Report - 156.54.128.69/condro/hh/index.php

Report Overview

Visited public
2023-09-23 09:42:42
Tags
URL
156.54.128.69/condro/hh/index.php
Finishing URL
156.54.128.69/condro/hh/index.php
IP / ASN
156.54.128.69
#20746 Telecom Italia
Title
Comune di Condrò (Messina)

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

108

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-23 05:09:29	2.0 kB	4.2 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	753 B	1.6 kB	142.250.74.100
www.3bmeteo.com	105768	1999-04-15	2012-08-25 06:16:04	2023-09-16 13:57:17	4.9 kB	25 kB	104.17.63.55
maps.googleapis.com	33876	2005-01-25	2019-10-17 17:56:16	2023-09-23 06:04:03	4.3 kB	228 kB	142.250.74.10
maps.gstatic.com	unknown	2008-02-11	2016-01-11 17:55:17	2023-09-23 08:06:43	443 B	64 kB	142.250.74.3
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2023-09-23 05:09:31	496 B	8.5 kB	104.16.56.101
156.54.128.69	unknown	unknown	2019-05-02 06:13:32	2023-06-30 11:19:25	24 kB	5.7 MB	156.54.128.69

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-23 09:42:21	high	156.54.128.69	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2023-09-23 09:42:27	high	54.37.238.86	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed
2023-09-23	medium	156.54.128.69	Sinkholed

ThreatFox

No alerts detected

JavaScript (38)

	URL	From	Size	First Seen	Last Seen
	156.54.128.69/condro/hh/index.php	ScriptElement	119 B	2023-09-23	2024-08-21
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-23 11:42 Last Seen2024-08-21 05:58 Times Seen3 Hash d1152311178be2835908816563c48b8f 63c69a1d7970798cfd4466f822334e952de20fe7 750fe5079fe720fe7401046fab567bdefcaf1cb4b9b4e74b88fcdb0ed15b0969 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/onion.js	ScriptElement	27 kB	2023-09-22	2023-09-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/onion.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:54 Last Seen2023-09-24 16:40 Times Seen4 Hash c7a5fdb5e70dac74320738ce17511857 a307b29bbde68c59da8ea0dcba62af01f37279c5 ab97dbaa4fef9a5b161c5134b3c5a802b91102bf3c46e2a2622e7138b1a30745 Loading...

	unknown	Function	3.3 kB	2023-04-16	2025-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-05 15:15 Times Seen137 Hash ddec3038be348a53396f97d82cb161c3 78de55c06eebe539f92b1e97d011fd2ca83395ce 55ec175a9725a273bc62e6087d4bdb51dc155341ec1b04bf8ceabbd3d8a48ea0 Loading...

	unknown	Function	439 B	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen490 Hash 7ea97d744fe22869bdcd1e904ea8d63d 6efbee2b1d0c6d9d74c089f6e668e747ab736a4c aed2a6c1a9c0b595b4650915f8ad1ab5be86dfdf3592f5e665390ecae47fa656 Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	217 B	2023-09-23	2025-03-26
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-23 11:42 Last Seen2025-03-26 10:05 Times Seen41 Hash 7268590ed6b591fa224314897fd0fcd2 8536f86be3a49c892cd16aa7e131018dcb0db688 ff5f5e65a325e4d09075d58b38a81c63aac8ff1b8ad5e8d51845da26d81e523d Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	38 kB	2023-09-23	2025-03-26
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-23 11:42 Last Seen2025-03-26 10:05 Times Seen41 Hash d9bcdf99e3a715cacce09b9a940a53f1 312e2824c6cb894c0efb287f710a7b57ae2d1cdb 6d282edb25412eafe0fc97c7e4180f5deaab51155facbf69d2988f80da16ccca Loading...

	static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854	ScriptElement	20 kB	2023-07-20	2025-05-09
Pretty URL static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-20 20:39 Last Seen2025-05-09 13:23 Times Seen7606 Hash efeb2542712dce8a2c51cf68396e4a05 ac9ce350c598644c7b7f6186aaf0368eb077d396 c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391 Loading...

	maps.gstatic.com/maps-api-v3/embed/js/54/6/intl/it_ALL/init_embed.js	ScriptElement	238 kB	2023-09-22	2023-09-24
Pretty URL maps.gstatic.com/maps-api-v3/embed/js/54/6/intl/it_ALL/init_embed.js IP 142.250.74.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:54 Last Seen2023-09-24 16:40 Times Seen3 Hash d80e668bca41fb73e2edce62f6aa9d99 8cb39ea95bd33b538c7e844bf382e6051a6a8887 bb1f4d4af5a5ce8512316264d576dd4c7fbd62a6ffe530411e4f6dfa101c37b4 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/map.js	ScriptElement	72 kB	2023-09-22	2023-09-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/map.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:54 Last Seen2023-09-24 16:40 Times Seen4 Hash 6723fd3e6d778820f04251282bcac5d4 c8081dd65ca66a5e38e09b9f068fa9a95d56bfe8 50b1aa3b5eabaaca33b5606b432c96e0097e663580cb73b4374e908f82634fd9 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/overlay.js	ScriptElement	3.4 kB	2023-09-20	2023-09-26
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/overlay.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 02:03 Last Seen2023-09-26 15:43 Times Seen65 Hash 8a60b41525656a26283058eed344f8d0 3478dd9a25bb95df22a34c82ab11c686f63bf977 4592a77ad6001c230270acd2788f5b0fabd39c7d2ac1316c508d01f2b5535fe9 Loading...

	156.54.128.69/condro/editor/CKeditor/ckeditor.js	ScriptElement	510 kB	2023-03-09	2025-04-08
Pretty URL 156.54.128.69/condro/editor/CKeditor/ckeditor.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:11 Last Seen2025-04-08 19:35 Times Seen22 Hash 1b788569d8f674463e930ce2ac602720 64de459fbec489567a4e5eb5f2ab6c0f544ab8a8 cf71cd0b726ed17567ae467bd260c37f008d20c4b776cedebb120bce052eadd2 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/search_impl.js	ScriptElement	2.8 kB	2023-09-20	2023-09-26
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/search_impl.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 02:03 Last Seen2023-09-26 15:43 Times Seen57 Hash f38c93cd23cf661994eb0fecedfb0feb 1eea385114c5c9df1ee727e646b5c94f376eff77 62b8ad7c90cb0eab4ed2e45c541471dc99c55551f754ecb6c0b8ca147b7b0e80 Loading...

	unknown	Function	9.2 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen470 Hash 6b62f35754989798a407fb92a7b9380f 6229f2901f99d317009feb0442278b4b30cdf277 5b55936fa7b6f1614315b7c94f55cd0a3663a2b1b22ee9c4107f94f41105c1c8 Loading...

	unknown	Function	2.0 kB	2023-04-16	2025-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-05 15:15 Times Seen183 Hash cacd94cb886c19bc93c99047b8771a08 32ad5793d6f3ad1202e2ecc2a029201bb15f56a9 0b7f03c8808cf8879fd95219a6684a6b3da4c31b444436936bd79989d14b6907 Loading...

	unknown	Function	2.8 kB	2023-04-16	2025-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-05 15:15 Times Seen148 Hash 9afe2d5745ab56a5abbcda7fcd70567a f7b737e4da9cabbbbba4d0fbf5e8eb97ec62b26c e2df4096b1dced0c82975f69a9418f79412b8eae2b6433836edbfb86ee0ef744 Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	1.3 kB	2023-03-09	2024-12-03
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:45 Last Seen2024-12-03 11:40 Times Seen31 Hash f0079606d35fa29916cfdd57ea33b0d7 a3eed2f3f35be9c9a8b238bfa67ff1b6d4cc1def 9e7a49bca19a3f847e3b1512776b07fe23a001279a2346bdd2edd946bccd5992 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/util.js	ScriptElement	158 kB	2023-09-22	2023-09-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/util.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:54 Last Seen2023-09-24 16:40 Times Seen5 Hash 5b1e09715e7509a58ba744cec969b6b3 3600fa8e0fe7c91fbba82d5086aabc3574c873fb c0bb0ba1aad67e9f6bf0cc1eba38308630795d5f2ce669c618aa271cec8791fa Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	203 B	2023-03-09	2025-02-06
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:45 Last Seen2025-02-06 00:46 Times Seen32 Hash ddf962c448cafce8f275eafcf360e69f 0864f78f537b1ca4a10786cc31dc5e0fb1e50e80 b0b3309e4a6160f5781132e246112cc01954ded3ebfb1993ae5a390581fa69ca Loading...

	156.54.128.69/condro/km/scripts.js?041428&tm=1604419420	ScriptElement	1.0 MB	2023-06-26	2025-02-28
Pretty URL 156.54.128.69/condro/km/scripts.js?041428&tm=1604419420 IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 11:00 Last Seen2025-02-28 00:19 Times Seen17 Hash bec44e06494dd283d806e957d9158a62 c132488d54fd2992cb310cedf906a124ed57c699 28bc78ca270d1c7e1998b4268513b7146932cbcd6c782fcf806da6000cd17f1e Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	2.5 kB	2023-07-18	2024-08-21
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-18 19:02 Last Seen2024-08-21 05:58 Times Seen3 Hash a4a58af38d61f3b4814505506b696539 473262284f39b98f394e359de66aab9a7f82cc95 57eb3f7a4d74e9336c7085b287cbe1f3646eaed573d28d3863cd48466e1dbde9 Loading...

	unknown	Function	2.3 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen283 Hash e2c89a3a47c7325d779a7a642315bca3 da743b26ca86568d988234fc0353ab9f16817e59 4a339cbb8d5372ded257810b1638d2955f59d043449889c10f421159a21e6c9d Loading...

	unknown	Function	157 B	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen522 Hash a762d9bae9cbec2a7bfce47a668d5166 97953cada75d709adab16aead2195e989539efd8 f47605be5be5a996f06150aa8e8330775428779f49343b7ec0e1b05a27c07dab Loading...

	unknown	Function	3.5 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen414 Hash 802bd6964c9b47ba2f6db5ad2850d659 3fa8378ab2b88e125818f430db7f2402f801e3ba 07d8704b82489cfce192852a88b2aca1deed315d177160e8485a6b385289d6ae Loading...

	156.54.128.69/km/design-web-toolkit/build/IWT.min.js	ScriptElement	92 kB	2023-03-09	2025-03-26
Pretty URL 156.54.128.69/km/design-web-toolkit/build/IWT.min.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 17:45 Last Seen2025-03-26 10:05 Times Seen41 Hash 91ea470a0b3910646cf9a3d324447bd5 672b6faa6f21cd7954f4f11d73a38e3c1567a47a 0126404f4f1667d3d606bf41f6f188f66a9340a2cb6a807395da67b48e7e2854 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-11 11:44 Times Seen263675 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	156.54.128.69/km/design-web-toolkit/build/vendor/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-11
Pretty URL 156.54.128.69/km/design-web-toolkit/build/vendor/jquery.min.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-11 05:55 Times Seen1718 Hash 13c0a5055cca7b2463b2f73701960b9e e6082a7b52db82604ac446d2e6a32cb5af263781 20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104 Loading...

	maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=it&region=it&callback=onApiLoad	ScriptElement	181 kB	2023-09-23	2023-09-23
Pretty URL maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=it&region=it&callback=onApiLoad IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 11:42 Last Seen2023-09-23 11:42 Times Seen1 Hash 9161afd94320bd275fab6355645a2381 13f57d0083fe8e9bc3ed5456b8ddd1af6b9bc0c7 7076ae44bac3b82b91e2d92a50d33c31ec4d76ebd73acf54956a8f604f85d39e Loading...

	unknown	Function	2.4 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen469 Hash 95694391e7a3679271a3a1f9488d53bc 6ace1bdcae479156a029441c968b1a104240cde4 deda9ea97af16a60a0d1039bb4f78a1594ced8ab0b7a9c2ce7a916aaeb5db1fb Loading...

	156.54.128.69/condro/km/bootstrap/bootstrap.halley.js	ScriptElement	2.0 kB	2023-03-09	2025-04-08
Pretty URL 156.54.128.69/condro/km/bootstrap/bootstrap.halley.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 13:11 Last Seen2025-04-08 19:35 Times Seen61 Hash 1287e08ee5b02b3d1e85e5ba42c0687f 454877bbbad1e08c7a88c21d5e58686b03eabdc1 c6ecc4f83c81c503bb2b8b19f28c05b067ca77964f4c9c6f278fd65ce1a1df6b Loading...

	unknown	Function	1.1 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen501 Hash 6c41d068660cd241101fe424b7fd4807 23e6eaa99edc45f6724428dd83759deb6cebf89a 2a1ef222eefd377a1500076feb680a0ec0fed8d7eba38bd6dda002dcffebf099 Loading...

	156.54.128.69/condro/hh/index.php	ScriptElement	49 B	2023-03-09	2025-03-26
Pretty URL 156.54.128.69/condro/hh/index.php IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 17:45 Last Seen2025-03-26 10:05 Times Seen43 Hash 79f4aea27ddfa8c6f23886bd63e55f6e 1b2be12330a2d0d6333cdb75c964df0a3241e7d0 454e21d654d2ae176454693861cdb9d9662aee4e06c8dadebd6dd370a4500d46 Loading...

	156.54.128.69/condro/km/bootstrap/js/bootstrap.min.js	ScriptElement	28 kB	2023-03-07	2025-05-07
Pretty URL 156.54.128.69/condro/km/bootstrap/js/bootstrap.min.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 10:35 Times Seen666 Hash 9e25e8e29ef0ea358e9778082ffd97d8 75a42212affc118fef849aba4b9326a7da2acda1 54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7 Loading...

	www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 11:53 Times Seen4654016 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/common.js	ScriptElement	259 kB	2023-09-22	2023-09-24
Pretty URL maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/common.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:54 Last Seen2023-09-24 16:40 Times Seen5 Hash 0ada05f095aa4a5910d803f3df99a01b e77f04cf7f74e0e90b02b8bba107ae96e1c100bb 4cc51f5efc25f2fd18753c73da5b3d04cbf184e48a96ffeeb4dc1c2d1191a126 Loading...

	unknown	Function	977 B	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen501 Hash 6d30e8eb0e935368657203356d8ab3ad 4c40fda108e97d182be2b63fc4ef39af7cc5e601 6bed558d0b97101e7acbed8ce81fb15cc83c0a7a184bff84cb1b49a9a054dcac Loading...

	unknown	Function	281 B	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen488 Hash ce2501affe8fc39effee46cf9d323ed9 1184d84dc6503a4828f5839d8c6ac63ce34228c7 21a718d64a7e7733b79a534163150afdbf641ab89689cb4272c0f489dba2f314 Loading...

	unknown	Function	1.6 kB	2023-04-16	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-16 12:11 Last Seen2025-05-08 15:21 Times Seen486 Hash 164517b29df6459d3cc8754bc902810f f560d85ec027e1d37ce5a21bd33830ddff87d87a 927a8995c8b4d133cd2088ed11033d10dab309357d844720e60cd4e5158c2302 Loading...

	156.54.128.69/km/design-web-toolkit/build/vendor/modernizr.js	ScriptElement	13 kB	2023-03-09	2025-03-26
Pretty URL 156.54.128.69/km/design-web-toolkit/build/vendor/modernizr.js IP 156.54.128.69 ASN #20746 Telecom Italia Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 17:45 Last Seen2025-03-26 10:05 Times Seen47 Hash 36f1bb37f749f775fda1968d04c1455f d1a784424feb84563fb3cf932df0948f65a26edb 7ca15fbf0f723bd8c6327f753e58adbc624815de1aad7ed6263ff3afbae25fb0 Loading...

HTTP Transactions (81)

URL IP Response Size

156.54.128.69/condro/hh/index.php

156.54.128.69

200 OK

116 kB

URL User Request GET HTTP/1.1
156.54.128.69/condro/hh/index.php
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (2327), with CRLF, LF line terminators
Size
116 kB (116163 bytes)
Hash
4c9a0c5f87fd4031d0dd8a5753e3958d
aedb5e2cdefbf4f3a5fa530134fd21becf017a8e
3c61dea170a9e3c6190b2dab2d57ca0c87c08089f78384c032db9285f6db7f38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/hh/index.php HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:19 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Set-Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: public, s-maxage=3600
Pragma: no-cache
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

156.54.128.69/condro/km/bootstrap/bootstrap.halley.js

156.54.128.69

200 OK

2.0 kB

URL GET HTTP/1.1
156.54.128.69/condro/km/bootstrap/bootstrap.halley.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ISO-8859 text, with CRLF line terminators
Size
2.0 kB (2040 bytes)
Hash
ce01f73247f78bee881e6b225d93045c
bb28a3a896ace70b982aa67a229dc0f5870f2ba8
ca864c6eaf22b85efadf8e28f515afd369abf5222aa2484b77f95df5d2cdcacd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/bootstrap/bootstrap.halley.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:19 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 13 Jun 2018 07:10:18 GMT
ETag: "7f8-56e80acd40a80"
Accept-Ranges: bytes
Content-Length: 2040
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css

156.54.128.69

200 OK

4.8 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text
Size
4.8 kB (4789 bytes)
Hash
5becf8e204b9e1c752900253ffb50f8a
fd4ab6d135f447259d257bd210f16304fb409cab
fe522138bb9c42ea28a8c5893feadd6dcf1818af4add188a225cfb84c839c017

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/font-titillium-web.css HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 11:39:16 GMT
ETag: "12b5-5e5b943fe4100"
Accept-Ranges: bytes
Content-Length: 4789
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

156.54.128.69/km/design-web-toolkit/build/vendor/modernizr.js

156.54.128.69

200 OK

13 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/vendor/modernizr.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (12812), with CRLF line terminators
Size
13 kB (13235 bytes)
Hash
36f1bb37f749f775fda1968d04c1455f
d1a784424feb84563fb3cf932df0948f65a26edb
7ca15fbf0f723bd8c6327f753e58adbc624815de1aad7ed6263ff3afbae25fb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/vendor/modernizr.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 16 Feb 2022 08:21:24 GMT
ETag: "33b3-5d81e55d20900"
Accept-Ranges: bytes
Content-Length: 13235
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/condro/km/bootstrap/js/bootstrap.min.js

156.54.128.69

200 OK

28 kB

URL GET HTTP/1.1
156.54.128.69/condro/km/bootstrap/js/bootstrap.min.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (27605)
Size
28 kB (27726 bytes)
Hash
9e25e8e29ef0ea358e9778082ffd97d8
75a42212affc118fef849aba4b9326a7da2acda1
54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 30 Oct 2013 16:10:36 GMT
ETag: "6c4e-4e9f792cdd700"
Accept-Ranges: bytes
Content-Length: 27726
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/condro/km/bootstrap/bootstrap-override.css

156.54.128.69

200 OK

2.4 kB

URL GET HTTP/1.1
156.54.128.69/condro/km/bootstrap/bootstrap-override.css
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2393 bytes)
Hash
5a69931809a908e625cecab7034819f0
ae2d93eeacc2e557397de0a34fd1138c013e536b
1624e1a793778a7bee29e569e1a04d62006cdbbb9435ac3895fda13992295da4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/bootstrap/bootstrap-override.css HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 09 Apr 2018 15:36:37 GMT
ETag: "959-5696c2bdf6b40"
Accept-Ranges: bytes
Content-Length: 2393
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

156.54.128.69/km/design-web-toolkit/build/vendor/jquery.min.js

156.54.128.69

200 OK

96 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/vendor/jquery.min.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (32038), with CRLF line terminators
Size
96 kB (95962 bytes)
Hash
13c0a5055cca7b2463b2f73701960b9e
e6082a7b52db82604ac446d2e6a32cb5af263781
20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/vendor/jquery.min.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 16 Feb 2022 08:21:24 GMT
ETag: "176da-5d81e55d20900"
Accept-Ranges: bytes
Content-Length: 95962
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/condro/km/style.css?041428&tm=1695122753

156.54.128.69

200 OK

203 kB

URL GET HTTP/1.1
156.54.128.69/condro/km/style.css?041428&tm=1695122753
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (23577), with CRLF, LF line terminators
Size
203 kB (203002 bytes)
Hash
e13c37f4d38581512c732eea7174b5e6
3dcee6dc3f464b92214df8424ba97cd09e33a9df
3f53b1c4232bfb70d3709db4518033198eaf2342760c546883ecaef573ad1ce6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/style.css?041428&tm=1695122753 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 19 Sep 2023 11:25:53 GMT
ETag: "318fa-605b485904b58"
Accept-Ranges: bytes
Content-Length: 203002
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

156.54.128.69/condro/km/bootstrap/css/bootstrap.min.css

156.54.128.69

200 OK

124 kB

URL GET HTTP/1.1
156.54.128.69/condro/km/bootstrap/css/bootstrap.min.css
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (64996), with CRLF line terminators
Size
124 kB (123616 bytes)
Hash
8d396d67e48defcb4676b3539b27c2fd
1eca1b10fbb044e1c69a7170c877ea774c2c87d7
a56535187bb4bc141b26f2b468074e34864ee62ede6c7d7ac07828c6b7cecfc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 17 Jul 2015 08:18:05 GMT
ETag: "1e2e0-51b0dd3c54940"
Accept-Ranges: bytes
Content-Length: 123616
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

156.54.128.69/km/design-web-toolkit/build/IWT.min.js

156.54.128.69

200 OK

92 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/IWT.min.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Unicode text, UTF-8 text, with very long lines (28438)
Size
92 kB (92060 bytes)
Hash
74e6b809bbad9fde45014f38a1eae6ce
a441cec3f1d2b9280f205571860a003be54d8108
23607dc6da0c36bcf9a52d34f434c60c7890c1e4e2350347ec73fbc7ac558eb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/IWT.min.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 16 Feb 2022 08:22:08 GMT
ETag: "1679c-5d81e58716c00"
Accept-Ranges: bytes
Content-Length: 92060
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/km/design-web-toolkit/build/build.css

156.54.128.69

200 OK

138 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/build.css
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with very long lines (65517)
Size
138 kB (138338 bytes)
Hash
c3667931deee12e42b58823e51520185
3d58e9cc3f7007337970fef81f53e63f7c904829
35e49e8d1cd9187b2e88ad4aa4668066c7dc1b96c2243d0c6c61347fcc2b5e09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/build.css HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 16 Feb 2022 08:21:40 GMT
ETag: "21c62-5d81e56c62d00"
Accept-Ranges: bytes
Content-Length: 138338
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

156.54.128.69/condro/km/css/accessibilita.php?nocache=1695462139

156.54.128.69

200 OK

2 B

URL GET HTTP/1.1
156.54.128.69/condro/km/css/accessibilita.php?nocache=1695462139
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with CRLF line terminators
Size
2 B (2 bytes)
Hash
81051bcc2cf1bedf378224b0a93e2877
ba8ab5a0280b953aa97435ff8946cbcbb2755a27
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/css/accessibilita.php?nocache=1695462139 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Content-Length: 2
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css;charset=ISO-8859-1

156.54.128.69/condro/editor/CKeditor/ckeditor.js

156.54.128.69

200 OK

510 kB

URL GET HTTP/1.1
156.54.128.69/condro/editor/CKeditor/ckeditor.js
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (594)
Size
510 kB (510233 bytes)
Hash
05a2e51b59ec243e96c710c5a05462f6
20894ad9de430f2a8d4aa9de5c87c5031fe35431
6b38d3db6cc5d3b9092cb80741addb963f69b135f4984148101019e8ee555e7b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/editor/CKeditor/ckeditor.js HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 18 Mar 2014 10:36:44 GMT
ETag: "7c919-4f4df1cbee700"
Accept-Ranges: bytes
Content-Length: 510233
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/x-javascript

156.54.128.69/condro/km/scripts.js?041428&tm=1604419420

156.54.128.69

200 OK

1.0 MB

URL GET HTTP/1.1
156.54.128.69/condro/km/scripts.js?041428&tm=1604419420
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ISO-8859 text, with very long lines (361), with CRLF, LF line terminators
Size
1.0 MB (1040825 bytes)
Hash
5743353a7132c0aac8ffddec397bdaa9
44573968fddf6bdcc92b0f120eb2fb0ef7320a9e
927d06a3be8ff26cdfc5e94b82a441e0fa1bdb69249159e86f1dcd72b89240df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/scripts.js?041428&tm=1604419420 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:20 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 03 Nov 2020 16:03:40 GMT
ETag: "fe1b9-5b33601a5e1ea"
Accept-Ranges: bytes
Content-Length: 1040825
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

156.54.128.69/condro/images/logo_cimlabweb_1_.jpg

156.54.128.69

200 OK

26 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/logo_cimlabweb_1_.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 320x100, components 3\012- data
Size
26 kB (25972 bytes)
Hash
73caaf947bc79c787bc17ca61da08380
2bd725f096fbb1c0111a1482daa402e281e45508
7cfdb118b55c59f267d20882e7008a8dda14b829604cf7b2c1a0d8d573ca57f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/logo_cimlabweb_1_.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 04 Jul 2022 22:08:34 GMT
ETag: "6574-5e301fa1bf7c2"
Accept-Ranges: bytes
Content-Length: 25972
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=191&id=182

156.54.128.69

200 OK

6.9 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=191&id=182
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 275x183, components 3\012- data
Size
6.9 kB (6851 bytes)
Hash
fdcd00b90303254ed8d2f86a55ff0d0b
e81992c7dbbefe0985e3363dca390f4d675db56f
d6d674af5ca5722212b130feb099bb9c3fc288615eb0177bfecae588ac946f14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=191&id=182 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="download.jpg"
Content-Length: 6851
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/images/img-126170-O-29-1344-0-0-b609adf66be4569d8bd3841d53dc0d1c.jpg

156.54.128.69

200 OK

56 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/img-126170-O-29-1344-0-0-b609adf66be4569d8bd3841d53dc0d1c.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], progressive, precision 8, 640x640, components 3\012- data
Size
56 kB (56367 bytes)
Hash
5f5d82aa1256aedf6896175ddc0bdbb8
54747299d030126ad59ded1538a1914833a09a77
c037168e54a70ec0ee5f5c223dc202d6a9bb3a5a1696e9b09aab591a81524693

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/img-126170-O-29-1344-0-0-b609adf66be4569d8bd3841d53dc0d1c.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Thu, 01 Apr 2021 13:28:54 GMT
ETag: "dc2f-5bee93680160e"
Accept-Ranges: bytes
Content-Length: 56367
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=198&id=190

156.54.128.69

200 OK

83 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=198&id=190
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 1125x751, components 3\012- data
Size
83 kB (83312 bytes)
Hash
d4b0362be0de55b39bb1655a04f6a36e
1b0fba86f07e60f6bce7673ba2293dbbecf9667d
ca904f6244ea1cf1916144aeab2b81eeba423af2f025e9721889cf9b352bf92e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=198&id=190 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="AVVISO_3.jpg"
Content-Length: 83312
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/km/css-static/print.css

156.54.128.69

200 OK

57 B

URL GET HTTP/1.1
156.54.128.69/condro/km/css-static/print.css
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
ASCII text, with CRLF line terminators
Size
57 B (57 bytes)
Hash
1a595710445d9df1be00617e343e8703
86e5afeedf59745be4d6a7f8996d0da7d11bcf81
2bd714055a308be0c5cfa7bf0bb2e4a7936c754baafd08901776cd04ce8fa1fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/km/css-static/print.css HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 27 Apr 2015 09:02:21 GMT
ETag: "39-514b100ef4140"
Accept-Ranges: bytes
Content-Length: 57
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ec7e4fa5141f5c291141f904d913eb18
a1d02556789afef84c5c74b80eb45cd1604c3c70
9d7147857b1d24f497c88bbb8edb50fa9e27d8abbf81a4156bb5f97cfaf977aa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

156.54.128.69/condro/po/immagine_news.php?news=194&id=185

156.54.128.69

200 OK

14 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=194&id=185
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 259x195, components 3\012- data
Size
14 kB (13839 bytes)
Hash
dfa4947d1d474e1483c4fdabbb0d1cb1
f994ade5ebad78ce62599aa57e91fe3426810455
bbf699461c57c7a7c8f7f55f93c2925a5c7cfbf7a8a3d539f0757e012471c03e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=194&id=185 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="Senza titolo.jpg"
Content-Length: 13839
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit

142.250.74.100

200 OK

893 B

URL GET HTTP/2
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
http://156.54.128.69/condro/hh/index.php
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintD2:77:FE:08:C6:61:6A:42:5C:1F:85:13:DA:23:B2:B8:46:20:45:88
ValidityMon, 04 Sep 2023 08:23:29 GMT - Mon, 27 Nov 2023 08:23:28 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1347)
Size
893 B (893 bytes)
Hash
63c54e83bb1d8aed03c9d8a819a797fa
5ff51f12e600713f51508c153d82b78983a5a331
56c9879af4c5099d92b569ec1fb225a908477ab751a35ddff9a9a0c53efda7a1

HTTP Headers

GET /maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-pZnHb2a0YGTxfe4eMYvqTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 23 Sep 2023 09:42:23 GMT
server: scaffolding on HTTPServer2
content-length: 893
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

156.54.128.69/condro/po/immagine_news.php?news=196&id=188

156.54.128.69

200 OK

249 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=196&id=188
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1170x501, components 3\012- data
Size
249 kB (248986 bytes)
Hash
d896b1df688d2b03e489c8122f5ca1ed
3506d793ab865ee24ba6c4b6344fc76aa1dc6d99
ee2ce988887cd75ce273758a27a829ac93cb6bfdbbd9cbb819b08318a7742259

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=196&id=188 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="ae518958e99d053c5e2b7ccbf7c8fc40_XL.jpg"
Content-Length: 248986
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=195&id=186

156.54.128.69

200 OK

14 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=195&id=186
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 259x195, components 3\012- data
Size
14 kB (13839 bytes)
Hash
dfa4947d1d474e1483c4fdabbb0d1cb1
f994ade5ebad78ce62599aa57e91fe3426810455
bbf699461c57c7a7c8f7f55f93c2925a5c7cfbf7a8a3d539f0757e012471c03e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=195&id=186 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="Senza titolo.jpg"
Content-Length: 13839
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=167&id=153

156.54.128.69

200 OK

8.3 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=167&id=153
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 287x176, components 3\012- data
Size
8.3 kB (8272 bytes)
Hash
0d853911e86eb3a37ce0c5c7565c4a58
d077aaaa44b50854e3f6f4b86f5db6a7e8e872b0
408959e7d1c88119e71a119a6108de6461f6dbc8c1daddedf219f451c1c03bef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=167&id=153 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="download.jfif"
Content-Length: 8272
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/octet-stream

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 18136, version 1.0\012- data
Size
18 kB (18136 bytes)
Hash
30892956886fbc21e22b29974b3fe7bb
74d6b4c7dad045c5be98af0aee82893f197bd7b6
6ccb26dc2a03353e8be7e0052375e146285fa243428429df9fcbad2003db105d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "46d8-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 18136
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8e0560c46747530b07f20c3704aecf0c
30e8a5e5b62c28ed29ef6408f9044f2d8a911db5
e5b8c6bd88bfb832b0b14cf3e17048b546cbf82d7de8d539f8fdad12794b3cb8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

156.54.128.69/km/design-web-toolkit/build/assets/602e9d03.ttf?v2

156.54.128.69

200 OK

13 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/assets/602e9d03.ttf?v2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ita \012- data
Size
13 kB (12868 bytes)
Hash
55f8dc1974a36ea4eedb3f69138fef39
62b8d10959cc710df8867730daa07403792e0403
a46f03a6183ec8679f7b67e2d168ae416b76a85686f67aaed87eb2f8f770b800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/assets/602e9d03.ttf?v2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/build.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 09 Feb 2018 15:19:44 GMT
ETag: "3244-564c90edb2400"
Accept-Ranges: bytes
Content-Length: 12868
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/x-font-ttf

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2

156.54.128.69

200 OK

21 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 20664, version 1.0\012- data
Size
21 kB (20664 bytes)
Hash
f828b43e3a791d7d9b8a85e8b45b6d56
aef9274463142b46210b7c8a9d5aaa20bd5f331a
a9e01dac43d55137208446cff5b12576a476a00ccdad213fa88535ab3b7b6f45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "50b8-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 20664
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive

156.54.128.69/km/css-static/font-awesome/fonts/fontawesome-webfont.woff?v=4.3

156.54.128.69

200 OK

72 kB

URL GET HTTP/1.1
156.54.128.69/km/css-static/font-awesome/fonts/fontawesome-webfont.woff?v=4.3
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format, TrueType, length 71508, version 1.0\012- data
Size
72 kB (71508 bytes)
Hash
d9ee23d59d0e0e727b51368b458a0bff
56ce13e71c2150d81bc972940584915181bd6081
e3870de89716b72cb61a4bba0e17c75783b361cdaba35ea96961c3070bd8ca18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/css-static/font-awesome/fonts/fontawesome-webfont.woff?v=4.3 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/km/style.css?041428&tm=1695122753
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Wed, 15 Jul 2015 13:53:30 GMT
ETag: "11754-51aea47a1aa80"
Accept-Ranges: bytes
Content-Length: 71508
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/font-woff

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 17460, version 1.0\012- data
Size
18 kB (17460 bytes)
Hash
b2f72c965b95e0df488542ff03eb3255
9273efaf59db131ac8cf23f3f6b42c66629af829
b1b1bea23ff23198843f86c30dbede431bdf18ae68e661d558a0f8d88a38c6b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "4434-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 17460
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 17968, version 1.0\012- data
Size
18 kB (17968 bytes)
Hash
ba4ebbf930ddaac90b52ed338d9b3386
d4a6f81d4f9013380d4776938eafbe524ef27d25
2e0972539f3ce64484286732f70eb941e7570861a541a3d363910b049f8bbee8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "4630-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 17968
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 17460, version 1.0\012- data
Size
18 kB (17460 bytes)
Hash
b2f72c965b95e0df488542ff03eb3255
9273efaf59db131ac8cf23f3f6b42c66629af829
b1b1bea23ff23198843f86c30dbede431bdf18ae68e661d558a0f8d88a38c6b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-700.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "4434-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 17460
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 18136, version 1.0\012- data
Size
18 kB (18136 bytes)
Hash
30892956886fbc21e22b29974b3fe7bb
74d6b4c7dad045c5be98af0aee82893f197bd7b6
6ccb26dc2a03353e8be7e0052375e146285fa243428429df9fcbad2003db105d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-regular.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "46d8-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 18136
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive

www.3bmeteo.com/images/site/print_button.png

104.17.63.55

200 OK

74 B

URL GET HTTP/3
www.3bmeteo.com/images/site/print_button.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
74 B (74 bytes)
Hash
5330b75a3f13b8bdb344d7ade1991a21
2e72ee8dbb7be64a2816b56a646c4fb3ce7e8075
ba82d4fafbe19f94e4b6eea27aecbbee833ad19b33dd87f92f3ab9f0969a57c9

HTTP Headers

GET /images/site/print_button.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 74
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=231
content-disposition: inline; filename="print_button.webp"
vary: Accept
etag: "4e5bb3fe-e7"
last-modified: Mon, 29 Aug 2011 15:45:02 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 1736821
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQ2XJ%2BXXItzAZYmy4LSkCkmp193Oaz%2BFku3pt4%2F9AKl3aMEurVFmy5Bboy1GjM1pyrMAUO2D%2Bw0Ck%2BiNVOgTpm6O%2BRadtOMlzfn5CUCTWkoGu8pzDsREY4PvTah8H7lthQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d6610c9d5684-OSL
alt-svc: h3=":443"; ma=86400

www.3bmeteo.com/images/site/logo3b_moduli.png

104.17.63.55

200 OK

468 B

URL GET HTTP/3
www.3bmeteo.com/images/site/logo3b_moduli.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
468 B (468 bytes)
Hash
d91f345c6800b11ec70be1e85c52e800
cca5bc217633640eecd0e1ee27b16829016c0937
83df9d0d46880c11f40b10ef8e16635c748fa2736e38b3fac409c2b2a3c2e242

HTTP Headers

GET /images/site/logo3b_moduli.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 468
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=931
content-disposition: inline; filename="logo3b_moduli.webp"
vary: Accept
etag: "4e5cbb27-3a3"
last-modified: Tue, 30 Aug 2011 10:27:51 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 1736821
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZDaFJSwZfk%2F4PdeDcWAXRNKTrPyw9SpBsDz7OdLzjQIm96uCv8HeSCPpymSlOOYpmiHjNvmsuXlm2MC7AReHvrW9rw4H7YSsvgOuBB1iG0l8kCJbtVEMvjKQUshoUv6hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d660fc965684-OSL
alt-svc: h3=":443"; ma=86400

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2

156.54.128.69

200 OK

21 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 20664, version 1.0\012- data
Size
21 kB (20664 bytes)
Hash
f828b43e3a791d7d9b8a85e8b45b6d56
aef9274463142b46210b7c8a9d5aaa20bd5f331a
a9e01dac43d55137208446cff5b12576a476a00ccdad213fa88535ab3b7b6f45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-italic.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "50b8-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 20664
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

www.3bmeteo.com/images/set_icone/7/40-40/45.png

104.17.63.55

200 OK

2.8 kB

URL GET HTTP/3
www.3bmeteo.com/images/set_icone/7/40-40/45.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2846 bytes)
Hash
adbf1f27ec7ddca99dae8348eb33fef7
89e6493c3fcdd7fc133ef657e707bb1a40450083
1a4e7fbb257f0f39e64af796ed2b617802630986c6b2428510cf50ea6084b756

HTTP Headers

GET /images/set_icone/7/40-40/45.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 2846
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=18857
content-disposition: inline; filename="45.webp"
vary: Accept
etag: "5dc988fe-49a9"
last-modified: Mon, 11 Nov 2019 16:14:54 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 1736821
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRxU4uFuhjPQgF9Qn87nB%2Fo7GfM%2Bq1amq4qHRuFXssMplE08g%2BFcZLZW54WO%2FzI6vmCLck%2F4xx37e7CDbMhoIWsoaLd6QHn8twyY8%2FODG%2BJ34R%2F2qpRA5lpaiVp%2BF25MYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d6610cae5684-OSL
alt-svc: h3=":443"; ma=86400

www.3bmeteo.com/images/set_icone/7/40-40/69.png

104.17.63.55

200 OK

3.0 kB

URL GET HTTP/3
www.3bmeteo.com/images/set_icone/7/40-40/69.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.0 kB (2954 bytes)
Hash
b54639eb82e7e1ed0521c40c6d2cba4c
9c30209ec76a4e9498fc7a16e682a9291060c7db
e64b7c1dd0fc4732fefe1146162d4b138cb6d9be1f580e446cca67858867390f

HTTP Headers

GET /images/set_icone/7/40-40/69.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 2954
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=19146
content-disposition: inline; filename="69.webp"
vary: Accept
etag: "5dc988fd-4aca"
last-modified: Mon, 11 Nov 2019 16:14:53 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 1725178
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKZ9Q8r56o8PnThzK6U1iZA63s%2FGBhGSpKUKTiUSI%2BJsMFQ79cJl81H6M5BbcIWBW%2FYSVMgMYRoPi%2FUX0gtQAEqBifSBakozDt6sC%2BTxg0cda4YnrYO2Hj9XNG4BO%2BU%2F0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d6611cb55684-OSL
alt-svc: h3=":443"; ma=86400

www.3bmeteo.com/images/set_icone/7/40-40/4.png

104.17.63.55

200 OK

3.1 kB

URL GET HTTP/3
www.3bmeteo.com/images/set_icone/7/40-40/4.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.1 kB (3108 bytes)
Hash
880d22e4322d8e20399e6164e0bf9673
df5c2f33c4cbc3a05f94fb82e481ec9234b5b822
fe92b0effb676c6438bcc3452d05abbe2a22b9bf5e3db9637c8e67d0f20078f9

HTTP Headers

GET /images/set_icone/7/40-40/4.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 3108
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=19354
content-disposition: inline; filename="4.webp"
vary: Accept
etag: "5dc988fe-4b9a"
last-modified: Mon, 11 Nov 2019 16:14:54 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 1705715
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmFDr0N3K4jTOEfULG1F9YfXUmE6gUkHP3Hb7F1GA%2F224rjJviI4J7c8Vb%2FOhLP01Ey4WhqvBGLwdk27GSVCd0jZHfR1fbaHKrMM8pnLUmKxwG5R44%2FOXN3pN8ghMspCsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d6611cb65684-OSL
alt-svc: h3=":443"; ma=86400

www.3bmeteo.com/images/set_icone/7/40-40/2.png

104.17.63.55

200 OK

2.8 kB

URL GET HTTP/3
www.3bmeteo.com/images/set_icone/7/40-40/2.png
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2810 bytes)
Hash
0ff1510503270cb6b1cdcd66a947c0e0
0f511f6f93b7970893afafde1919c6f8a2ea4a38
3c2db7a69d82e98f310123bebd1e1ffaf4a8a8856e12b9a54139eb69ddb15e97

HTTP Headers

GET /images/set_icone/7/40-40/2.png HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: image/webp
content-length: 2810
cache-control: public, max-age=31536000, immutable
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=19500
content-disposition: inline; filename="2.webp"
vary: Accept
etag: "5dc988ff-4c2c"
last-modified: Mon, 11 Nov 2019 16:14:55 GMT
x-proxy-cache: STALE
cf-cache-status: HIT
age: 1736821
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uAa%2BNSF%2BBK9c0T9eP1FkjhKretJ3X8249BnTfcADC8w%2Bs2uGk%2BRujFTnU6HnZQ%2FJT0UYHaw1qcHT52xZvEBOrODrWcZvThRasuEzRpr8WzInZlxg7o%2BwqptFnfCgxZcrwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d6611cba5684-OSL
alt-svc: h3=":443"; ma=86400

156.54.128.69/condro/images/immagini/sicilia.png

156.54.128.69

200 OK

5.6 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/immagini/sicilia.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 80 x 110, 8-bit/color RGBA, non-interlaced\012- data
Size
5.6 kB (5578 bytes)
Hash
af721a396706644f13ba02a07602a1cf
56cfa5654a94d50944e8028b53f7bb914eced0f1
56e26f5a76d9abd239e6e0ae5cc999f366e27586204b4d664a027b4447c35f3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/immagini/sicilia.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 07 Feb 2020 09:56:53 GMT
ETag: "15ca-59df968c139b2"
Accept-Ranges: bytes
Content-Length: 5578
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2

156.54.128.69

200 OK

18 kB

URL GET HTTP/1.1
156.54.128.69/km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
Web Open Font Format (Version 2), TrueType, length 17968, version 1.0\012- data
Size
18 kB (17968 bytes)
Hash
ba4ebbf930ddaac90b52ed338d9b3386
d4a6f81d4f9013380d4776938eafbe524ef27d25
2e0972539f3ce64484286732f70eb941e7570861a541a3d363910b049f8bbee8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /km/design-web-toolkit/build/fonts/titillium-web-v15-latin-ext_latin-600.woff2 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/km/design-web-toolkit/build/font-titillium-web.css
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 08 Aug 2022 06:40:36 GMT
ETag: "4630-5e5b517e0c100"
Accept-Ranges: bytes
Content-Length: 17968
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive

156.54.128.69/condro/images/pagopa_new.jpg

156.54.128.69

200 OK

87 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/pagopa_new.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", baseline, precision 8, 1282x1282, components 3\012- data
Size
87 kB (87303 bytes)
Hash
2e5d9035741d2b24bd121ce8943f5383
bea0a77315bcc6350efc982946cca2443fa93f73
a47b5f3e08b9a439b751a75d2ed2fb5f1016f42fe22cfd260b497c23c2a3bc83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/pagopa_new.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Thu, 01 Apr 2021 13:21:13 GMT
ETag: "15507-5bee91b0a2331"
Accept-Ranges: bytes
Content-Length: 87303
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.3bmeteo.com/cdn-cgi/rum?

104.17.63.55

204 No Content

0 B

URL POST HTTP/3
www.3bmeteo.com/cdn-cgi/rum?
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
content-type: application/json
Content-Length: 2772
Origin: https://www.3bmeteo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 23 Sep 2023 09:42:24 GMT
access-control-allow-origin: https://www.3bmeteo.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 80b1d6625e095684-OSL
x-frame-options: DENY
x-content-type-options: nosniff

maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=it&region=it&callback=onApiLoad

142.250.74.10

200 OK

62 kB

URL GET HTTP/2
maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=it&region=it&callback=onApiLoad
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (2470)
Size
62 kB (62387 bytes)
Hash
9161afd94320bd275fab6355645a2381
13f57d0083fe8e9bc3ed5456b8ddd1af6b9bc0c7
7076ae44bac3b82b91e2d92a50d33c31ec4d76ebd73acf54956a8f604f85d39e

HTTP Headers

GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=it&region=it&callback=onApiLoad HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=1800
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 23 Sep 2023 09:42:24 GMT
server: scaffolding on HTTPServer2
content-length: 62387
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

142.250.74.10

200 OK

23 B

URL GET HTTP/3
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
JSON data\012- , ASCII text
Size
23 B (23 bytes)
Hash
8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

HTTP Headers

GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 23 Sep 2023 09:42:24 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maps.gstatic.com/maps-api-v3/embed/js/54/6/intl/it_ALL/init_embed.js

142.250.74.3

200 OK

63 kB

URL GET HTTP/2
maps.gstatic.com/maps-api-v3/embed/js/54/6/intl/it_ALL/init_embed.js
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
ASCII text, with very long lines (2174)
Size
63 kB (62982 bytes)
Hash
d80e668bca41fb73e2edce62f6aa9d99
8cb39ea95bd33b538c7e844bf382e6051a6a8887
bb1f4d4af5a5ce8512316264d576dd4c7fbd62a6ffe530411e4f6dfa101c37b4

HTTP Headers

GET /maps-api-v3/embed/js/54/6/intl/it_ALL/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 62982
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 20:03:54 GMT
expires: Wed, 18 Sep 2024 20:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:55 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 308310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 09:42:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/common.js

142.250.74.10

200 OK

57 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/common.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (4497)
Size
57 kB (57006 bytes)
Hash
0ada05f095aa4a5910d803f3df99a01b
e77f04cf7f74e0e90b02b8bba107ae96e1c100bb
4cc51f5efc25f2fd18753c73da5b3d04cbf184e48a96ffeeb4dc1c2d1191a126

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57006
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 20:03:54 GMT
expires: Wed, 18 Sep 2024 20:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 308310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/util.js

142.250.74.10

200 OK

50 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/util.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (582)
Size
50 kB (49865 bytes)
Hash
5b1e09715e7509a58ba744cec969b6b3
3600fa8e0fe7c91fbba82d5086aabc3574c873fb
c0bb0ba1aad67e9f6bf0cc1eba38308630795d5f2ce669c618aa271cec8791fa

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 49865
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 20:03:54 GMT
expires: Wed, 18 Sep 2024 20:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 308310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/map.js

142.250.74.10

200 OK

24 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/map.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (2788)
Size
24 kB (23697 bytes)
Hash
6723fd3e6d778820f04251282bcac5d4
c8081dd65ca66a5e38e09b9f068fa9a95d56bfe8
50b1aa3b5eabaaca33b5606b432c96e0097e663580cb73b4374e908f82634fd9

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/map.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 23697
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 20:03:54 GMT
expires: Wed, 18 Sep 2024 20:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 308310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/search_impl.js

142.250.74.10

200 OK

1.3 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/search_impl.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (1517)
Size
1.3 kB (1259 bytes)
Hash
f38c93cd23cf661994eb0fecedfb0feb
1eea385114c5c9df1ee727e646b5c94f376eff77
62b8ad7c90cb0eab4ed2e45c541471dc99c55551f754ecb6c0b8ca147b7b0e80

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/search_impl.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1259
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 02:31:00 GMT
expires: Sat, 21 Sep 2024 02:31:00 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 112284
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854

104.16.56.101

200 OK

8.1 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
IP
104.16.56.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8
ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
8.1 kB (8111 bytes)
Hash
c88b127fbd5a4306484269996817bf3b
78ad443510c67a6d3a339e82cb08c300238b29d2
233749762a75436556fa8bfd70b502359e39cb636549ab7324cc513567b18d29

HTTP Headers

GET /beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/
Origin: https://www.3bmeteo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 09:42:24 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.7.1"
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b1d66168bd5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/onion.js

142.250.74.10

200 OK

9.0 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/onion.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (2312)
Size
9.0 kB (8959 bytes)
Hash
c7a5fdb5e70dac74320738ce17511857
a307b29bbde68c59da8ea0dcba62af01f37279c5
ab97dbaa4fef9a5b161c5134b3c5a802b91102bf3c46e2a2622e7138b1a30745

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/onion.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 8959
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 20:03:54 GMT
expires: Wed, 18 Sep 2024 20:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 308310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i4551262&2i3230365&2e1&3u15&4m2&1u350&2u430&5m5&1e0&5sit&6sit&10b1&12b1&client=google-maps-embed&token=84568

142.250.74.10

200 OK

15 kB

URL GET HTTP/3
maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i4551262&2i3230365&2e1&3u15&4m2&1u350&2u430&5m5&1e0&5sit&6sit&10b1&12b1&client=google-maps-embed&token=84568
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
PNG image data, 350 x 430, 8-bit colormap, non-interlaced\012- data
Size
15 kB (15372 bytes)
Hash
7a41d3b5a7133ae16b514f94ed3e22c7
612fd5e67fc91883ad778ce12853da8ff552167e
191b0fdf0d9d809b6d0b94d88adfd95a28f72d113111d89ea99634e5cd1cf705

HTTP Headers

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i4551262&2i3230365&2e1&3u15&4m2&1u350&2u430&5m5&1e0&5sit&6sit&10b1&12b1&client=google-maps-embed&token=84568 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
date: Sat, 23 Sep 2023 09:42:24 GMT
expires: Sun, 24 Sep 2023 09:42:24 GMT
cache-control: public, max-age=86400
server: scaffolding on HTTPServer2
content-length: 15372
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=73
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

156.54.128.69/condro/po/immagine_news.php?news=180&id=169

156.54.128.69

200 OK

8.9 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=180&id=169
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 233x217, components 3\012- data
Size
8.9 kB (8927 bytes)
Hash
cc47b7f5d143ab103abea711867663ff
4ae2c40e6fc6264d57cb7791bca74b1319e3bd76
2c1dbc3244d9f2c30e72e8bb3f1a0fe2c516f7c5420cabca304eae239c25ab28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=180&id=169 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="download.jfif"
Content-Length: 8927
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/octet-stream

156.54.128.69/favicon.png

156.54.128.69

200 OK

1.6 kB

URL GET HTTP/1.1
156.54.128.69/favicon.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1614 bytes)
Hash
d64de12f288e6a3405fc4d6740565bbb
014ba5af160f7b52f80aae8db41bc1c93b7a38e2
e40dc2abbb61458d486360247a35d79ff8efb4b3071ebeeba3962d1542cf37b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:25 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 20 May 2014 10:33:14 GMT
ETag: "64e-4f9d2683b2e80"
Accept-Ranges: bytes
Content-Length: 1614
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/immagini/slideshow/DJI_0467_201.jpg

156.54.128.69

200 OK

970 kB

URL GET HTTP/1.1
156.54.128.69/condro/immagini/slideshow/DJI_0467_201.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=19, height=2976, bps=242, PhotometricIntepretation=RGB, description=DCIM/100MEDIA/DJI_0467.JPG, manufacturer=DJI, model=FC1102, orientation=upper-left, width=3968], progressive, precision 8, 2000x500, components 3\012- data
Size
970 kB (969928 bytes)
Hash
7b4517a10d82ca7399905c2ae1fcea45
4730e2c2ddb3c87772e824a5717ed0abbeef92d7
fa545ef8164f727dbd77cbf195126be0df0bb77de9014b792587fdc7770ce596

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/slideshow/DJI_0467_201.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:25 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Thu, 27 Feb 2020 07:19:23 GMT
ETag: "eccc8-59f898a4d309d"
Accept-Ranges: bytes
Content-Length: 969928
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/po_p_eventi.php

156.54.128.69

200 OK

65 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/po_p_eventi.php
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (2327), with CRLF, LF line terminators
Size
65 kB (65015 bytes)
Hash
cf4f816316886ec80d900ccdf69c45e9
ed70949ac84c893976a2b3a5a4dab712dfe64f01
86a7e190ab7859d3ec987e3ca5f362542a0bb06d53f7d33709d2564fe4372ef5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/po_p_eventi.php HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

156.54.128.69/condro/immagini/Rss.png

156.54.128.69

200 OK

724 B

URL GET HTTP/1.1
156.54.128.69/condro/immagini/Rss.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
724 B (724 bytes)
Hash
0d18651af70d3f42fbd3849fb93f16ca
8f7baf8e9eccb882f2535d14c15324d94fe7ec7e
bcdbd038b015823e7d805fbe3529bba902280e5ec4c832e7734fd441aeafc313

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/Rss.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Mon, 04 Oct 2010 16:28:30 GMT
ETag: "2d4-491cd08df0780"
Accept-Ranges: bytes
Content-Length: 724
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/po/po_p_eventi.php

156.54.128.69

200 OK

65 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/po_p_eventi.php
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (2327), with CRLF, LF line terminators
Size
65 kB (65015 bytes)
Hash
73a57d016d019b0db7fed300eb07a3e1
a1bf1b0dcf2284faefd691c0b6e2d419e2136852
43a6e867fc4991c02725a6728bd12f0969bd7d7d97b501ea3e9ee9ab90530a0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/po_p_eventi.php HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:21 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

156.54.128.69/condro/immagini/yellow_wai-aa.gif

156.54.128.69

200 OK

328 B

URL GET HTTP/1.1
156.54.128.69/condro/immagini/yellow_wai-aa.gif
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
GIF image data, version 89a, 80 x 15\012- data
Size
328 B (328 bytes)
Hash
764bfa65307cd08b78baf3082a2128e4
98ad1fa2569bba0813b87c466f694acbb9c8425d
86455a6d9d1c9e84bc255d5e2c98675abb73e5b1e65ce82279b2258e8ef1fea1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/yellow_wai-aa.gif HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Thu, 30 Sep 2010 16:24:47 GMT
ETag: "148-4917c8436d1c0"
Accept-Ranges: bytes
Content-Length: 328
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif

156.54.128.69/condro/immagini/valid_html5.png

156.54.128.69

200 OK

984 B

URL GET HTTP/1.1
156.54.128.69/condro/immagini/valid_html5.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 80 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
984 B (984 bytes)
Hash
337c3a6861c29095b81843d2ca643a31
d33ddf9d79736f41aaf76ac486194710b4a71690
be3aa6a5984d4d3c784a6245e34c310f848006b61b11512394fdbf69685892ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/valid_html5.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 09 Aug 2013 16:00:22 GMT
ETag: "3d8-4e385df383180"
Accept-Ranges: bytes
Content-Length: 984
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/immagini/slideshow/DJI_0467_202.jpg

156.54.128.69

200 OK

987 kB

URL GET HTTP/1.1
156.54.128.69/condro/immagini/slideshow/DJI_0467_202.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=19, height=2976, bps=242, PhotometricIntepretation=RGB, description=DCIM/100MEDIA/DJI_0467.JPG, manufacturer=DJI, model=FC1102, orientation=upper-left, width=3968], progressive, precision 8, 2000x500, components 3\012- data
Size
987 kB (986974 bytes)
Hash
427b718b76d69dc0b7a70a0c6c72f3df
e256ec050afe0beeefa392b5114a826e2a79f3c9
46a756ffd7f533bc0d7ee2fd33d2b8c4282397ad861c61dd51159ada5aa32995

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/slideshow/DJI_0467_202.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Thu, 27 Feb 2020 07:19:30 GMT
ETag: "f0f5e-59f898abaa81b"
Accept-Ranges: bytes
Content-Length: 986974
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/immagini/valid_css3.png

156.54.128.69

200 OK

802 B

URL GET HTTP/1.1
156.54.128.69/condro/immagini/valid_css3.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 80 x 15, 8-bit colormap, non-interlaced\012- data
Size
802 B (802 bytes)
Hash
d1139a81312c86715122c2052bc17f09
1fe8f55c41b3df6b1371ef27d447efc31caac9e7
cf01ec1b2bfd19c0361df4e42eb5c573cc7ba8ac65ee3e24b9dfb012140aa4a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/valid_css3.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 09 Aug 2013 16:00:22 GMT
ETag: "322-4e385df383180"
Accept-Ranges: bytes
Content-Length: 802
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/images/index.jpg

156.54.128.69

200 OK

9.7 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/index.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3\012- data
Size
9.7 kB (9652 bytes)
Hash
fb8bed3e2c26d10db28e842807fdd4ae
eaac6f09259da31eb56e8781db7d4cdc8b71c783
449ce75fc08f121051960f875544604803f2d30c87175729d90ac507d27d8788

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/index.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Sun, 29 Mar 2020 09:54:32 GMT
ETag: "25b4-5a1fb524730ca"
Accept-Ranges: bytes
Content-Length: 9652
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/zf/index.php/kamaleonte/index/logo/preview/0

156.54.128.69

200 OK

9.6 kB

URL GET HTTP/1.1
156.54.128.69/condro/zf/index.php/kamaleonte/index/logo/preview/0
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced\012- data
Size
9.6 kB (9557 bytes)
Hash
aa2a11b5df2acf87b30c8d67ea1e0ae2
5bb2520b2ee6b18308ca9371b60ab21ad12213c3
d068d13322db66c942bddb9f73745315917b0f10bc445a83d37f25f47fe5e6bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/zf/index.php/kamaleonte/index/logo/preview/0 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Disposition: inline; filename="condro.png"
Content-Length: 9557
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/images/prefett.jpg

156.54.128.69

200 OK

23 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/prefett.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 326x341, components 3\012- data
Size
23 kB (22707 bytes)
Hash
7f9e8c3448bc361dfae18e909584fec4
08fcd00843109e7ced4ce1b6c1e2d941bb8fce81
4e3b4eacbd89a9e58c4d7545c39d783d1966e32f76e87701a4450cff37362006

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/prefett.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Fri, 02 Sep 2022 09:27:17 GMT
ETag: "58b3-5e7ae56045f89"
Accept-Ranges: bytes
Content-Length: 22707
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/immagini/sfondomenu.png

156.54.128.69

200 OK

4.1 kB

URL GET HTTP/1.1
156.54.128.69/condro/immagini/sfondomenu.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 240 x 518, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4059 bytes)
Hash
1da8f2bf973fed26a3e245a679d342cd
a1420de4b0321743523c304aa6689c521aa15b49
dc22ef9c68a42437695787e5730c2ab0636312cf8fddfcf7b1bd0bae0293fd71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/immagini/sfondomenu.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 19 Oct 2010 07:06:24 GMT
ETag: "fdb-492f2ee43bc00"
Accept-Ranges: bytes
Content-Length: 4059
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png

156.54.128.69/condro/images/Logo%20unione_1_.jpg

156.54.128.69

200 OK

110 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/Logo%20unione_1_.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 837x736, components 3\012- data
Size
110 kB (109526 bytes)
Hash
1d000f2314c1a9764e2633bf58c05d22
8a09a82b1646c04352a297cb2aa5d7044b4af96e
9e4db25efe9cf0f3554002d45f4a8a061ff1b79ceaebab45cd877352e5a8caf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/Logo%20unione_1_.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Sat, 23 Apr 2022 19:13:00 GMT
ETag: "1abd6-5dd5721af290c"
Accept-Ranges: bytes
Content-Length: 109526
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=190&id=181

156.54.128.69

200 OK

39 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=190&id=181
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
GIF image data, version 87a, 600 x 400\012- data
Size
39 kB (38725 bytes)
Hash
54016269d19a05bf4eeef958117447b7
cbc05e392684708de72b24d33dc9fd628bb4f7a3
35fcaf6382b3f293abf47ddf16979474af258b3539518d4a21986ad700b87a42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=190&id=181 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="fire_danger-1.gif"
Content-Length: 38725
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/gif

156.54.128.69/condro/images/Logo%20GAL%20Tirreno%20Eolie.jpg

156.54.128.69

200 OK

81 kB

URL GET HTTP/1.1
156.54.128.69/condro/images/Logo%20GAL%20Tirreno%20Eolie.jpg
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100", progressive, precision 8, 500x500, components 3\012- data
Size
81 kB (81009 bytes)
Hash
a6e72319be9a0a3da6fbb21f12ac3d92
50197eb3295a9355cb1d0936362f8ff41c4dc881
c1effc4353044c6050074f75e6f5fe303cda11a7cbeec722cd4346897cbc94a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/images/Logo%20GAL%20Tirreno%20Eolie.jpg HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Sun, 29 Mar 2020 09:29:24 GMT
ETag: "13c71-5a1faf86146cb"
Accept-Ranges: bytes
Content-Length: 81009
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/condro/po/immagine_news.php?news=115&id=87

156.54.128.69

200 OK

170 kB

URL GET HTTP/1.1
156.54.128.69/condro/po/immagine_news.php?news=115&id=87
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 885x400, components 3\012- data
Size
170 kB (169782 bytes)
Hash
0e7e2d07f75602d46b6af193eb51f6e6
1c12f4bf4ed9f57ed66f16bea5a33d2dbfd697c8
26430434d2cc093380d724429e6d8bccb96d2bf3e9e7531ac84fa3067fdad1fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /condro/po/immagine_news.php?news=115&id=87 HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:22 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
X-Powered-By: PHP/5.6.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "f7ec849b691724351412a0223e4d101d"
Last-Modified: Wed, 04 Nov 2015 14:35:56 +0000
Content-Disposition: inline; filename="anpr.jpeg"
Content-Length: 169782
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/jpeg

156.54.128.69/favicon.png

156.54.128.69

200 OK

1.6 kB

URL GET HTTP/1.1
156.54.128.69/favicon.png
IP
156.54.128.69:80
ASN
#20746 Telecom Italia

Requested by
http://156.54.128.69/condro/hh/index.php

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1614 bytes)
Hash
d64de12f288e6a3405fc4d6740565bbb
014ba5af160f7b52f80aae8db41bc1c93b7a38e2
e40dc2abbb61458d486360247a35d79ff8efb4b3071ebeeba3962d1542cf37b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: 156.54.128.69
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/condro/hh/index.php
Cookie: PHPSESSID=0574b4662ebdfbef4aff1a743d6e2a17
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 09:42:26 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2k PHP/5.6.31
Last-Modified: Tue, 20 May 2014 10:33:14 GMT
ETag: "64e-4f9d2683b2e80"
Accept-Ranges: bytes
Content-Length: 1614
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

www.3bmeteo.com/cdn-cgi/rum?

104.17.63.55

204 No Content

0 B

URL POST HTTP/3
www.3bmeteo.com/cdn-cgi/rum?
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
Content-Type: application/json
Content-Length: 578
Origin: https://www.3bmeteo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Sat, 23 Sep 2023 09:42:39 GMT
access-control-allow-origin: https://www.3bmeteo.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 80b1d6bf1bfa5684-OSL
x-frame-options: DENY
x-content-type-options: nosniff

maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/overlay.js

142.250.74.10

200 OK

3.4 kB

URL GET HTTP/3
maps.googleapis.com/maps-api-v3/api/js/54/6/intl/it_ALL/overlay.js
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d6273.104721844896!2d15.32212667642927!3d38.17384171875502!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x13143725379b38a5%3A0x97fb61e9f8d3405!2s98043%20Condr%C3%B2%20ME!5e0!3m2!1sit!2sit!4v1582187502920!5m2!1sit!2sit
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (3472), with no line terminators
Size
3.4 kB (3376 bytes)
Hash
69f59e0377b60331fd521bfae3e32015
67976fdb604d58cf7fc8bc45b1ad5835c7663b42
1ebf33570d030b77c6789995b0c2a918a4f2ba6cac6d0622da000ea03c83fb0d

HTTP Headers

GET /maps-api-v3/api/js/54/6/intl/it_ALL/overlay.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1260
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 18:36:25 GMT
expires: Fri, 20 Sep 2024 18:36:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Sep 2023 20:18:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 140759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it

104.17.63.55

200 OK

5.0 kB

URL GET HTTP/2
www.3bmeteo.com/moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it
IP
104.17.63.55:443
ASN
#13335 CLOUDFLARENET

Requested by
http://156.54.128.69/condro/hh/index.php
Certificate
IssuerCloudflare, Inc.
Subject3bmeteo.com
Fingerprint81:30:46:F5:65:82:A2:B8:DE:83:FF:A7:00:39:31:2A:9F:80:E5:A9
ValiditySat, 08 Apr 2023 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5155), with no line terminators
Size
5.0 kB (4979 bytes)
Hash
655757cdf17b5c4c88619282fc8b1efa
d3417717feaf4318019f176b96074c54c5d0538a
bc7b8d8863c507c07c9604763de2b827e7fdeb90034095bea52d7fc59c2a63b2

HTTP Headers

GET /moduli_esterni/localita_6_giorni_compatto/2302/ffffff/356E67/5e5e5e/ffffff/it HTTP/1.1
Host: www.3bmeteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://156.54.128.69/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 09:42:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
pragma: public
cache-control: public, s-maxage=300
expires: Sat, 23 Sep 2023 09:47:23 GMT
last-modified: Sat, 23 Sep 2023 09:42:23 GMT
x-fastcgi-cache: MISS
x-fastcgi-zone: PSP-01
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FvdcoY48yDOMGhVUDZdxQsX9BB6pcupb6vQR1sE4BlHdAxg%2FMHOy0WC%2BU4KLyAsh4iB%2B0SL6stFiuvfnrNLGAhDF5gRAGfYI5I0jILr9b%2Ft%2FGFHstiNtHfInHFNWqUtMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: ci_session=12cf264f37c5c19231e18d7fc8b682ed37f31126; expires=Sat, 23-Sep-2023 11:42:23 GMT; Max-Age=7200; path=/; domain=.3bmeteo.com; secure; HttpOnly
__cflb=02DiuEAbwCALrV1nigmvJi9Mecjoygi8yesheBUyfrFnL; SameSite=Lax; path=/; expires=Sun, 24-Sep-23 08:42:23 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80b1d65dbc65b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN