Report - ggsteal.in/updated.exe

Report Overview

Submitted URL
ggsteal.in/updated.exe
IP
104.21.26.44
ASN
#13335 CLOUDFLARENET
Submitted
2022-08-31 22:19:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-06T05:09:43Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-06T06:00:56Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-06T05:09:12Z	594 B	127 B	52.43.46.140
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-06T05:09:35Z	3.2 kB	62 kB	34.120.237.76
ggsteal.in	unknown			2.7 kB	25 kB	172.67.135.95
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-06T05:09:34Z	758 B	2.7 kB	143.204.55.27
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-06T05:09:03Z	1.3 kB	3.5 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-06T05:10:30Z	401 B	5.8 kB	143.204.55.49

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed
2022-08-31	medium	ggsteal.in	Sinkholed

JavaScript (1)

	URL	Size	First Seen	Last Seen
	ggsteal.in/updated.exe	375 B	2023-03-07	2024-02-12
Pretty URL ggsteal.in/updated.exe IP 172.67.135.95 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-02-12 00:41:30 Times Seen1694 Hash 56df91490fa1984fa82b297dcb23c22d 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Loading...

HTTP Transactions (24)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 31 Aug 2022 21:26:37 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tTs9fnnBK9oBO4z1x_9KTPoh0dJMHc0YU3XfGmfk6Yd0Hv06IaOj2w==
Age: 3150

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
517693963cc46e7a35a054296d0edfd5
11dfcd7e118e5f8d31e664e56ac29c57f973b8b3
ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8869
Expires: Thu, 01 Sep 2022 00:46:56 GMT
Date: Wed, 31 Aug 2022 22:19:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 31 Aug 2022 02:27:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BJ3SxRIsrmWkUlB-zXy9c_hvzKyqJ6Fejmfis6_vyfyg7kEYUwQb6w==
age: 71523
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 31 Aug 2022 22:19:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 31 Aug 2022 22:17:12 GMT
Expires: Wed, 31 Aug 2022 22:49:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RKSMo_1TkJKBdnXgdxe-jOf15JQhaANDN5oGblCrB00kHZSXK2A1Ww==
Age: 116

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
83be4ca2ebb87af44323dd073807bc9e
3ef0ca2b0c351c7d1eb1b7f4daeba6453a632fc6
1ba9c4dbdbd577bf443bc6499ab1edb2e0ea3b382f529fdc2d98021276a3158b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5197
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 31 Aug 2022 22:19:08 GMT
Last-Modified: Wed, 31 Aug 2022 20:52:31 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.46.140

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.46.140:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uH4L8BYXYVeobyDDoFxmBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WIyQeUSxLEWk35+m9LfGGGZ14jo=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19509
Expires: Thu, 01 Sep 2022 03:44:18 GMT
Date: Wed, 31 Aug 2022 22:19:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19509
Expires: Thu, 01 Sep 2022 03:44:18 GMT
Date: Wed, 31 Aug 2022 22:19:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19509
Expires: Thu, 01 Sep 2022 03:44:18 GMT
Date: Wed, 31 Aug 2022 22:19:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16c55402-8dff-4d38-9bf3-5867acbc9770.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16c55402-8dff-4d38-9bf3-5867acbc9770.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9593 bytes)
Hash
374a3607782ca6a016be0fbfa8d38f7d
823d7261c40f8c5bf65a7e59544da90d88546c1f
d9ab7b8bfe0389c5fda3ad06b5c913d470d89f5921fc950a8c7245d512dc1b02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16c55402-8dff-4d38-9bf3-5867acbc9770.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9593
x-amzn-requestid: 98542ed5-a8b2-49c8-bd9f-8bb88e655880
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XufKHGfUoAMFuKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f4573-38b597d859a48b971f5cfab4;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 11:26:43 GMT
x-amz-cf-pop: HIO50-C2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _OP760g92PmG8VTRevsoPXe_Yd5pORMRnzc5xGToV69WI7wCiy0e4A==
via: 1.1 75b094ecf0bf22429a44bab3eafcbf16.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:24 GMT
etag: "823d7261c40f8c5bf65a7e59544da90d88546c1f"
content-type: image/jpeg
age: 2505
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35c8a1f0-6f7f-4b0f-baea-84eaeec25782.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10508 bytes)
Hash
8bb15bd7bc4dd59e28a1066c8e67751e
d0a18577ff979c34c4f1e45515542c8b12c8b0e3
e1297a01a214f262b14cd04ebaafd913e4c9f09bd86dbeac600db57f39f51077

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35c8a1f0-6f7f-4b0f-baea-84eaeec25782.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10508
x-amzn-requestid: ff89b1da-4384-4787-844f-a7a65fb20b51
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdacUE8tIAMF3QA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308711b-7d09607973e1755d34aa0184;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:07:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f5RXilXHrfdz2NOuDKn7vHXcpiqi-dPc5ig0OqEP3Playiz3DT4tgg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 13:08:33 GMT
age: 33036
etag: "d0a18577ff979c34c4f1e45515542c8b12c8b0e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8044 bytes)
Hash
043263cdba253c3eb4bfa33c95e8ca21
6d814e56d87e2579e51139759fa7dfb8195a6529
9c7cf679c9a6a0d0a2c75a85b13d8407a5e0fe2448d73fced51b45a3e701e9c1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8044
x-amzn-requestid: 8ea16c8b-f0aa-4ce9-a99d-8e59c51ffb8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3j7Ge9IAMFQBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2e5-6762d09b569221944f9b7870;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tZWKpWZnFUVhefoWK-AwAYKOsmAcMhTmPXEyWp0BJPKfhgooGpI6xQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:47:20 GMT
age: 1909
etag: "6d814e56d87e2579e51139759fa7dfb8195a6529"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0198fd1f-b00c-442e-9184-8ce8ebf9593c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10777 bytes)
Hash
ba98f63d9bef7deebb9a8d1b3126d396
d97a8b0e4b4dbc60dfc9eb15ba28f68e8e3731ef
b8f6c1c6b34ec452a6aa3090c30ebf3a68cb3b4d45a7b134ed32e1959f4f0682

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0198fd1f-b00c-442e-9184-8ce8ebf9593c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10777
x-amzn-requestid: 2e9a081f-2ae4-49b9-b9d4-79cae2b7eae9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3kRFiJIAMFgNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2e7-2f9eec0b239ceb6d617431b6;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: w9ACDg_Mxbl2GSEDeDAqdMlKjkCiMyWExvCUa2jHquaQy6U-4EJtbQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:20 GMT
age: 2509
etag: "d97a8b0e4b4dbc60dfc9eb15ba28f68e8e3731ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b14395b-3f2d-4aeb-b43c-253963035eaa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8084 bytes)
Hash
e3091a7a992a2ad059e486d4e0d93c02
deec914bf1f10646d923db48ab3d4ec21af27381
8819908ab1f13fd13fe5980883502b6131ab74c2a716b8576d95e89b980df149

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b14395b-3f2d-4aeb-b43c-253963035eaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8084
x-amzn-requestid: 743404c1-6c84-4232-9b7c-3cae4ebb3d4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3i5EeioAMFygw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2df-6e6460e844f676d671797ff0;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4sryJq3FD4jgCCkSjTSMMpvOJ3k9V6i3tF2Pd8dXyqDw7cmnojV0KQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:47:20 GMT
age: 1909
etag: "deec914bf1f10646d923db48ab3d4ec21af27381"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382fbb98-12b7-491f-a8c7-63afff403010.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9152 bytes)
Hash
b0d8ed4b8bda662c244b9d26cf143147
151395a70faa075762664fc6cd52a65004b5c81c
49b381815612b7ecb021f243438aae99e399993d91fb38bf5d7bb3d357519d6a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382fbb98-12b7-491f-a8c7-63afff403010.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9152
x-amzn-requestid: 12c7a724-7c66-488e-b1c4-ac222ed4e5aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3i5H6sIAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2df-0fc85d8539d761367b821823;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _j9qaEvy56YyK9qz0CaE2IO9_yEsoM7RIhO_5gddryb3pgOdOmH-OA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:15 GMT
age: 2514
etag: "151395a70faa075762664fc6cd52a65004b5c81c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ggsteal.in/updated.exe

172.67.135.95

523

7.1 kB

URL HTTP/1.1
ggsteal.in/updated.exe
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (502)
Size
7.1 kB (7072 bytes)
Hash
33f06dd29cd27e103d3fda8c3a2c0a9d
dd6a7a4ee9dd5315ee0e9a91e5b7560f239a39a6
35d2e88681594ccfd4537fa8e55c21811651890a4c26bf65f84ae7a12a8bd769

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /updated.exe HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 523 
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_use_ob=0; path=/; expires=Wed, 31-Aug-22 22:19:40 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7439255ceed2b4ee-OSL
Server: cloudflare

ggsteal.in/cdn-cgi/styles/main.css

172.67.135.95

200 OK

2.2 kB

URL HTTP/1.1
ggsteal.in/cdn-cgi/styles/main.css
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (8012)
Size
2.2 kB (2176 bytes)
Hash
98ea0b5620ac910fdf2e2859aaaf0ea8
d0afbf017526bb929c0be2700db376d59fa21455
45c596e0856f5d0e1b4b70bcf1dbbc00f578898d3bfd743ded5211ed22a277dc

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/main.css HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ggsteal.in/updated.exe
Connection: keep-alive
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: W/"6308f0fa-1f4d"
Server: cloudflare
CF-RAY: 7439256d1c3ab4ee-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

ggsteal.in/cdn-cgi/images/cf-icon-browser.png

172.67.135.95

200 OK

484 B

URL HTTP/1.1
ggsteal.in/cdn-cgi/images/cf-icon-browser.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 80, 8-bit colormap, non-interlaced\012- data
Size
484 B (484 bytes)
Hash
59caf3c7eb63af78f12db37f41433779
8024e688e78e910ae1ea3bc25be7a7ab65444b02
78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: "6308f0fa-1e4"
Server: cloudflare
CF-RAY: 7439256d3c4db4ee-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

ggsteal.in/cdn-cgi/images/cf-icon-cloud.png

172.67.135.95

200 OK

1.5 kB

URL HTTP/1.1
ggsteal.in/cdn-cgi/images/cf-icon-cloud.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 152 x 77, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1484 bytes)
Hash
3ec81e5e3a4de9fec46ce9e6999b9e27
8f03b6857ab8d31feb65f97b1ae6b678efdc2ddd
3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: image/png
Content-Length: 1484
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: "6308f0fa-5cc"
Server: cloudflare
CF-RAY: 7439256d3c54b4ee-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

ggsteal.in/cdn-cgi/images/cf-icon-ok.png

172.67.135.95

200 OK

946 B

URL HTTP/1.1
ggsteal.in/cdn-cgi/images/cf-icon-ok.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
946 B (946 bytes)
Hash
dfaf0fbb758c874be231335db178381d
8f2597eb7ba4c89892aac0559816db3f5280b23e
ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: image/png
Content-Length: 946
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: "6308f0fa-3b2"
Server: cloudflare
CF-RAY: 7439256d3b93fac0-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

ggsteal.in/cdn-cgi/images/cf-icon-error.png

172.67.135.95

200 OK

854 B

URL HTTP/1.1
ggsteal.in/cdn-cgi/images/cf-icon-error.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
854 B (854 bytes)
Hash
e5577f04b6d92590410e26bd2292933b
16946b2c99d98a57f83eac170ce94b012b7d1a7b
67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: image/png
Content-Length: 854
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: "6308f0fa-356"
Server: cloudflare
CF-RAY: 7439256d3b2b1bfa-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

ggsteal.in/cdn-cgi/images/cf-icon-server.png

172.67.135.95

200 OK

1.4 kB

URL HTTP/1.1
ggsteal.in/cdn-cgi/images/cf-icon-server.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 95 x 75, 8-bit colormap, non-interlaced\012- data
Size
1.4 kB (1384 bytes)
Hash
2c11e67182601007f577f8bf2c72fee8
01dc915d4745f00632021c05d3eef634747a9c3d
41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0

HTTP/1.1 200 OK
Date: Wed, 31 Aug 2022 22:19:10 GMT
Content-Type: image/png
Content-Length: 1384
Connection: keep-alive
Last-Modified: Fri, 26 Aug 2022 16:12:42 GMT
ETag: "6308f0fa-568"
Server: cloudflare
CF-RAY: 7439256d3ae70b4d-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 01 Sep 2022 00:19:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

ggsteal.in/favicon.ico

172.67.135.95

523

7.1 kB

URL HTTP/1.1
ggsteal.in/favicon.ico
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (502)
Size
7.1 kB (7072 bytes)
Hash
a365d5b988b546ead2719eb2b946634e
3660deb6d86ca39ade61f4ef91d694ca0fd5a99e
087c8954c100019b3f89cb48c021a60415e5c1774ba4c3935fde804076c4bcb2

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ggsteal.in/updated.exe
Connection: keep-alive
Cookie: cf_use_ob=0

HTTP/1.1 523 
Date: Wed, 31 Aug 2022 22:19:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_use_ob=0; path=/; expires=Wed, 31-Aug-22 22:19:43 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7439256d5af20b4d-OSL
Server: cloudflare

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size