Report - levitra-gg.com/?p=64716

Report Overview

Visited public
2023-11-06 17:37:27
Tags
Submit Tags
URL
levitra-gg.com/?p=64716
Finishing URL
levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Trimax Istanbul Life Islak Dudaklar Rapidshare |WORK| - Levitra Fitness

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-06 15:19:30	529 B	34 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-06 15:09:40	582 B	34 kB	142.250.74.106
secure.gravatar.com	1671	2004-07-15	2012-05-22 07:36:38	2023-11-06 12:06:29	470 B	2.6 kB	192.0.73.2
www.calaixdefilosofiadigital.com	unknown	2023-01-17	2022-06-23 07:15:16	2023-03-20 21:41:52	475 B	0 B	0.0.0.0
www.verywellhealth.com	35418	2006-01-19	2018-05-09 18:24:42	2023-11-03 10:24:57	571 B	96 kB	0.0.0.0
levitra-gg.com	unknown	2018-03-20	2018-05-04 08:02:49	2023-11-06 18:27:48	22 kB	1.9 MB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed
2023-11-06	medium	levitra-gg.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.4	ScriptElement	34 kB	2023-03-07	2025-06-30
Pretty URL levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.4 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-30 00:53 Times Seen2382 Hash dffa195b546cf1dfd52f2206955eb892 a3d48e8f126eb96d12191d76ed71ad2bc8651d59 6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f Loading...

	levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.3.2	ScriptElement	45 kB	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen109 Hash b44600a4b31819b2b98ca6157eabb706 feeaaca1ee534517f4505f8f998fbccff67a23b4 0c5fe43bcfb312486e00343211f37c791fabc22b197e91be480e00d36ad8778b Loading...

	levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.3.2	ScriptElement	5.8 kB	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen130 Hash 32a92736c3f4ddb11b494f7b39714acf 1ade4bf5a22f63a184413cbe9fa23239bef00786 82020205c5dc1f2b2dfede6f288ce43524b03f5b86427c0887f9e6e0cde7e1fa Loading...

	levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html	ScriptElement	3.3 kB	2023-10-30	2024-08-20
Pretty URL levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-30 00:52 Last Seen2024-08-20 21:52 Times Seen3 Hash 1054345c565ef0639d29d32b336eb093 fd1fbb7f7b4bb4da0f1a2f6ed1fff9bc086334dd 78fbf9c7cecb05c53b2d0a40e8b26d6922fcdf35cd354080a09e4ec88deec7e3 Loading...

	levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html	ScriptElement	1.9 kB	2023-07-19	2024-08-20
Pretty URL levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 20:51 Last Seen2024-08-20 21:52 Times Seen3 Hash 78b9b9f8a4aa406b0605469ffb5c6342 b194f6d51526bd446f317dd2455adfad1bf3d4a6 f1fe535d443da43f968a1e19597a47956a045592418a0566f5f74d318a847cc3 Loading...

	levitra-gg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	ScriptElement	14 kB	2023-05-09	2025-06-30
Pretty URL levitra-gg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-06-30 04:37 Times Seen130806 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	levitra-gg.com/wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.3.2	ScriptElement	24 kB	2023-03-07	2025-06-30
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-06-30 03:57 Times Seen2995 Hash 88d0fe722f04973e2888b58a63aa0570 f947512e51f8ef4b15bba3f701de64e53a7f7f9b e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c Loading...

	levitra-gg.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0	ScriptElement	88 kB	2023-06-13	2025-06-30
Pretty URL levitra-gg.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-13 23:41 Last Seen2025-06-30 03:09 Times Seen26467 Hash ff04dd1ef5c67998d8652330c0441689 5e6ff5bd5240181a8bdea983837f39ac231dac4d 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164 Loading...

	levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html	ScriptElement	314 B	2023-03-07	2025-06-26
Pretty URL levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:07 Last Seen2025-06-26 01:54 Times Seen68 Hash 7728be931eb7d29a8cdf96d70f16ea6c 8b53deccaa57af8f9817a35a67364bfb7f3caf22 138b30244cb14209ddd0ed793286225d2162dc04a96d63103764a6a8ecc3c36e Loading...

	levitra-gg.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.3.2	ScriptElement	1.0 kB	2023-03-07	2025-06-29
Pretty URL levitra-gg.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-06-29 15:27 Times Seen737 Hash 110e06930c2043d5439adeb9999f07f5 1294fd7195b1c2652c3627fe7a57f71d447313b3 d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767 Loading...

	levitra-gg.com/wp-content/themes/newsup/js/bootstrap.js?ver=6.3.2	ScriptElement	135 kB	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/bootstrap.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen109 Hash 94c99954f62ec8d0819dc645645d9405 d9bd900db062aa387fd1593cc3f87fa9cb515dbf 04078e2c2770c7fafd845205695de48286c4300a68b9e7651ee1cc342a8911fb Loading...

	levitra-gg.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-30
Pretty URL levitra-gg.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-30 04:38 Times Seen81496 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	levitra-gg.com/wp-content/themes/newsup/js/navigation.js?ver=6.3.2	ScriptElement	2.3 kB	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/navigation.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen112 Hash b85a0e67de8c03a1848eb3391a7b612d 80a4ac5398ea4bc3185240ac7494a9bbf2af06f0 e3cc09317edff7a910580347cc4e5911f3ca99b849ab61225add4a152f45050a Loading...

	levitra-gg.com/wp-content/themes/newsup/js/jquery.marquee.js?ver=6.3.2	ScriptElement	24 kB	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/jquery.marquee.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen121 Hash 9f417cab213a1bb1135ddc1a13d3bf79 77fded210b60c36c896bd99b78ec4051ec7a1804 fab2c550fa601b966dfa3859f91004065655f025199f6c2fd0e9dc1c5574f018 Loading...

	levitra-gg.com/wp-content/themes/newsup/js/main.js?ver=6.3.2	ScriptElement	602 B	2023-03-07	2025-06-28
Pretty URL levitra-gg.com/wp-content/themes/newsup/js/main.js?ver=6.3.2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42 Last Seen2025-06-28 19:56 Times Seen115 Hash 16c2a06dfa2faf84e0fb5ffb30e10b5c 14d43b7e25f1465f9f70f9fd5c4aafc40c270ada fa872ad20e9bb1922c2c41769033e224122845f61f81fcbce2f3bcfad3f068e8 Loading...

HTTP Transactions (43)

URL IP Response Size

levitra-gg.com/

188.114.97.1

18 kB

URL
levitra-gg.com/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
18 kB (18544 bytes)
Hash
bf6ba9aee57d1947da4880360b6ce3d2
53b0d45a74576f299885e31cdd90e6c3f0e1be63
35ce245fb723276725522c451a49d5ab43e4428ef8cbe7aba0853ee647e028f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 17:37:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-edge-cache: cache,platform=wordpress
link: <http://levitra-gg.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FPg04HN7eJ7Xjth%2B5vv5kEYNbcu7ny8rXOKCi3AzB1gB931ATGoj44ZO%2B3p8zPYx8w9fx5FGJEVWWY10lByZdeMH1oTpAmSGo1UEBEb4fSb91d1pj3a3e%2BI4D0zzzcL7A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 821f1a5f4d0ab50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET levitra-gg.com/?p=64716

188.114.97.1

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
levitra-gg.com/?p=64716
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?p=64716 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Nov 2023 17:37:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-edge-cache: cache,platform=wordpress
x-litespeed-tag: 320_HTTP.200,320_HTTP.301
x-redirect-by: WordPress
location: http://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
x-litespeed-cache-control: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMhYhHzqBptnt05WhrFL3z3hkKe9GyXRzBf0z3qUPzPS0Q7cAT2qKL7wpallV8nBOBU88KaZOSojKxq59eDMipXXG4DHipsDtW47BNDRGI9yNK6Lknnex1ilE5pne94%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 821f1a62ab2c5694-OSL
alt-svc: h2=":443"; ma=60

GET levitra-gg.com/wp-content/uploads/2021/11/default-2.png

188.114.96.1

200 OK

46 kB

URL GET HTTP/3
levitra-gg.com/wp-content/uploads/2021/11/default-2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size
46 kB (46172 bytes)
Hash
85e5caa47183a4bf538cde6c0feb17f8
2f8f86f8ed1d31979b1e4894735c1d2a98455d96
e8a0a22d5a4f5003213c41d7e7abdfb8f48571b048e994e013186a8ce9374376

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2021/11/default-2.png HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: image/png
content-length: 46172
cache-control: public, max-age=604800
expires: Thu, 09 Nov 2023 01:45:34 GMT
last-modified: Fri, 10 Feb 2023 04:02:55 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 402708
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4LlV%2BW%2Bp1P3YhaS8cQNbHYrrv2wC5rPNUl%2B4smExGllV%2FtwaSntMz7OJmqqzgzLD3z%2B%2FHAxq9vX0onsCe%2Bl0RWJ27cLHTg0unAo9n4vnyCU8WjA5yPIFbjY57BQrTtUdMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa48d59b524-OSL
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/css/wfpc-puzzle-captcha.css?ver=6.3.2

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/css/wfpc-puzzle-captcha.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
1.3 kB (1300 bytes)
Hash
6fe8fc05f50569e7e3664eb5107b573d
2048b4a9873c4bbbae62e969f446bad47b772db0
523844ccdf308f4aa6b7b6a3e5e549d96d8c1dab468646337efd385e5b912289

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wp-forms-puzzle-captcha/assets/css/wfpc-puzzle-captcha.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sat, 26 Mar 2022 03:05:48 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJd%2Ft9zkpCOpC6X%2FJGzaC9WZirQZmj9xRKzDxFUJ%2FxKPdWETL6RrF%2Bt36NSd%2F20vqKjWRffGjOuqfIVXyInVruppyoyj6dl3FNmPrgZlww6ohbpAv9nbNLS94PgjZEZH8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d24b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.1.4

188.114.96.1

92 kB

URL
levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.1.4
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
92 kB (92313 bytes)
Hash
20e8490fab0dcf7557a5c8b54494db6f
285db746dfc0d43b9ca42f8d65b69c908ff72ca5
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.1.4 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Mon, 18 Sep 2023 01:01:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGlO3apKuKwEtRd2QzxR5vRJteV%2BnCU6n73rsmg%2FOOh9jYMSFqeVIoq%2FA1RwDP%2Bm9P8PF8TiMVHJYaL92YgZrWe1OaTzAYfxz8aEztTbN2PuoIM%2Bssz9KSECKjK%2FaD5ZAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d1eb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.1.4

188.114.96.1

200 OK

149 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.1.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
149 kB (148750 bytes)
Hash
359aca8a88b2331aa34ac505acad9911
800a4f56bb87049e1f0d45cf93c4e8ef79144b45
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.1.4 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 13 Nov 2023 17:37:03 GMT
last-modified: Mon, 18 Sep 2023 01:01:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRL9iQQdXeK5vEFTH5Qiuu1WEDwsRWdkYwjSP4%2Ba2uAqYsKyDP2mCTCT27gs74QqgGhs8o7bfYivZzt75Z0wIVn%2FoxpP3f%2Bqsbx8%2FDqCimXeFGKhRIOBJq0HANDXVAu5Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d1fb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

levitra-gg.com/wp-content/themes/newsup/css/font-awesome/webfonts/fa-solid-900.woff2

188.114.96.1

75 kB

URL
levitra-gg.com/wp-content/themes/newsup/css/font-awesome/webfonts/fa-solid-900.woff2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 75392, version 330.15728\012- data
Size
75 kB (75392 bytes)
Hash
60ce8cf4dd9fe177abdfeda21e20798e
d378644ff0f7549fa6f217a08dfd2566a770638e
e348d772480f8c0e5fa546b3c531a38700ae16b5dad5defb5e67ade7f6d332e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.3.2
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:23 GMT
content-type: font/woff2
content-length: 75392
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 19
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iess%2Be6WCOoHjapVCIQO%2Fsd1t55HjBY782NJKv7U%2B5m3Z6V%2BzMHqCKi9%2FViq872y7XMoobuhKIx9YV4FaMmLoD%2BiHIn8nv2YXNrFxPD3XapLLxxPoTMLTUdLVL5Puu6LNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa6bf9eb524-OSL
alt-svc: h3=":443"; ma=86400

levitra-gg.com/wp-content/themes/newsup/css/font-awesome/webfonts/fa-brands-400.woff2

188.114.96.1

75 kB

URL
levitra-gg.com/wp-content/themes/newsup/css/font-awesome/webfonts/fa-brands-400.woff2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74760, version 330.15728\012- data
Size
75 kB (74760 bytes)
Hash
4f786efdf6328877ec2448bf265bcc8f
9465c5894ca2f93655fa5767b820b762aff6b518
fe85646af222500a866fd63beedb6ae00576c4afab4e0d28b15d9d6d92cb7da5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.3.2
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:23 GMT
content-type: font/woff2
content-length: 74760
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 19
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1U5oeNniaCYCjIr61OzTp0UvCxVb9Ij1fJCgxT7Ym3n8TG%2FPzBXQKIh1KqY%2FpyvkO2C1nmaQ6PcuMlEcD7bFQyMfKp7ZspYQCpa1VggPJOsfebOVppYFbSZCa1vtsuHTLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa6dfc2b524-OSL
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/css/colors/default.css?ver=6.3.2

188.114.96.1

200 OK

5.4 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/colors/default.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (1708)
Size
5.4 kB (5372 bytes)
Hash
d3cb3310473d25a1ed134e47ad4de6b9
7fc949b46ebf68755c04e83015e0e57f230aa04d
7f2b482108ad9ab7a45c2e7b27470b0c7ba51895455b2188867d4bb22f436d0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/colors/default.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Sun, 30 Oct 2022 14:30:51 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MdiPL55DHJYsXqt5JLzzrigfja%2FWGnwLvAFgr5%2FiswYYbo%2FZw8gnViuuTa9KfHSsrAN3tjcsvwBKt%2FNdTOeqItSFmYm7byMVzdVqBki0p01oz1JcPTmpSEDIdOzk%2BaX0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d2ab524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/bootstrap.js?ver=6.3.2

188.114.96.1

200 OK

89 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/bootstrap.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (328)
Size
89 kB (89234 bytes)
Hash
94c99954f62ec8d0819dc645645d9405
d9bd900db062aa387fd1593cc3f87fa9cb515dbf
04078e2c2770c7fafd845205695de48286c4300a68b9e7651ee1cc342a8911fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/bootstrap.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5BrYjZ3F1AJ5DekakGl7Z%2BSzzjJAjCmOCUcNiGC%2Fo7jqaYRsPmOxj0cHDJTHbpCD%2FDWjAz08ez8ob7iAFD9p4BAss6mMbhZmh3wnCEEocXI6%2BWlVFK21O9D24foAuSaYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d52b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.3.2

188.114.96.1

200 OK

115 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
115 kB (114618 bytes)
Hash
b44600a4b31819b2b98ca6157eabb706
feeaaca1ee534517f4505f8f998fbccff67a23b4
0c5fe43bcfb312486e00343211f37c791fabc22b197e91be480e00d36ad8778b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rx2fzfJdhKxtYXCDImXBYf1htdcA9RRQ1SWveJKITpt%2Fu69BQ5WiE7ZmwytZXNoH9qwjynELdMT6AqdZa68W3OFukaAdXjJC6DGOh2N8wv4KJhJEJDFKoZy8qZyq09eseQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d55b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

33 kB

URL GET
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0\012- data
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://levitra-gg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 00:02:43 GMT
expires: Thu, 31 Oct 2024 00:02:43 GMT
cache-control: public, max-age=31536000
age: 495280
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET levitra-gg.com/wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.3.2

188.114.96.1

200 OK

126 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (635)
Size
126 kB (125665 bytes)
Hash
88d0fe722f04973e2888b58a63aa0570
f947512e51f8ef4b15bba3f701de64e53a7f7f9b
e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ryHb73KUImveyK0iiOsHJQooTVYOqvIzXtyIu0ovFd7GMezVKKW3xzuwpJR7iVRW08gTgIRbD78IMcXk4L4P5qWMrXEq4btsD4xuQSQCiWq0VBrksefxxfzlK34GwwNkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d54b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

142.250.74.106

34 kB

URL
fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
34 kB (33698 bytes)
Hash
93191350ba800ebc6a9c77a99414c1a8
92937ec572ef1857d7b2c5af92076a70294cf8df
f4b326cdeb419411bc94b915b35bf267fae1e51e7a36970f85dc43213ab49f4f

HTTP Headers

GET /css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://levitra-gg.com
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 06 Nov 2023 17:37:22 GMT
date: Mon, 06 Nov 2023 17:37:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.3.2

188.114.96.1

200 OK

74 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
74 kB (73451 bytes)
Hash
32a92736c3f4ddb11b494f7b39714acf
1ade4bf5a22f63a184413cbe9fa23239bef00786
82020205c5dc1f2b2dfede6f288ce43524b03f5b86427c0887f9e6e0cde7e1fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I9keUwGAc7uM4UYFAuO%2FBX6e2IcXxCMufUFdfi8dKZ02sfOkfWsrAiWfvF5KueWFlUjsurfDnU4Via2lqojshVZdAWKScyoa%2BBr%2B75P0HGmdJOJ4Hyo4efZmdYoAkmJIxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d56b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.4

188.114.96.1

200 OK

104 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
104 kB (103535 bytes)
Hash
dffa195b546cf1dfd52f2206955eb892
a3d48e8f126eb96d12191d76ed71ad2bc8651d59
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.4 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Mon, 18 Sep 2023 01:01:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NIbHUuvq719E0MQsk4P7CW2dh4U9yrF67YowWALf1fVArbg4Hx%2B%2FLPLnH1I9J7WvuMpFkQ07ULBNgfcri3%2BPq3RStj6wAnTI8XXq%2BDH64abylbX9gYVloeIEt%2BnHzTDEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa47d41b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

secure.gravatar.com/avatar/4db543f08d28ca68176edd50c9bcd007?s=150&d=mm&r=g

192.0.73.2

2.0 kB

URL
secure.gravatar.com/avatar/4db543f08d28ca68176edd50c9bcd007?s=150&d=mm&r=g
IP
192.0.73.2:0
ASN
#2635 AUTOMATTIC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 150x150, components 3\012- data
Size
2.0 kB (2030 bytes)
Hash
2c5dbea7cf73d013e53e237f29037db3
56a4706b40fc564eb560ca2b856e2dbc08fbad42
2cae3127a7ba96298bdeb44c404f5ddd5bcfd63f8bf79064a5ff2dd11fc03b50

HTTP Headers

GET /avatar/4db543f08d28ca68176edd50c9bcd007?s=150&d=mm&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 06 Nov 2023 17:37:23 GMT
content-type: image/jpeg
content-length: 2030
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/4db543f08d28ca68176edd50c9bcd007?s=150&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="4db543f08d28ca68176edd50c9bcd007.png"
expires: Mon, 06 Nov 2023 17:42:23 GMT
cache-control: max-age=300
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

levitra-gg.com/wp-content/uploads/2023/10/fragrance-awards-2-1-6539498bcd0af.jpg

188.114.96.1

68 kB

URL
levitra-gg.com/wp-content/uploads/2023/10/fragrance-awards-2-1-6539498bcd0af.jpg
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x600, components 3\012- data
Size
68 kB (67583 bytes)
Hash
0d693555d172fce3fa5b409a9781eab4
49134c46d13d577ecd279a9ff98d6c78137b15a9
2736ad73b2c1e74f6175380f900f19130a3ac25b97bb9ddbed08c2a88dbf040c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/10/fragrance-awards-2-1-6539498bcd0af.jpg HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:23 GMT
content-type: image/jpeg
content-length: 67583
cache-control: public, max-age=604800
expires: Mon, 13 Nov 2023 17:37:23 GMT
last-modified: Fri, 27 Oct 2023 10:23:29 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IrRDXB82l39g1y0CNxxtM8BaEBaBTMZSl2ad7RaPWx%2Bd11j5yDRf8tKp%2BcpdCAc5iRhEOTYPHfqDHVmtzcOQWqoTg8skISRytg%2B8IwHJlYmhFEcYYmT9Z83HdN%2FrKyxQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa68f2ab524-OSL
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.3.2

188.114.96.1

200 OK

56 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (56331)
Size
56 kB (56517 bytes)
Hash
25a0ac5d7d8e48930fe0b6772b7254a8
6f4095f66e56d39ef0adefbe85a1dcfc13bd133b
a94a13d4e9df8dc2bc696a168930cd511f83498136bba3bb0b968d7556f0b807

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSJFnyu633h%2F2i2UUCmYMHtj5SPq%2F2z2ZGlkjZ8fnuhNPVbnZB8fGbYggUWSdaKTn%2BHGVanCHp3cTAc%2Biny4ltyi36z4nL7qB7xDQwOLCYfFvR8wE1MRdCaSV%2BLqCVxJKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d2bb524-OSL
content-encoding: br

GET levitra-gg.com/wp-content/themes/newsup/css/owl.carousel.css?ver=6.3.2

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/owl.carousel.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (1580), with no line terminators
Size
1.5 kB (1474 bytes)
Hash
1b5484e12aef5218f04300800781c227
1ea996e809ddcfff1a40dbb9f506884ab3813b01
f5fcc4d22740db6da88e2e8b30748f766850a3892f50e281766ca02710c51e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/owl.carousel.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Sun, 30 Oct 2022 14:30:51 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6NaKOOWq0gv5HHk6KwicFArc%2FIaMPkoAIFce2Ly30LcyW0hPTd0Y5wu2biS2wsZbf6h6HZ%2FvBplrSlArq%2BGyiW68%2F7oZgC6oxKpV4OGX8e0izajGdN%2Bbct%2BixrK2Esl2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa46d30b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/jquery.marquee.js?ver=6.3.2

188.114.96.1

200 OK

24 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/jquery.marquee.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text
Size
24 kB (23496 bytes)
Hash
9f417cab213a1bb1135ddc1a13d3bf79
77fded210b60c36c896bd99b78ec4051ec7a1804
fab2c550fa601b966dfa3859f91004065655f025199f6c2fd0e9dc1c5574f018

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/jquery.marquee.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuvRgoZL9ZQGygzzdHF47tf5xlBFFbSQKpdwzybGhoED5b2%2FKZP44dTBFzsX8QpPFOwY7krBF4Imlf2%2F4865TsEXBfSM7pLV4HViMrdcgQAwgV3W2RW08ESx0jak6Os%2FiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d57b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/uploads/2023/11/home-gym-wgg24_h-1024x576.jpg

0.0.0.0

63 kB

URL GET
levitra-gg.com/wp-content/uploads/2023/11/home-gym-wgg24_h-1024x576.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x576, components 3\012- data
Size
63 kB (62678 bytes)
Hash
3bf6f842144f94b8cd15361bf115e2b1
b7cbff61312a2c82cf7c7eb80233fe9c51bbe640
d79ac4b189b7a1a1917422b89cc1438e3da832d79289ff4657d6bca7c5638c0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/11/home-gym-wgg24_h-1024x576.jpg HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:23 GMT
content-type: image/jpeg
content-length: 62678
cache-control: public, max-age=604800
expires: Mon, 13 Nov 2023 17:37:04 GMT
last-modified: Mon, 06 Nov 2023 10:30:17 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sh989j%2FFqL8Mz8KdVKgv0MtqFrjflSsCv7ymUzaI3xrKmGldtJezmfgO6sgcB%2FHhpIbOh%2FFCankU6F1X1gp0fWbH7%2BCAxTJTl63h64Al8jNwGiMVr10kFwKQtW3qEeL3Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa72864b524-OSL
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
levitra-gg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Wed, 09 Aug 2023 11:55:42 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mrde72h1ZwGT0Hl7TXj8ouL%2FNNrAb2jMJWOf9JThq8KT9FHmf533sjQTPYiBXHl9S8YxhJOFVA80wa51pw%2BcXmh4emQYXTiEjnvsGd8yLnRXfV7Dc7aU4ZJd%2FfjniwBf4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa47d40b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-custom-script.js?ver=6.3.2

188.114.96.1

200 OK

926 B

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-custom-script.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (1025), with no line terminators
Size
926 B (926 bytes)
Hash
75472fb7ec709c21ce544db2bd218ecc
c899a94fb6bf6da7d29aa8ba480c5a1a3c774fb6
844e9d6718734aedd82582b3ac8ab2f638b77a736cab2b0071e5175eb1178625

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-custom-script.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sat, 26 Mar 2022 03:05:48 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVukYaA6aLKtKrpmmmVKq0GA1aaUkN7d9T%2FyAqd8bcef8Zy6mypsW17uOBe4mWUFgrHTZ8u1ZoJ5g8JPRhbpWO7KBsvAzONAX%2Bh6a%2B3%2Fxd9puPrAD7JWkM2%2BwluZWaKUSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d67b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html

188.114.96.1

200 OK

101 kB

URL User Request GET HTTP/2
levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type

Size
101 kB (100939 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /trimax-istanbul-life-islak-dudaklar-rapidshare-work.html HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-edge-cache: cache,platform=wordpress
link: <https://levitra-gg.com/wp-json/>; rel="https://api.w.org/", <https://levitra-gg.com/wp-json/wp/v2/posts/64716>; rel="alternate"; type="application/json", <https://levitra-gg.com/?p=64716>; rel=shortlink
x-litespeed-tag: 320_HTTP.200,320_PGSRP
x-litespeed-cache-control: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sRpySoNkDKHw%2BrR1WIHuZ%2FXFv5VSsDqtW7TDTxqOuzs6uB97u0WrtyZAudiascUCnYsNfwYTGzbRRoAB57a40x3Ew0nWF9qAmK%2FC%2B3G%2Faeu8ODAiN23TrtcytjPY5CD1AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1a869989569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET levitra-gg.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8

188.114.96.1

200 OK

13 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
HTML document, ASCII text, with very long lines (12943), with no line terminators
Size
13 kB (12943 bytes)
Hash
5bc2b1fa970f9cecb3c30c0c92c98271
7c6bb87aaa24714b7b3b3c86dd932736a80270a9
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Mon, 18 Sep 2023 01:00:53 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gqN8jDAV3QShYlCQJfgCO25W4hPTVrUQ2LzimVXPlDn2KEthAqiDCzMmZIHx4W98NuculR3jPCu%2BgXx37qlrcTjdnYJaKnd9ULSILJeFPvIqj61Xy%2BPqy%2FYrXcG4ZgNCng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d63b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/custom.js?ver=6.3.2

188.114.96.1

200 OK

3.4 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/custom.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
C source, ASCII text, with very long lines (3558), with no line terminators
Size
3.4 kB (3377 bytes)
Hash
2d59a4d972998746ddeaa08aad173174
4c14eb4c206c89ffdc6ce2e29b6e32fd326a3d06
db045ba3692135b04fcee92d313222d69cc6fa80ba2f422b90cf4a7e3128e0ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/custom.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B3kNjITwz%2BYKn0pe17yrnqQWqzuy5zY0C%2Bo3oSwZnTUoWdEOTBa6AgQ%2Be%2Fyvrd23lKTkkHTe9pm8dkKp2zfUH0FUnjuXII5ttRA0B%2FM1Rz1lLQH2hHxAV%2FTyz14EknISPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d68b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/custom-time.js?ver=6.3.2

188.114.96.1

200 OK

239 B

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/custom-time.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with no line terminators
Size
239 B (239 bytes)
Hash
8df01cb0dcd8f98ef42bda2751a6f501
4afe12f0be7c48b281d5d12e83ab3a2cb26320db
3de7fb8e273626d383a67734f5c108e35288c93120f7d4f3cfb63d11e9da2cb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/custom-time.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:16 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzWVjyibGD0UoN1aqeMZVOrQYY4b9TVqnX9TEWHQN%2B3X%2BG515rtwhoKteRGa0j6n0GbiLgOCFXWaZOHqK5aXqWF6Dt5lGBcsQ1z9PWhy7HH4CXSx3Te7k9h3g70NpdYt%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa48d6ab524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2

188.114.96.1

200 OK

104 kB

URL GET HTTP/3
levitra-gg.com/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type

Size
104 kB (104484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Wed, 09 Aug 2023 11:55:40 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=niPri0abDjkFR9rL2NdKj%2FL4%2FsX1Z2%2F11jZC86Qy2MWBZcfvOhtbIaKo11Tpt8wuV4A4KAooT3FCK5I6ZpVKjgAoV%2Bx2NYdBG4g%2BMZIWB12TaOjQcJrRHKzW%2FVKZUTs%2Brg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d1bb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/css/bootstrap.css?ver=6.3.2

188.114.96.1

200 OK

197 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/bootstrap.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (629)
Size
197 kB (197095 bytes)
Hash
c0eb56a363225a5982e100b24192b2b8
cbf34270a8666dc1afb54046deb78d572ed39745
af73c2f9713ad62fc9296f2a0e506f1870ea0dba0c6fd2ca1a191a663d0ac216

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/bootstrap.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:15 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VB1otwpaJs2WkA2kbYJDIhW4FUg4p%2BObu2Pi0o2x0E6JU3MZV1otFZ3oAuQiEq%2FrFdqiYK77HM3G3khVRBa9DaX%2BS%2BRiwHO21%2BYxqzQfMgaUmtUSU0dImZkZmKS4sHMdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d26b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/css/jquery.smartmenus.bootstrap.css?ver=6.3.2

188.114.96.1

200 OK

3.2 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/jquery.smartmenus.bootstrap.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (3432), with no line terminators
Size
3.2 kB (3242 bytes)
Hash
3a1350183614bd4ef09edbbd37f8cc17
55c03ea14cf971a1211498d65310dfb343ea6e16
5da99a7fffa03b52afe2804cd9469ed7abdd3b1ccc1a0f50a5857d1e52831c08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/jquery.smartmenus.bootstrap.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqmxn%2FPlGOWBvxu%2FPOakx0oQK7238qA1lr597rAwf0siz6QOl2oUWHyOxS8pReTvDCHn5XEBez3El0UleGx1%2Fza%2BsgXXf%2Fgq7XVHGcqdIFOV1Fdb2pUexMTpWKUKDLjO4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa46d32b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

188.114.96.1

200 OK

88 kB

URL GET HTTP/3
levitra-gg.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (65447)
Size
88 kB (87482 bytes)
Hash
ff04dd1ef5c67998d8652330c0441689
5e6ff5bd5240181a8bdea983837f39ac231dac4d
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.0 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Wed, 09 Aug 2023 11:55:42 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NxD1t2FmgfSG08I0YkAXTa0UTqGlYU264cesmAA0Hg9%2F308gdaom5LASbEUDEMsuh308sZU%2FaUwkx3tqOdzMiw4uIvFIc1zhti%2F%2BI1sofiR7zXEtUKhnlAhUBZqXNKE3rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa47d3fb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
levitra-gg.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
last-modified: Fri, 27 Oct 2023 14:30:26 GMT
etag: W/"653bc982-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=safOvBWIegG3h9f3Fzp5qYrZ0Z%2BAlex%2F0tlRC5aoUXWMDiU03rfqcXUwnT5b4oEMCZLELcL9KXusop7vHN0RmZwBwYO4MvYLvf79l84fUcFWgk4BT8%2BXJphVpaIiDVmxlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa48d5fb524-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 08 Nov 2023 17:37:22 GMT
cache-control: max-age=172800, public
content-encoding: gzip

GET levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/v4-shims.min.css?ver=6.3.2

188.114.96.1

200 OK

27 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/css/font-awesome/css/v4-shims.min.css?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (26440)
Size
27 kB (26626 bytes)
Hash
dbda9a989c9cef25c74b01808983aa5e
fbd55b7df70b9d822e5d237e6d99f98b1ba663f1
43c76c55901666edc020c33b12756390a7d723063c0bfe58899776b2db4d85da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/css/font-awesome/css/v4-shims.min.css?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:51 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=usgDrBBbmCjsO84FeA1YO5rOgW52WY%2BaWYerB%2B8BxiftUZHGM%2FqC43YQcSh8JOTOqC%2BdjZevgP%2Bh%2BsuBYS27kJCYlvScdYbtIezKJVKyc9wiTk8gMcJMaxcWqs%2BcEosQHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d2eb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/navigation.js?ver=6.3.2

188.114.96.1

200 OK

2.3 kB

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/navigation.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (2476), with no line terminators
Size
2.3 kB (2281 bytes)
Hash
b5e57ad02a2a18a20e16dea94e4ab5f2
61a53f09b9b903e16ba29c06c3c2cab6be54adc6
0859341f334ddeeb6382f5c9ec86ffad5d3db30bba58b5530ce4e1e7b4fec73a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/navigation.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pM%2FcIXWqMwj6vofBPIKJVqOaGHsqsN05gjMqSnw97ufmqz1gL%2BFrXJq2KHYxZGoevv0J5NZFtZlfcLowPev8gsJB%2BScSdO34th0nMVPFwvvUq4GAmPIdVtPyynU%2FVcoalg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa47d44b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/themes/newsup/js/main.js?ver=6.3.2

188.114.96.1

200 OK

602 B

URL GET HTTP/3
levitra-gg.com/wp-content/themes/newsup/js/main.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (646), with no line terminators
Size
602 B (602 bytes)
Hash
f0876622f4ec5c288dc1be91cd0d0aff
d6baf574f83cd089dc170756ee33e1cc5c30dc9c
5ae8736cfe32ac5cfb7aa6c8103a76d153ef8383cbae24b15c4bfa07d242b6aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/newsup/js/main.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sun, 30 Oct 2022 14:30:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cUNYdbPkoear0wz8vzv56qLFxOg237oCRuP3vc%2BfIWCi%2FsXFfOR7keMer%2F1sjtM1Yph4Gu7L%2FRLkdM5OZ7SiiT5xF%2BmKUl4%2B4CezAwVmvXth8kzDfiF9RnDOkDN%2FJnheA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d58b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.1.4

188.114.96.1

200 OK

6.1 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.1.4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (6260), with no line terminators
Size
6.1 kB (6113 bytes)
Hash
cfc379b470bf26dbcda1be077321e161
58dc4b03039015ea760b38cfcf4d4dbf9e073804
ea9dad8f5aee2d781f65fa5ac686123b12af9505a4c49f860a58e85b50912fa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.1.4 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Mon, 18 Sep 2023 01:01:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9%2BmeWTdDkNiZN0z4sT%2B7yZIv%2FNPOMl70GyZZhGknM211xjbug04q7jMw27vXVc1%2BBUyspZFAl%2F5Shi0CMFFAzkFQlbJSymlRwHxqVpPdteX3ilbKgytB3HFyQSJKcvO1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d60b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-puzzle-captcha.js?ver=6.3.2

188.114.96.1

200 OK

13 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-puzzle-captcha.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type

Size
13 kB (13434 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wp-forms-puzzle-captcha/assets/js/wfpc-puzzle-captcha.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Sat, 26 Mar 2022 03:05:48 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3AmMk2T28F9LqYwVSm1JTNfcNqgz8ZyLh9VnsqEs4zEBJMQUTp8timpKYpy22pZVj1rRT6RyjsaCzWMlZqxcHK%2BHW7pWDfSTbAUDz4Xw80SqA1s7bxLFLAU7L8HmHbVw4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa48d65b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET www.calaixdefilosofiadigital.com/wp-content/uploads/2021/12/CITY-BCN-1-1.jpeg

0.0.0.0

0 B

URL GET
www.calaixdefilosofiadigital.com/wp-content/uploads/2021/12/CITY-BCN-1-1.jpeg
IP
0.0.0.0:0
ASN
#0

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/uploads/2021/12/CITY-BCN-1-1.jpeg HTTP/1.1
Host: www.calaixdefilosofiadigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET levitra-gg.com/wp-content/uploads/2023/10/LBY_2023_09_19_VOGUE_PARIS_VB_07C_Shot_07_038_QC.jpg

0.0.0.0

144 kB

URL GET
levitra-gg.com/wp-content/uploads/2023/10/LBY_2023_09_19_VOGUE_PARIS_VB_07C_Shot_07_038_QC.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
144 kB (144096 bytes)
Hash
608c358121c3a48c54e36d5f84385ce9
4968d7db1033a7163596829f903cc3d7b99dd3fd
a5914e50fb3c95fb4cee4d1babfcddd384bd7cd1ee0e9e35310820f27e357b32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/10/LBY_2023_09_19_VOGUE_PARIS_VB_07C_Shot_07_038_QC.jpg HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: image/jpeg
content-length: 144096
cache-control: public, max-age=604800
expires: Fri, 10 Nov 2023 05:34:47 GMT
last-modified: Tue, 31 Oct 2023 10:27:24 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 302554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=au6NNSny1BQo3C75zVNw08Ve3eyf4BPHvdlW4T3%2Fzkoncz7m3zMgkSWLmVM4SUw0%2Fg2TaGML6lGtkeb7YiewvhMSnuY2zP0fFJpafxU2%2Bw14nVrbjo8zMM6d6Qkb6s2MRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 821f1aa68f28b524-OSL
alt-svc: h3=":443"; ma=86400

GET www.verywellhealth.com/thmb/09VVm3NsApIe5LS3xuQp0RcZ1xM=/1500x0/filters:no_upscale():max_bytes(150000):strip_icc()/GettyImages-609180181-f8bc3a5cdc9e4f098cf56bccfb165d03.jpg

0.0.0.0

96 kB

URL GET
www.verywellhealth.com/thmb/09VVm3NsApIe5LS3xuQp0RcZ1xM=/1500x0/filters:no_upscale():max_bytes(150000):strip_icc()/GettyImages-609180181-f8bc3a5cdc9e4f098cf56bccfb165d03.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerLet's Encrypt
Subject*.verywellhealth.com
Fingerprint44:5A:60:B0:3B:71:AC:ED:FA:C3:C8:D0:88:16:B0:A8:13:07:6E:58
ValidityThu, 26 Oct 2023 11:02:06 GMT - Wed, 24 Jan 2024 11:02:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1000, components 3\012- data
Size
96 kB (95622 bytes)
Hash
b33f431a809b466a83c27e33eb38bb20
e95e3382662164f290af4e59a513d1dc01c19c51
33e4cbfa12f14b2ce612f9d5b6a59750b36cd1d0b5664062f296a63599577bfe

HTTP Headers

GET /thmb/09VVm3NsApIe5LS3xuQp0RcZ1xM=/1500x0/filters:no_upscale():max_bytes(150000):strip_icc()/GettyImages-609180181-f8bc3a5cdc9e4f098cf56bccfb165d03.jpg HTTP/1.1
Host: www.verywellhealth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 14:48:51 GMT
etag: "b33f431a809b466a83c27e33eb38bb20"
server: AmazonS3
content-type: image/jpeg
cache-control: max-age=31536000,public,no-transform
via: 1.1 varnish, 1.1 varnish
nel: {"report_to":"network-errors","max_age":2592000,"success_fraction":0,"failure_fraction":1.0, "include_subdomains": true}
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://r.3gl.net/hawklogserver/563/re.p"}]}
accept-ranges: bytes
date: Mon, 06 Nov 2023 17:37:23 GMT
age: 1011387
x-robots-tag: noai, noimageai
x-served-by: cache-iad-kcgs7200026-IAD, cache-iad-kjyo7100152-IAD, cache-bma1652-BMA
x-cache: HIT, HIT
x-cache-hits: 111, 1
content-length: 95622
X-Firefox-Spdy: h2

GET levitra-gg.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8

188.114.96.1

200 OK

2.9 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (3132), with no line terminators
Size
2.9 kB (2859 bytes)
Hash
89bd5a8b1bdc64bec1c032bfa9d4d1bf
61a78be5d9c8917a59c60f2c2714c328158a9a33
7e87082ce1b8d6a88ac2fa4c12013b59a0b723db9b5c1c91fe1c175e2875fc2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 Nov 2023 17:28:48 GMT
last-modified: Mon, 18 Sep 2023 01:00:53 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 86914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtHNTvopUk3xyVe9BBe4czOuAp7Dk2ogtPFv9%2FwytNr0mnqec8D3jcB6vP6n61muL1%2B0xdcB2MqQUyYcC6Q8nyzsLxk2marhnhsoWeR2hvWb2xf6iEgLzwpHAEwnic80Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa45d1db524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET levitra-gg.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.3.2

188.114.96.1

200 OK

1.0 kB

URL GET HTTP/3
levitra-gg.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.3.2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Certificate
IssuerGoogle Trust Services LLC
Subjectlevitra-gg.com
Fingerprint58:75:C6:0D:07:1C:7E:82:B2:60:D3:FC:28:25:EA:5B:48:E8:71:AF
ValidityThu, 19 Oct 2023 18:16:41 GMT - Wed, 17 Jan 2024 18:16:40 GMT

File type
ASCII text, with very long lines (1092), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
cb9255d8f9b56663038c8fb95c3ccd21
465ae30e920f88dc421d065a348c5f0d75a0af5f
1e1c484d9c4ccc48ff66e0d2e1504fd9e22cb3efdb567b0dd1deeaac5ee0ff21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=6.3.2 HTTP/1.1
Host: levitra-gg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://levitra-gg.com/trimax-istanbul-life-islak-dudaklar-rapidshare-work.html
Cookie: PHPSESSID=f1aecbbb43fb8a4155b40708f99e8b37
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 06 Nov 2023 17:37:22 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 13 Nov 2023 17:37:03 GMT
last-modified: Wed, 25 Jan 2023 02:30:54 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UUhA9GLa%2Bl6gI%2B2ufJDEoeiOHLojR30v338VhPIKYr%2Fpea8eSC718jz2tFHWV6WPgYrt%2BAHFIjAkcIic747AwIZ8R1yT2P7yQuJz7B5bihEit%2BJiXI%2FbtRWUlXNjCPBkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 821f1aa47d42b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by