| GET contorosa.space/favicon.ico |  188.114.96.1 | 403 Forbidden | 9.4 kB |
URL GET HTTP/3contorosa.space/favicon.ico IP188.114.96.1:443
Requested byhttps://contorosa.space/Stb/Unretev.php?bl=ffg7BUZWQeiQsCZSsiLCW013.dll CertificateIssuerGoogle Trust Services Subjectcontorosa.space Fingerprint19:30:E5:FD:2B:9F:EE:89:BE:F9:B6:05:D4:AB:2F:D3:0E:C9:F8:EC ValidityWed, 22 Jan 2025 11:59:09 GMT - Tue, 22 Apr 2025 12:56:25 GMT
File typeHTML document, ASCII text, with very long lines (394) Hash49017fae2cdcb6357cf32983d80ab636 394d0fcd245d95958299cad9f8cd8e552a52c851 e5ae431451947d4353f5432740a9b4295db29ba31d7be8125c661af153e80fe3
GET /favicon.ico HTTP/1.1
Host: contorosa.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://contorosa.space/Stb/Unretev.php?bl=ffg7BUZWQeiQsCZSsiLCW013.dll
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Sun, 23 Feb 2025 21:03:59 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Sun, 23 Feb 2025 21:04:14 GMT
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KEJJWPRTpk8F%2FDnxMQwG90b57FWEN6p%2Fa1h8Si3gLdu3zg%2Fv4NnjWqq4er5zybu7EpZgjcn%2BYZl%2B1wMqTeOAbolQEMXdh62%2FWo%2BOQdG80I8npkBHUpFYMpRDqe2gIMrqnjU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 916a2a6ce9a41c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4219&min_rtt=1383&rtt_var=2544&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4132&recv_bytes=1244&delivery_rate=425801&cwnd=12000&unsent_bytes=0&cid=1efa9102d083394d&ts=261&x=1", cfExtPri, cfHdrFlush;dur=0
|
| GET contorosa.space/Stb/Unretev.php?bl=ffg7BUZWQeiQsCZSsiLCW013.dll | 188.114.96.1 | 200 OK | 42 kB |
URL User Request GET HTTP/2contorosa.space/Stb/Unretev.php?bl=ffg7BUZWQeiQsCZSsiLCW013.dll IP188.114.96.1:443
CertificateIssuerGoogle Trust Services Subjectcontorosa.space Fingerprint19:30:E5:FD:2B:9F:EE:89:BE:F9:B6:05:D4:AB:2F:D3:0E:C9:F8:EC ValidityWed, 22 Jan 2025 11:59:09 GMT - Tue, 22 Apr 2025 12:56:25 GMT
File typeASCII text, with very long lines (42328), with no line terminators Hashff1df170fb17692a415179ed4aae7c0b 1cf0b7413b8f787a8319ba01aba0c2c55c44c7f7 ba83cd4eb063485a2e4398cd113fe45e9c2a875fb0ec4c8373b443950db5b9eb
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Base64 encoded file |
GET /Stb/Unretev.php?bl=ffg7BUZWQeiQsCZSsiLCW013.dll HTTP/1.1
Host: contorosa.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 23 Feb 2025 21:03:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=khl2l9FSiJw5eUb1P7Me9UgV876MV0vCnF3Fkk%2BXkDxcgh8ZoHDeeXys6GXVgyTyKyO%2BmSXN2zpfq0OUJFazXUnEQ5eVtTsn8G2PbkGzYqlOl3dkVylCU%2BBpz%2FUzFww13VE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 916a2a6a68f61bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5557&min_rtt=497&rtt_var=10132&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3212&recv_bytes=1161&delivery_rate=7006451&cwnd=254&unsent_bytes=0&cid=83e3f5a95c2518f3&ts=136&x=0"
X-Firefox-Spdy: h2
|