Report - victory-collections.top/d2VxjasuwS/Login.php

Report Overview

Submitted URL
victory-collections.top/d2VxjasuwS/Login.php
IP
199.59.243.223
ASN
#16509 AMAZON-02
Submitted
2023-05-06 07:55:12
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
50

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-05	1.7 kB	3.5 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2023-05-05	3.1 kB	60 kB	142.250.74.164
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2023-05-05	983 B	2.1 kB	142.250.74.97
e1.o.lencr.org	6159	2020-06-29	2021-08-20	2023-05-05	328 B	730 B	23.33.119.27
victory-collections.top	unknown	2022-04-28	2022-05-04	2023-03-20	3.9 kB	77 kB	199.59.243.223

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-06 07:54:57	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-05-06 07:54:57	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-05-06 07:54:57	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-05-06 07:54:57	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-06	medium	victory-collections.top/_tr
2023-05-06	medium	victory-collections.top/d2VxjasuwS/Login.php
2023-05-06	medium	victory-collections.top/_fd
2023-05-06	medium	victory-collections.top/js/parking.2.104.9.js

mnemonic secure dns

Scan Date	Severity	Indicator
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top
2023-05-06	medium	victory-collections.top

ThreatFox

Scan Date	Severity	Indicator
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top
2023-04-26	medium	victory-collections.top

JavaScript (5)

	URL	Size	First Seen	Last Seen
	victory-collections.top/d2VxjasuwS/Login.php	351 B	2023-05-06	2023-05-06
Pretty URL victory-collections.top/d2VxjasuwS/Login.php IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 09:55:14 Last Seen2023-05-06 09:55:14 Times Seen1 Hash 871f55f52bd1aa1a6c9713f4b406ae4a bd1b5ccbccc8545e30e0b5a3332e829658e65ff8 b3a200eacd9ee1e2d55844b267a78b255658b9a0b87cc6d006b54e8521e623cb Loading...

	victory-collections.top/js/parking.2.104.9.js	69 kB	2023-05-03	2023-05-10
Pretty URL victory-collections.top/js/parking.2.104.9.js IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 21:41:31 Last Seen2023-05-10 22:09:44 Times Seen1147 Hash fc0add3f511e88e8b76fb4d99385e79d db7c675436018d9cadea0faa1e1ab3d0e149fd70 5fa30919d2af0a6153e6dbc2cdb0a06232dd5341ac72a423599289d4039b8027 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-03	2023-05-17
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 19:30:42 Last Seen2023-05-17 19:05:51 Times Seen2358 Hash 22266f789b45619166c987088bb07b0e e972c68a02f9d3146763bfd549971e4c2ae2f0f0 a8c61912569110fd4bce13e380d6be99ef0301f54f44a18a63321f281e266127 Loading...

	www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264	6.4 kB	2023-05-06	2023-05-06
Pretty URL www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 09:55:14 Last Seen2023-05-06 09:55:14 Times Seen1 Hash 5e101f58d01b0312eec6bea321e33c38 ac8b35ddba951217de562cd99aa76a432f3b7162 ddba3c24c5745328a5176be9f9a58e7d2060dd1bfb71886095ddeee60241fd02 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-03	2023-05-17
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 19:50:16 Last Seen2023-05-17 18:16:31 Times Seen1366 Hash 2b81572eb26b5b487266c51af2ec4cec 0c89d880d11700ea0efb853de51c6693f4e0e8df f5f58396b191db3de7b9981fc9e4f03d33a29697b7e8705449e064b4b8a2684d Loading...

HTTP Transactions (19)

URL IP Response Size

e1.o.lencr.org/

23.33.119.27

346 B

URL
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
6e33eca024ac6cfeef62e41bb8b20279
4a2d217d6766eebc297e52d3e594a87b753a8ca0
a7cc850c42d8c3db994fface26b18f1fa627d3af2af84e77442be24477ee58d6

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A7CC850C42D8C3DB994FFACE26B18F1FA627D3AF2AF84E77442BE24477EE58D6"
Last-Modified: Sat, 06 May 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Sat, 06 May 2023 13:54:34 GMT
Date: Sat, 06 May 2023 07:54:56 GMT
Connection: keep-alive

victory-collections.top/px.gif?ch=1&rn=2.0943281220385215

199.59.243.223

200 OK

42 B

URL GET HTTP/2
victory-collections.top/px.gif?ch=1&rn=2.0943281220385215
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=1&rn=2.0943281220385215 HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Sat, 06 May 2023 07:54:57 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 15 Sep 2021 19:38:30 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

victory-collections.top/px.gif?ch=2&rn=2.0943281220385215

199.59.243.223

200 OK

42 B

URL GET HTTP/2
victory-collections.top/px.gif?ch=2&rn=2.0943281220385215
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=2&rn=2.0943281220385215 HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Sat, 06 May 2023 07:54:57 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 15 Sep 2021 19:38:30 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
02ba75903f02c48b30395328fff9927e
43f817f355059ed03490ef1bab8ff0deffbfe744
53a5ffd09f760367667dd07ef2d98936e2e49d616ed75fcac4ccf1182c89ca0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 07:54:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

victory-collections.top/favicon.ico

199.59.243.223

200 OK

0 B

URL GET HTTP/2
victory-collections.top/favicon.ico
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Sat, 06 May 2023 07:54:57 GMT
content-type: image/x-icon
content-length: 0
last-modified: Wed, 15 Sep 2021 19:38:30 GMT
etag: "61424bb6-0"
x-backend-server: ip-10-201-16-189.ec2.internal
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf34384a7fd9e62b9045178ff81864df
732744c22cd182dac8ab80666ef2d8985a47d3a9
89f580bee129d929f610dcbb61af775e59ebd60acf584cf274346ecf638816f5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 07:54:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264

142.250.74.164

200 OK

2.1 kB

URL GET HTTP/3
www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5524)
Size
2.1 kB (2141 bytes)
Hash
d9d71c56ab7c42aa3865029d1402aa3e
feb74ce199d3f7fde47c8ee119b138b1235152ea
b982d09e9d391a201eebdf040728bf29faa41fc4441536cca09fe41be84b5376

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 06 May 2023 07:54:57 GMT
expires: Sat, 06 May 2023 07:54:57 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-gYiWVO-fK0cVBLKjw8V_BA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2141
x-xss-protection: 0
set-cookie: CONSENT=PENDING+017; expires=Mon, 05-May-2025 07:54:57 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 07:54:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 07:54:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint22:2A:81:06:18:D1:68:C5:1A:F7:E4:D9:FB:DF:C4:9B:E3:FD:BF:6E
ValidityMon, 17 Apr 2023 08:26:19 GMT - Mon, 10 Jul 2023 08:26:18 GMT

File type
ASCII text, with very long lines (2125)
Size
54 kB (53925 bytes)
Hash
d4a1961df17fa5e6f8ce3592cc210245
a4913fcad01153f16fc926b0b9996437adb485a9
b1d497d768d71d1c5fdeeea77503b4c363e0417fe12472a4a23a6ea7ca1241fd

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 06 May 2023 07:54:57 GMT
expires: Sat, 06 May 2023 07:54:57 GMT
cache-control: private, max-age=3600
etag: "7274119577584337245"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size
278 B (278 bytes)
Hash
bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 05 May 2023 23:05:24 GMT
expires: Sat, 06 May 2023 22:05:24 GMT
cache-control: public, max-age=82800
age: 31773
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 07:54:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=o3rlp95bju70&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1

142.250.74.164

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=o3rlp95bju70&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=o3rlp95bju70&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-wGuSkgRUwFi_kLj_YNvOxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 06 May 2023 07:54:59 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=uMY-5egQhKT5jzK4tkB9_XsOuLAFz9klucKoMab3c5Nb9nsW_mxpqGYoCy4ADhLVIhdOQEUcvyLPsVMVJxIYqaKF1U-h6X8O1ofdj3TnCFTX9opGITkbio-Dtkfq5KFEaJL8FkkT8eBJoaurmCxZDRCS64y8-dsY0HBZcibw-Ew; expires=Sun, 05-Nov-2023 07:54:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+924; expires=Mon, 05-May-2025 07:54:59 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

victory-collections.top/_tr

199.59.243.223

200 OK

22 B

URL POST HTTP/2
victory-collections.top/_tr
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Content-Type: application/json
Content-Length: 1609
Origin: https://victory-collections.top
DNT: 1
Connection: keep-alive
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
content-type: text/html; charset=UTF-8
date: Sat, 06 May 2023 07:54:58 GMT
x-version: 2.104.9
set-cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86; expires=Sat, 06-May-2023 08:09:58 GMT; Max-Age=900; path=/; httponly
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

victory-collections.top/d2VxjasuwS/Login.php

199.59.243.223

200 OK

899 B

URL User Request GET HTTP/2
victory-collections.top/d2VxjasuwS/Login.php
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (917), with no line terminators
Size
899 B (899 bytes)
Hash
d4940768cccda4923b55f00b23f586ff
b4b925127e40d3f4edf6157c32264aa7d864f679
8c068edfad26b1a70fae0074a49a8a33e1569a8bff1f93350c7bc6a2fce1ecac

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /d2VxjasuwS/Login.php HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Sat, 06 May 2023 07:54:56 GMT
content-type: text/html; charset=UTF-8
set-cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86; expires=Sat, 06-May-2023 08:09:56 GMT; Max-Age=900; path=/; HttpOnly
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BW2qakGkJdXEgaidTFnGpPi6ocSUtKQ4lmB2LdxohFE7c9s4XNZya9f0pZ2TGVSFfE/j1NJw0WeCCiWJQXQwVA==
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

victory-collections.top/_fd

199.59.243.223

200 OK

3.8 kB

URL POST HTTP/2
victory-collections.top/_fd
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type
ASCII text, with very long lines (3765), with no line terminators
Size
3.8 kB (3765 bytes)
Hash
910426e20bc52a073032a7bb3a0236ba
94dcee757e613bc9a2a0890ef34af2d6e1dba4dc
cfc8a37b8a8a6c5a5b0e2815eb124952c8ae5995482939d24e5dbf966e64ff02

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_fd HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Content-Type: application/json
Origin: https://victory-collections.top
DNT: 1
Connection: keep-alive
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: openresty
content-type: text/html; charset=UTF-8
date: Sat, 06 May 2023 07:54:57 GMT
x-version: 2.104.9
set-cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86; expires=Sat, 06-May-2023 08:09:57 GMT; Max-Age=900; path=/; httponly
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

200 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol47%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol431&client=dp-bodis31_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fvictory-collections.top%3Fcaf%26&terms=strapless%20gown%2Cpink%20rose%2Ctank%20top&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2495773305495993&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=2981683359698857&num=0&output=afd_ads&domain_name=victory-collections.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1683359698859&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=https%3A%2F%2Fvictory-collections.top%2Fd2VxjasuwS%2FLogin.php&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
200 B (200 bytes)
Hash
e81eb30a6c5589e7f39436e40b400822
ca2513ede010b3db00099335b809ca693c2cd65c
055ae1fef3be182534069c718e2dc0ab07d7464bcc3ded19553da07d37333657

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 06 May 2023 06:00:13 GMT
expires: Sun, 07 May 2023 05:00:13 GMT
cache-control: public, max-age=82800
age: 6884
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

victory-collections.top/js/parking.2.104.9.js

199.59.243.223

200 OK

69 kB

URL GET HTTP/2
victory-collections.top/js/parking.2.104.9.js
IP
199.59.243.223:443
ASN
#16509 AMAZON-02

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerLet's Encrypt
Subjectvictory-collections.top
FingerprintBF:18:DC:4D:A0:B5:B9:CB:61:7C:F9:31:E7:33:69:37:AF:42:9A:61
ValidityThu, 09 Feb 2023 08:16:16 GMT - Wed, 10 May 2023 08:16:15 GMT

File type

Size
69 kB (68934 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	Amadey
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /js/parking.2.104.9.js HTTP/1.1
Host: victory-collections.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/d2VxjasuwS/Login.php
Cookie: parking_session=c732c6af-2f74-802a-83a1-abe9fe9a8d86
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Sat, 06 May 2023 07:54:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 May 2023 19:30:24 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=wj1s2271axgh&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1

142.250.74.164

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=wj1s2271axgh&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://victory-collections.top/d2VxjasuwS/Login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=wj1s2271axgh&aqid=0QdWZJHJHoCOmLAPpf2m-Ak&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=528505921&csala=7%7C0%7C272%7C58%7C326&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://victory-collections.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-sbzL8PBSpI7HR6P0rh_Nkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 06 May 2023 07:55:00 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=c6PABDt5GAG4WX1p92aZ3i96gdy3B5n5V_gbc41STVxkUasMUpapBSgqGkL0odPjlo3Ds5r3d8oYONFFWY1gSSMB0bv1JMYaD71tDFvts8VVW9TL1a-9VWEkvBXa05qoBV0y_aTQV31By36KLgwxE9XeawGJkf_K3_I3j0cXOo4; expires=Sun, 05-Nov-2023 07:55:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+868; expires=Mon, 05-May-2025 07:55:00 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2