140
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/loading.gif HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: image/gif
Content-Length: 166466
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-28a42"
Accept-Ranges: bytes
|
|
| 86.106.20.193/views/go/assets/d.ico | 86.106.20.193 | 200 OK | 1.2 kB |
URL GET HTTP/1.186.106.20.193/views/go/assets/d.ico IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash55f198806b88ce3ac7a4c8ca3f2052e4 0b09ac8880f3ae945cfe4b255efc9126a8e82e94 50dff6b41cb54e7bf0054aa2e5eeeca0013cb50c9d3428c899fbed18025626df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /views/go/assets/d.ico HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-47e"
Accept-Ranges: bytes
|
|
| 86.106.20.193/app/php/updateVisitor.php | 86.106.20.193 | 200 OK | 21 B |
URL POST HTTP/1.186.106.20.193/app/php/updateVisitor.php IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /app/php/updateVisitor.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 253
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| 86.106.20.193/app/php/check_activity.php | 86.106.20.193 | 200 OK | 21 B |
URL POST HTTP/1.186.106.20.193/app/php/check_activity.php IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /app/php/check_activity.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 256
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| 86.106.20.193/app/php/check_activity.php | 86.106.20.193 | 200 OK | 21 B |
URL POST HTTP/1.186.106.20.193/app/php/check_activity.php IP86.106.20.193:80
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /app/php/check_activity.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 258
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| analytics.desjardins.com/logo-desjardins-5793f64f.png | 40.69.99.65 | 302 Found | 0 B |
URL GET HTTP/2analytics.desjardins.com/logo-desjardins-5793f64f.png IP40.69.99.65:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerEntrust, Inc. Subjectanalytics.desjardins.com Fingerprint5F:69:5E:9F:B9:96:8A:97:DC:C9:35:18:CD:D6:00:63:BC:75:1B:5B ValidityTue, 23 Jan 2024 19:18:41 GMT - Wed, 22 Jan 2025 19:18:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /logo-desjardins-5793f64f.png HTTP/1.1
Host: analytics.desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://desjardins.com
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:fc6bd7de-352f-47d5-ae80-6bf2c53edaf0
x-powered-by: ASP.NET
set-cookie: ARRAffinity=b4353229e5b0a60f9eaed84f279e89b6458f21479ea5180591f2a3868b85cba8;Path=/;HttpOnly;Secure;Domain=analytics.desjardins.com
ARRAffinitySameSite=b4353229e5b0a60f9eaed84f279e89b6458f21479ea5180591f2a3868b85cba8;Path=/;HttpOnly;SameSite=None;Secure;Domain=analytics.desjardins.com
date: Wed, 01 May 2024 21:56:14 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| ocsp.entrust.net/ | 184.24.45.171 | | 1.6 kB |
IP184.24.45.171:0
Hash1d7390b7c3d887eb05654895343edbac edb4634d9c7cd04d2f22419f393be9641f912233 bedefaa213493aab9b59ab4eff6838f176e7318de97785761a9b7308ef215333
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BEDEFAA213493AAB9B59AB4EFF6838F176E7318DE97785761A9B7308EF215333"
Last-Modified: Wed, 01 May 2024 18:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Wed, 01 May 2024 22:56:15 GMT
Date: Wed, 01 May 2024 21:56:15 GMT
Connection: keep-alive
|
|
| desjardins.com/ | 142.195.133.83 | 301 Moved Permanently | 0 B |
IP142.195.133.83:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerEntrust, Inc. Subjectwww.desjardins.com Fingerprint6F:E7:D7:07:BF:2D:45:E1:68:00:F8:53:AB:BF:8F:39:08:CD:69:65 ValidityThu, 30 Nov 2023 18:11:10 GMT - Mon, 30 Dec 2024 18:11:09 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://86.106.20.193/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 301 Moved Permanently
Location: https://www.desjardins.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
|
|
| www.desjardins.com/ | 104.110.7.38 | 200 OK | 19 kB |
IP104.110.7.38:443
Requested byhttp://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR CertificateIssuerEntrust, Inc. Subjectwww.desjardins.com Fingerprint4D:CC:0B:0D:38:75:43:7E:B4:52:BA:62:4B:B1:2B:50:57:D2:21:69 ValidityFri, 15 Mar 2024 15:37:58 GMT - Sat, 15 Mar 2025 15:37:57 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (3559) Hash8736d0e29058adb2818f94d1046fd952 606c3d777ad1eabee76de410eb7935fa7dec236f bae301f5f21113c16fd604e11ea71f7b293ebc1c722ffa6602b93581c782a7c9
GET / HTTP/1.1
Host: www.desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://86.106.20.193/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html;charset=utf-8
x-dispatcher: dispatcher1cacentral1
x-vhost: publish
cache-control: max-age=21600
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
cdn-cache-control: max-age=1800, public
akamai-cache-control: max-age=1800, public
x-akamai-transformed: 9 18568 0 pmb=mTOE,2
content-encoding: gzip
date: Wed, 01 May 2024 21:56:15 GMT
content-length: 18772
set-cookie: AWSALB=ZOt6m4WxiVcHaOPIRC7HXc34U3gYTqOWO7p4/7k3TvMLvfUEcC3cDWI8/R74glPCSNI/SXLPcRb6B/ezW3UYblyNz1imdo3wDqUfWGJBNs/eIlHlIYqSZHYNAMOL; Expires=Wed, 08 May 2024 21:56:15 GMT; Path=/
AWSALBCORS=ZOt6m4WxiVcHaOPIRC7HXc34U3gYTqOWO7p4/7k3TvMLvfUEcC3cDWI8/R74glPCSNI/SXLPcRb6B/ezW3UYblyNz1imdo3wDqUfWGJBNs/eIlHlIYqSZHYNAMOL; Expires=Wed, 08 May 2024 21:56:15 GMT; Path=/; SameSite=None; Secure
ak_bmsc=6D7E57CE0B871420D89DABD45F28F6B5~000000000000000000000000000000~YAAQ500kF1/peOWOAQAAKIMoNheTQYX7L2CROGAqodLiWkLh7iNbP3PGwT4B6rF7UYwHqlILSs16kmZHL3ux0ZZKGrwByKv9uHReyTeAeH0muuPXPg3RP2dw2oNSq4s8NfcBpp7+CK4LMpyydWxw+BpTV1gBytaIy+S183SdsGl0bc98Tg9kjhdYJ4+mMSF3RZIBOBg5EqD8UmHCLAal+JDeOiXq7oudnF6ZSYdubyRtYVONpqsd428T7zUqxgCVYje42oYq1tsT53YXvoGNqrAEwlDnG4jhPFuv4n2oX0N/Wdzt+oQS71cysLGfmMewfo9Md9ZGC8FIsfBKtXeVo5VsLU06BepKk9rJQ8JNBdl2trbl8YSLNV8Ta62nk9PiUSS4769OgOrn698Oyw==; Domain=.desjardins.com; Path=/; Expires=Wed, 01 May 2024 23:56:15 GMT; Max-Age=7200; HttpOnly
bm_mi=6A6EBD2C40D7747A56D6F97CFC18D29B~YAAQ500kF2DpeOWOAQAAKIMoNhfTnco/eXMXHNUWGHObU1bH1myTfGKU1Luppj6gV3K9TPbu9hIr9/Skc2nNfazYAHSX5cGs0+Y0jhLPYIkF+BlrR/HSvBzUbQ8z6Is3PiRYnDPNR4RrY5MCDxooUIHGRxAKOts0/VdKuJpD7fc/H1KjxD1iutVquoifnXn3BPkmO4Y2zy8qxgnKM56XEw719B8dQ+8nCsSLEhptMKG1fEq0y6ygMCFZd4F2CjriB5gmnmMa2UI5RBpWaC1TLn7MkG65kN2zcwXyyLO0Un+Yix/xkZ7/CyU1X5qa3FJiHx4=~1; Domain=.desjardins.com; Path=/; Expires=Wed, 01 May 2024 21:56:15 GMT; Max-Age=0; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
|
|