Report - 86.106.20.193/

Report Overview

Submitted URL
86.106.20.193/
IP
86.106.20.193
ASN
#9009 M247 Europe SRL
Submitted
2024-05-01 21:56:27
Access
public
Website Title
Log in to your account
Final URL
86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-01	427 B	31 kB	216.58.207.234
cloud.51degrees.com	352542	2009-10-05	2017-05-07	2023-09-05	420 B	2.6 kB	20.105.232.25
openfpcdn.io	238589	2021-11-10	2021-11-11	2024-04-30	418 B	6.0 kB	54.230.111.48
api.ipify.org	3267	2014-01-05	2014-10-06	2024-04-30	466 B	267 B	104.26.12.205
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-01	328 B	2.0 kB	184.24.45.171
86.106.20.193	unknown	unknown	No data	No data	12 kB	888 kB	86.106.20.193
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-01	399 B	4.2 kB	151.101.65.229
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-30	880 B	63 kB	151.101.2.137
www.desjardins.com	194549	1996-02-17	2012-05-30	2024-04-09	411 B	21 kB	104.110.7.38
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-01	862 B	17 kB	104.17.25.14
analytics.desjardins.com	unknown	1996-02-17	2020-04-08	2024-04-18	445 B	546 B	40.69.99.65
desjardins.com	70313	1996-02-17	2017-01-31	2024-04-10	407 B	129 B	142.195.133.83

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed
2024-05-01	medium	86.106.20.193	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR	113 B	2024-05-01	2024-05-01
Pretty URL 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR IP 86.106.20.193 ASN #9009 M247 Europe SRL Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 23:56:34 Last Seen2024-05-01 23:56:34 Times Seen1 Hash 6be5e33e9ea92ea73f67c81eb33abac4 8a11b803434546f2ede80ac49a4e49a920f25ca2 ba5c5298fa7321309761db265fba533d0dcc479edff438638a3b717cba951d23 Loading...

	unknown	124 B	2023-05-06	2024-05-01
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-06 05:57:09 Last Seen2024-05-01 23:56:34 Times Seen309 Hash 1ed9b3871ce718dd883fdedd8947dabb 3b21d7333357751b2dd1f104a3250e1a347450d1 e96fbd1d530d65ad04a9a4829451731c446cd4fdaa36482b61b6ab51b60eab7d Loading...

	86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR	974 B	2024-05-01	2024-05-01
Pretty URL 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR IP 86.106.20.193 ASN #9009 M247 Europe SRL Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 23:56:34 Last Seen2024-05-01 23:56:34 Times Seen1 Hash eac6b61f756859519a0c174ebaedd6fe ddf8b9571bbac359ffb1238c8dc99b1365b9fe37 0e25c81f4487379d41cd6447a4f130f4c5b36a1a2c5380037c5737119c1ea800 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-15
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-15 22:02:53 Times Seen273770 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unknown	194 B	2023-05-06	2024-05-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-06 05:57:09 Last Seen2024-05-01 23:56:35 Times Seen334 Hash 4d77c7ab44a2571f364adc83ae54bcca d713db0c3fdc3fd88e5ba9df0c8da181d251eb87 460f362c8d964b66f056b7d25e53f0779cd877b733eee74075536fee7696ce54 Loading...

	86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR	336 B	2024-05-01	2024-05-01
Pretty URL 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR IP 86.106.20.193 ASN #9009 M247 Europe SRL Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 23:56:35 Last Seen2024-05-01 23:56:35 Times Seen1 Hash 11638db223f78d81fb07e48621b38b6e 8cb03ebc148b96fb862423f9b3dc36a278db05ea baa92c6ddcbdbac39e2e01eb3dcdf01095ab0ddaefbb3876ca2ad78557a6d9fa Loading...

	cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js	46 kB	2023-03-07	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:12 Last Seen2024-05-15 21:04:03 Times Seen13299 Hash 79c82646b886e08184f7b9fff25e64ff 804b4b0f8f3443ff05833e33fb5b76780ffafe25 8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-05-15 19:58:01 Times Seen3739 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

	86.106.20.193/views/go/levanon/js/cc.js	61 kB	2024-05-01	2024-05-01
Pretty URL 86.106.20.193/views/go/levanon/js/cc.js IP 86.106.20.193 ASN #9009 M247 Europe SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:35 Last Seen2024-05-01 23:56:35 Times Seen2 Hash abd843351f4606c6f262e00d982da443 1406376a07647717d7acf183038103f0088323a2 f38f4c666dae88e46882f4d5a572a9e919a32d2e14211b3af28f210b1f7fd404 Loading...

	86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR	3.2 kB	2024-05-01	2024-05-01
Pretty URL 86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR IP 86.106.20.193 ASN #9009 M247 Europe SRL Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 23:56:35 Last Seen2024-05-01 23:56:35 Times Seen1 Hash 8dd1646e561d67ce434230b7d4c5b5d1 9340836681d562b57b372dbed9eabc86e3d90fae 0b5e867da98c7dce481d0c799e82b7eb9ee618bc792a00156aac996f170e6144 Loading...

HTTP Transactions (32)

URL IP Response Size

86.106.20.193/

86.106.20.193

302 Found

1.5 kB

URL User Request GET HTTP/1.1
86.106.20.193/
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

File type
JavaScript source, ASCII text
Size
1.5 kB (1474 bytes)
Hash
e3077fa5e5612d87108f30d43c3eb9fd
9be84929d0043469f1d3cecf76aef83b1e5e1a95
ad89ab2d88aa0ca02b8634ab6363c536792555b9057e914d1ffef1b48fedcbc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

cdn.jsdelivr.net/npm/isbot@3

151.101.65.229

3.4 kB

URL
cdn.jsdelivr.net/npm/isbot@3
IP
151.101.65.229:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (7056)
Size
3.4 kB (3445 bytes)
Hash
169643cb628f49d9e741cb01d1a238ac
a6a78edd95278b2e79a4887a5b956e35f0a22f3c
3f29e555b1071331ac87b0e494968cc492ced9589b20191b25c6105170a04ed5

HTTP Headers

GET /npm/isbot@3 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.8.0
x-jsd-version-type: version
etag: W/"1cd4-pqeO3ZUniy55pIh6W5VuNfCiLzw"
content-encoding: br
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:02 GMT
age: 16221
x-served-by: cache-fra-eddf8230155-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3445
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:02 GMT
age: 456743
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 340103
x-timer: S1714600562.279270,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

216.58.207.234

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 Apr 2024 01:22:47 GMT
expires: Sun, 27 Apr 2025 01:22:47 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 419595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cloud.51degrees.com/api/v4/AQSSRoCvJFnzy67h2kg.js

20.105.232.25

2.2 kB

URL
cloud.51degrees.com/api/v4/AQSSRoCvJFnzy67h2kg.js
IP
20.105.232.25:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text, with very long lines (4564), with no line terminators
Size
2.2 kB (2226 bytes)
Hash
e3da91b8894aa4ba4e4f837eae1c6cee
97c7af0cfafd6b1b5c15386be86a102f54af22d8
21216acd7f81724ac74f75b12001bbc59d06a7e167f6f2a90d340d83eebf2d14

HTTP Headers

GET /api/v4/AQSSRoCvJFnzy67h2kg.js HTTP/1.1
Host: cloud.51degrees.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Wed, 01 May 2024 21:56:02 GMT
Server: Kestrel
Cache-Control: private,max-age=1800
Content-Encoding: br
ETag: "c-1144973549-1791519392"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Request-Context: appId=cid-v1:1d4ebf5f-f33b-4efe-97fb-0580a09ad87e
51D-Region: westeurope
51D-Instance: daba568fde7e
51D-Version: 4.3.58.0

openfpcdn.io/botd/v1

54.230.111.48

5.3 kB

URL
openfpcdn.io/botd/v1
IP
54.230.111.48:0
ASN
#16509 AMAZON-02

File type
JavaScript source, ASCII text, with very long lines (15005)
Size
5.3 kB (5298 bytes)
Hash
234a8c1c15df9b03c65e9e14c82fc872
e5ca36727846aede7dfbc07e88b2b025eb0cae90
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89

HTTP Headers

GET /botd/v1 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
date: Wed, 01 May 2024 19:28:28 GMT
cache-control: public, max-age=595493, s-maxage=10578
etag: W/"5co2cnhGrt59+8B+iLKwJesMrpA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sDmKCa25-CiuM2rzwJogB7X92pxYfD7fFKn49kQGnEep1bxqn3y-1Q==
age: 8854
X-Firefox-Spdy: h2

api.ipify.org/?format=json

104.26.12.205

21 B

URL
api.ipify.org/?format=json
IP
104.26.12.205:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:02 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87d304ed9f4856ca-OSL
X-Firefox-Spdy: h2

86.106.20.193/secure/ban.php

86.106.20.193

21 B

URL
86.106.20.193/secure/ban.php
IP
86.106.20.193:0
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /secure/ban.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 12
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

86.106.20.193/favicon.ico

86.106.20.193

21 B

URL
86.106.20.193/favicon.ico
IP
86.106.20.193:0
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

86.106.20.193/secure/ScreenSizeCheck.php

86.106.20.193

21 B

URL
86.106.20.193/secure/ScreenSizeCheck.php
IP
86.106.20.193:0
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /secure/ScreenSizeCheck.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 10
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

86.106.20.193/secure/browserip.php

86.106.20.193

21 B

URL
86.106.20.193/secure/browserip.php
IP
86.106.20.193:0
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /secure/browserip.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 23
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

86.106.20.193/

86.106.20.193

302 Found

1 B

URL User Request GET HTTP/1.1
86.106.20.193/
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: ./index2.php

86.106.20.193/index2.php

86.106.20.193

302 Found

1 B

URL User Request GET HTTP/1.1
86.106.20.193/index2.php
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index2.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: city_location=Oslo; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
country_code=NO; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; expires=Thu, 01-May-2025 21:56:03 GMT; Max-Age=31536000
Location: ./views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

86.106.20.193

16 kB

URL User Request GET
86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
IP
86.106.20.193:0
ASN
#9009 M247 Europe SRL

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8164)
Size
16 kB (15781 bytes)
Hash
2071c51deef131d93e01563bb7692467
fd71b19e44c7e28739c07f97e288b168243398fe
ba1119e00c8bb50e123e05adc87b7b83c2a865f57db77d6f27f8a7f4e46319a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: has_questions=1; expires=Fri, 31-May-2024 21:56:03 GMT; Max-Age=2592000; path=/
Content-Encoding: gzip

86.106.20.193/views/go/assets/files2/roboto-aw.css

86.106.20.193

200 OK

2.4 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/files2/roboto-aw.css
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
ASCII text
Size
2.4 kB (2369 bytes)
Hash
eb0e0f915bd01a93eaee26a74f0cbbb1
0df6b4e511a6267660ccf3f81cf337c9ec6e9e45
78ff7318b2b978573d889746e6abb1b6bfc636b2166a402c072ef8710be38dac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/files2/roboto-aw.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 2369
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-941"
Accept-Ranges: bytes

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 01 May 2024 21:56:03 GMT
age: 456745
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 340104
x-timer: S1714600564.880725,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.25.14

200 OK

4.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.5 kB (4517 bytes)
Hash
053305c2b293c27c02523cda42962c09
556b0af7346b9e21a8eea1be8b195b563169ecd5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2951
expires: Mon, 21 Apr 2025 21:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61FJF3y44s5mj7YmpagbbJdYe3D1qmVbR6hDxLlurAg7W17X%2FwBF%2FGtlolARcRPWpnsZNPvxCzvldY2DJE5dQYuzR%2BqWcv8WAG%2FXziYzkGlYaUG0z5cxdgObgFDlK4ZkHEUpZ020"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d304f44bdbb4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js

104.17.25.14

200 OK

11 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (45552)
Size
11 kB (10899 bytes)
Hash
79c82646b886e08184f7b9fff25e64ff
804b4b0f8f3443ff05833e33fb5b76780ffafe25
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d

HTTP Headers

GET /ajax/libs/imask/3.4.0/imask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 10899
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9f-b217"
last-modified: Mon, 04 May 2020 16:11:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 92603
expires: Mon, 21 Apr 2025 21:56:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ba%2Bw6QBobtk2vidwIlsHbB6ooBBYVbTYuy3AjNzVxfN0t%2Bim8bzv8R2MGuv2nmHQ8jKAvwzCtQvIhLXW2Rl13Jl%2FbHRTmNMvS3zh623pdWkNC%2B8hbAspcnRb0%2Bv8edLcx4u0NRYQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d304f44bd4b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

86.106.20.193/views/go/assets/files2/styles.57e170eacf6043742857.css

86.106.20.193

200 OK

53 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/files2/styles.57e170eacf6043742857.css
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
Unicode text, UTF-8 text, with very long lines (50948)
Size
53 kB (52573 bytes)
Hash
282ad15d27d65e702c55b4a0b679b0db
6f514e89cf7fae32d1087863a457f35a75244ae0
624dd413217d99cd7ad115a81b9eadf072d10883fcfec014bf21dfc9c3ad1696

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/files2/styles.57e170eacf6043742857.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 52573
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-cd5d"
Accept-Ranges: bytes

86.106.20.193/views/go/levanon/js/cc.js

86.106.20.193

200 OK

61 kB

URL GET HTTP/1.1
86.106.20.193/views/go/levanon/js/cc.js
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
ASCII text, with very long lines (18138)
Size
61 kB (61249 bytes)
Hash
abd843351f4606c6f262e00d982da443
1406376a07647717d7acf183038103f0088323a2
f38f4c666dae88e46882f4d5a572a9e919a32d2e14211b3af28f210b1f7fd404

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/levanon/js/cc.js HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: application/javascript
Content-Length: 61249
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-ef41"
Accept-Ranges: bytes

86.106.20.193/views/go/assets/main.css?2

86.106.20.193

200 OK

32 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/main.css?2
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
HTML document, ASCII text, with very long lines (12255)
Size
32 kB (32044 bytes)
Hash
badd7bd87a04d3afa2d00c4112ff337b
c4478d88c5cf30b766ee16a6019141d35657fa26
99d1aed13cb0496fd231f4d812847177d90a3a7758710f392eeccc3f4ee69168

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/main.css?2 HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 32044
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-7d2c"
Accept-Ranges: bytes

86.106.20.193/views/go/assets/files2/d2-0.min.css?1

86.106.20.193

200 OK

357 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/files2/d2-0.min.css?1
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
ASCII text, with very long lines (65536), with no line terminators
Size
357 kB (356774 bytes)
Hash
85755d12aece724139d66ea3425a7d6c
d60a50224967b511ff19a6456bbe682aade0aa4f
650dcdba9035f3f30b045fd26130caa336c276037cbc606f0b8e312d394aa14a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/files2/d2-0.min.css?1 HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 356774
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-571a6"
Accept-Ranges: bytes

86.106.20.193/views/go/assets/files2/bootstrap.min.css

86.106.20.193

200 OK

191 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/files2/bootstrap.min.css
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
ASCII text, with very long lines (65536), with no line terminators
Size
191 kB (191292 bytes)
Hash
6437610dcdc9ab922932ff3493179ca9
30ef14c26a530c4e12da3cf0a90eacce6b52398e
f530bbbccb8d924a0f705b4d211096cbd00c14fab3e230e29ed85ce2a37665aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/files2/bootstrap.min.css HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:03 GMT
Content-Type: text/css
Content-Length: 191292
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-2eb3c"
Accept-Ranges: bytes

86.106.20.193/views/go/assets/loading.gif

86.106.20.193

200 OK

166 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/loading.gif
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
GIF image data, version 89a, 498 x 498
Size
166 kB (166466 bytes)
Hash
a742721ea2075bc3956a2ff62c9bfeef
bb72fc6b492cfd37d36a2dca0730c1ccf2e97e06
e07efed33aec4356ba72efae1eea9fbe1e922bd270ddbd0dd1a028b5a6db4140

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/loading.gif HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: image/gif
Content-Length: 166466
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-28a42"
Accept-Ranges: bytes

86.106.20.193/views/go/assets/d.ico

86.106.20.193

200 OK

1.2 kB

URL GET HTTP/1.1
86.106.20.193/views/go/assets/d.ico
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
55f198806b88ce3ac7a4c8ca3f2052e4
0b09ac8880f3ae945cfe4b255efc9126a8e82e94
50dff6b41cb54e7bf0054aa2e5eeeca0013cb50c9d3428c899fbed18025626df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /views/go/assets/d.ico HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 01 May 2024 07:10:46 GMT
Connection: keep-alive
ETag: "6631eaf6-47e"
Accept-Ranges: bytes

86.106.20.193/app/php/updateVisitor.php

86.106.20.193

200 OK

21 B

URL POST HTTP/1.1
86.106.20.193/app/php/updateVisitor.php
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /app/php/updateVisitor.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 253
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

86.106.20.193/app/php/check_activity.php

86.106.20.193

200 OK

21 B

URL POST HTTP/1.1
86.106.20.193/app/php/check_activity.php
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /app/php/check_activity.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 256
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

86.106.20.193/app/php/check_activity.php

86.106.20.193

200 OK

21 B

URL POST HTTP/1.1
86.106.20.193/app/php/check_activity.php
IP
86.106.20.193:80
ASN
#9009 M247 Europe SRL

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /app/php/check_activity.php HTTP/1.1
Host: 86.106.20.193
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 258
Origin: http://86.106.20.193
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Cookie: PHPSESSID=ao7ksv45786j76pjb7nopi9lnu; js_enabled=1; city_location=Oslo; country_code=NO; xa=73dd4bbed8f8ef1fc3e29d3535cb31eb; has_questions=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 May 2024 21:56:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

analytics.desjardins.com/logo-desjardins-5793f64f.png

40.69.99.65

302 Found

0 B

URL GET HTTP/2
analytics.desjardins.com/logo-desjardins-5793f64f.png
IP
40.69.99.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerEntrust, Inc.
Subjectanalytics.desjardins.com
Fingerprint5F:69:5E:9F:B9:96:8A:97:DC:C9:35:18:CD:D6:00:63:BC:75:1B:5B
ValidityTue, 23 Jan 2024 19:18:41 GMT - Wed, 22 Jan 2025 19:18:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /logo-desjardins-5793f64f.png HTTP/1.1
Host: analytics.desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://86.106.20.193/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://desjardins.com
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:fc6bd7de-352f-47d5-ae80-6bf2c53edaf0
x-powered-by: ASP.NET
set-cookie: ARRAffinity=b4353229e5b0a60f9eaed84f279e89b6458f21479ea5180591f2a3868b85cba8;Path=/;HttpOnly;Secure;Domain=analytics.desjardins.com
ARRAffinitySameSite=b4353229e5b0a60f9eaed84f279e89b6458f21479ea5180591f2a3868b85cba8;Path=/;HttpOnly;SameSite=None;Secure;Domain=analytics.desjardins.com
date: Wed, 01 May 2024 21:56:14 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.entrust.net/

184.24.45.171

1.6 kB

URL
ocsp.entrust.net/
IP
184.24.45.171:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
1d7390b7c3d887eb05654895343edbac
edb4634d9c7cd04d2f22419f393be9641f912233
bedefaa213493aab9b59ab4eff6838f176e7318de97785761a9b7308ef215333

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BEDEFAA213493AAB9B59AB4EFF6838F176E7318DE97785761A9B7308EF215333"
Last-Modified: Wed, 01 May 2024 18:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Wed, 01 May 2024 22:56:15 GMT
Date: Wed, 01 May 2024 21:56:15 GMT
Connection: keep-alive

desjardins.com/

142.195.133.83

301 Moved Permanently

0 B

URL GET HTTP/1.0
desjardins.com/
IP
142.195.133.83:443
ASN
#64258 DESJARDINS

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerEntrust, Inc.
Subjectwww.desjardins.com
Fingerprint6F:E7:D7:07:BF:2D:45:E1:68:00:F8:53:AB:BF:8F:39:08:CD:69:65
ValidityThu, 30 Nov 2023 18:11:10 GMT - Mon, 30 Dec 2024 18:11:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://86.106.20.193/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 301 Moved Permanently
Location: https://www.desjardins.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

www.desjardins.com/

104.110.7.38

200 OK

19 kB

URL GET HTTP/2
www.desjardins.com/
IP
104.110.7.38:443
ASN
#16625 AKAMAI-AS

Requested by
http://86.106.20.193/views/go/start.php?sslchannel=true&sessionid=BuM1dbEl58AfALh3lIEZb12A6rN9PVnHqIlp3s3kyqD3ok7FWMcTdsGUZeJX1QdIagGoAC0bHqeQG4Yu604lLqnchYSGdm7FQRF9s2bYuDr4regh0of7fRIatBWKXTVzLR
Certificate
IssuerEntrust, Inc.
Subjectwww.desjardins.com
Fingerprint4D:CC:0B:0D:38:75:43:7E:B4:52:BA:62:4B:B1:2B:50:57:D2:21:69
ValidityFri, 15 Mar 2024 15:37:58 GMT - Sat, 15 Mar 2025 15:37:57 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3559)
Size
19 kB (18772 bytes)
Hash
8736d0e29058adb2818f94d1046fd952
606c3d777ad1eabee76de410eb7935fa7dec236f
bae301f5f21113c16fd604e11ea71f7b293ebc1c722ffa6602b93581c782a7c9

HTTP Headers

GET / HTTP/1.1
Host: www.desjardins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://86.106.20.193/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html;charset=utf-8
x-dispatcher: dispatcher1cacentral1
x-vhost: publish
cache-control: max-age=21600
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
cdn-cache-control: max-age=1800, public
akamai-cache-control: max-age=1800, public
x-akamai-transformed: 9 18568 0 pmb=mTOE,2
content-encoding: gzip
date: Wed, 01 May 2024 21:56:15 GMT
content-length: 18772
set-cookie: AWSALB=ZOt6m4WxiVcHaOPIRC7HXc34U3gYTqOWO7p4/7k3TvMLvfUEcC3cDWI8/R74glPCSNI/SXLPcRb6B/ezW3UYblyNz1imdo3wDqUfWGJBNs/eIlHlIYqSZHYNAMOL; Expires=Wed, 08 May 2024 21:56:15 GMT; Path=/
AWSALBCORS=ZOt6m4WxiVcHaOPIRC7HXc34U3gYTqOWO7p4/7k3TvMLvfUEcC3cDWI8/R74glPCSNI/SXLPcRb6B/ezW3UYblyNz1imdo3wDqUfWGJBNs/eIlHlIYqSZHYNAMOL; Expires=Wed, 08 May 2024 21:56:15 GMT; Path=/; SameSite=None; Secure
ak_bmsc=6D7E57CE0B871420D89DABD45F28F6B5~000000000000000000000000000000~YAAQ500kF1/peOWOAQAAKIMoNheTQYX7L2CROGAqodLiWkLh7iNbP3PGwT4B6rF7UYwHqlILSs16kmZHL3ux0ZZKGrwByKv9uHReyTeAeH0muuPXPg3RP2dw2oNSq4s8NfcBpp7+CK4LMpyydWxw+BpTV1gBytaIy+S183SdsGl0bc98Tg9kjhdYJ4+mMSF3RZIBOBg5EqD8UmHCLAal+JDeOiXq7oudnF6ZSYdubyRtYVONpqsd428T7zUqxgCVYje42oYq1tsT53YXvoGNqrAEwlDnG4jhPFuv4n2oX0N/Wdzt+oQS71cysLGfmMewfo9Md9ZGC8FIsfBKtXeVo5VsLU06BepKk9rJQ8JNBdl2trbl8YSLNV8Ta62nk9PiUSS4769OgOrn698Oyw==; Domain=.desjardins.com; Path=/; Expires=Wed, 01 May 2024 23:56:15 GMT; Max-Age=7200; HttpOnly
bm_mi=6A6EBD2C40D7747A56D6F97CFC18D29B~YAAQ500kF2DpeOWOAQAAKIMoNhfTnco/eXMXHNUWGHObU1bH1myTfGKU1Luppj6gV3K9TPbu9hIr9/Skc2nNfazYAHSX5cGs0+Y0jhLPYIkF+BlrR/HSvBzUbQ8z6Is3PiRYnDPNR4RrY5MCDxooUIHGRxAKOts0/VdKuJpD7fc/H1KjxD1iutVquoifnXn3BPkmO4Y2zy8qxgnKM56XEw719B8dQ+8nCsSLEhptMKG1fEq0y6ygMCFZd4F2CjriB5gmnmMa2UI5RBpWaC1TLn7MkG65kN2zcwXyyLO0Un+Yix/xkZ7/CyU1X5qa3FJiHx4=~1; Domain=.desjardins.com; Path=/; Expires=Wed, 01 May 2024 21:56:15 GMT; Max-Age=0; Secure
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by