| | 209.38.140.229 | 200 OK | 6.2 kB |
URL User Request GET HTTP/1.1IP209.38.140.229:80
File typeHTML document, Unicode text, UTF-8 text, with very long lines (4264) Hash662da329706a680690c3f737c1583f1f f6b1a02e51d6ed8537334a944232db8378dbcbf8 2b36e7617c958f7ff49fd069896f8655b4049ce5559b13c9c012ccf367040154
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 209.38.140.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 15:56:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| cdn.ampproject.org/v0/amp-iframe-0.1.js | 216.58.207.193 | 200 OK | 8.9 kB |
URL GET HTTP/2cdn.ampproject.org/v0/amp-iframe-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (25617) Hash73b936413d95143b5d2a99e6d8380e83 6dfae5bf80c719971580d998b21d76232777c188 d567cdd74995e45b15c2f5d9db5d530c976459d48376a3d876b494ae2c090a4b
GET /v0/amp-iframe-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 8938
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "e7de80d17b4ab6ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/v0.js | 216.58.207.193 | 200 OK | 73 kB |
IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64654) Hash0aa2be56e68f4827cd30170c5219a044 cd63be95f241680fdbb1a5db740d1f9e20782b59 2178c2c7039c0f565fd638053998d92fdeba670af287085c106b4b54139f5f3a
GET /v0.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 73102
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "aa2c955478cddb65"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/v0/amp-anim-0.1.js | 216.58.207.193 | 200 OK | 2.5 kB |
URL GET HTTP/2cdn.ampproject.org/v0/amp-anim-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (6054) Hash0a2e6175d8ad808d628a39534ba0d109 194eb4d9f061c055e469871979035af37d58844b 2692c8b1084ce34996182d10ca9a10d91e2ced1511da5674817c57b6bb6cf3f4
GET /v0/amp-anim-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2467
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "ef122a9cd02d4556"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/v0/amp-carousel-0.1.js | 216.58.207.193 | 200 OK | 12 kB |
URL GET HTTP/2cdn.ampproject.org/v0/amp-carousel-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (38603) Hash69d63049dba70c68e0181e0a06a5678a 2840f0aafcdc3ac970c01bff920cda78d427e53c 5919942782d07ebce07c9d52dccfb0bd85cffa1d829d3d753f843ecd251dc4e6
GET /v0/amp-carousel-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 11523
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "31c2ffa54c0100e0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/v0/amp-analytics-0.1.js | 216.58.207.193 | 200 OK | 32 kB |
URL GET HTTP/2cdn.ampproject.org/v0/amp-analytics-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (65534) Hash5e43f5de8c1a9080b124dd71e70c2b29 e080c2ad4901614213c48940f53e3b0496703e87 c13ec83c4fd0a81e262ff6ac9e3562ddc38a070e5eb0892b0ac93f179ffef6ba
GET /v0/amp-analytics-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 32190
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "be1febb0b481b7bb"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/v0/amp-accordion-0.1.js | 216.58.207.193 | 200 OK | 5.8 kB |
URL GET HTTP/2cdn.ampproject.org/v0/amp-accordion-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (17484) Hash5b25cb924ef9e32af7e51d2f55de8643 d373f3db056ea718b66096e7349570bbca952cc1 271b2b33082ea4ad5f0d06fa04191728a71f2741783e3e13396a3d9ae5e27d1a
GET /v0/amp-accordion-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5838
date: Wed, 24 Apr 2024 15:56:52 GMT
expires: Wed, 24 Apr 2024 15:56:52 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "37b5d052ddf4213b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.ampproject.org/rtv/012404021934000/v0/amp-auto-lightbox-0.1.js | 216.58.207.193 | 200 OK | 3.0 kB |
URL GET HTTP/3cdn.ampproject.org/rtv/012404021934000/v0/amp-auto-lightbox-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (7690) Hash5a1fe5027acdaaa505a2f65faf624e3d 8e71ce231ebea0015fde9aad9780a31abc341ef1 20f0500c17c818b7393cdd055cd8a8364f264fe1785a726f10af0fc352409f11
GET /rtv/012404021934000/v0/amp-auto-lightbox-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://209.38.140.229
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2971
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 03:36:49 GMT
expires: Wed, 23 Apr 2025 03:36:49 GMT
cache-control: public, max-age=31536000
age: 130804
etag: "4983f70303035d33"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.ampproject.org/rtv/012404021934000/v0/amp-loader-0.1.js | 216.58.207.193 | 200 OK | 3.9 kB |
URL GET HTTP/3cdn.ampproject.org/rtv/012404021934000/v0/amp-loader-0.1.js IP216.58.207.193:443
CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.google.com Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99 ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (12614) Hash99d0b8fcdea2c5995139abaf283392bd fbd6bc486116a9ffbb8662b6a952dc0aeba10ae7 15d2fe411597796d07b83bdddc7f074fef90ab99bc47b7e85a020140459b8251
GET /rtv/012404021934000/v0/amp-loader-0.1.js HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://209.38.140.229
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 3942
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 03:36:51 GMT
expires: Wed, 23 Apr 2025 03:36:51 GMT
cache-control: public, max-age=31536000
age: 130802
etag: "746b70bafab1ae1f"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 209.38.140.229/favicon.png | 209.38.140.229 | 200 OK | 64 kB |
URL GET HTTP/1.1209.38.140.229/favicon.png IP209.38.140.229:80
File typePNG image data, 194 x 190, 8-bit/color RGBA, non-interlaced Hashf921134b8b2ce20ef722a3213d3018ae a17595f5da5893ab697a82ae0b54b03787e99044 8311f21bfc95f23e5b6d87528c9a16ec3ce99d5f9cf0368f23e05593b88ba608
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.png HTTP/1.1
Host: 209.38.140.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 15:56:53 GMT
Content-Type: image/png
Content-Length: 64378
Last-Modified: Mon, 16 Oct 2023 19:02:08 GMT
Connection: keep-alive
ETag: "652d88b0-fb7a"
Expires: Fri, 24 May 2024 15:56:53 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| 209.38.140.229/live-draw-macau.png | 209.38.140.229 | 200 OK | 24 kB |
URL GET HTTP/1.1209.38.140.229/live-draw-macau.png IP209.38.140.229:80
File typePNG image data, 1290 x 258, 8-bit/color RGBA, non-interlaced Hash38bfe3d9ad54f479ff6a746d26b5ad5b 4ee426db68e7d3038c3a7ba4c3f2065d0d0a0d38 5862d5e1f5245f85b341caffb0247fd5084fc1c138aff969c8ef153d6a22250a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /live-draw-macau.png HTTP/1.1
Host: 209.38.140.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 15:56:53 GMT
Content-Type: image/png
Content-Length: 24120
Last-Modified: Mon, 16 Oct 2023 18:55:47 GMT
Connection: keep-alive
ETag: "652d8733-5e38"
Expires: Fri, 24 May 2024 15:56:53 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css | 151.101.1.229 | 200 OK | 35 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css IP151.101.1.229:443
Requested byhttps://tabelhengheng.com/#amp=1 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeUnicode text, UTF-8 text, with very long lines (65342) Hashcd822b7fd22c8a95a68470c795adea69 1f139981b9b47a766efa0a61bb78ada351f16c4b 3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df
GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tabelhengheng.com
DNT: 1
Connection: keep-alive
Referer: https://tabelhengheng.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.3.2
x-jsd-version-type: version
etag: W/"38df4-HxOZgbm0enZu+gphu3ito1HxbEs"
content-encoding: br
accept-ranges: bytes
date: Wed, 24 Apr 2024 15:56:53 GMT
age: 5095342
x-served-by: cache-fra-etou8220083-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 34902
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js | 151.101.1.229 | 200 OK | 18 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js IP151.101.1.229:443
Requested byhttps://tabelhengheng.com/#amp=1 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (60298) Hashf63dfbdcc649f13af4791a90e51f7907 b3cacef9fccfa42aaebd61f046f2123eca598973 60c6bec0033a424572cfdf7da1d5fb94f4719286006a7f2cb9e76ee24d99babf
GET /npm/bootstrap@5.3.2/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tabelhengheng.com
DNT: 1
Connection: keep-alive
Referer: https://tabelhengheng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.3.2
x-jsd-version-type: version
etag: W/"eca1-s8rO+fzPpCquvWHwRvISPspZiXM"
content-encoding: br
accept-ranges: bytes
date: Wed, 24 Apr 2024 15:56:53 GMT
age: 14551011
x-served-by: cache-fra-eddf8230044-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17719
X-Firefox-Spdy: h2
|
|
| 209.38.140.229/favicon.png | 209.38.140.229 | 200 OK | 64 kB |
URL GET HTTP/1.1209.38.140.229/favicon.png IP209.38.140.229:80
File typePNG image data, 194 x 190, 8-bit/color RGBA, non-interlaced Hashf921134b8b2ce20ef722a3213d3018ae a17595f5da5893ab697a82ae0b54b03787e99044 8311f21bfc95f23e5b6d87528c9a16ec3ce99d5f9cf0368f23e05593b88ba608
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.png HTTP/1.1
Host: 209.38.140.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 15:56:53 GMT
Content-Type: image/png
Content-Length: 64378
Last-Modified: Mon, 16 Oct 2023 19:02:08 GMT
Connection: keep-alive
ETag: "652d88b0-fb7a"
Expires: Fri, 24 May 2024 15:56:53 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| tabelhengheng.com/logomacau.webp | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3tabelhengheng.com/logomacau.webp IP188.114.97.1:443
Requested byhttps://tabelhengheng.com/#amp=1 CertificateIssuerGoogle Trust Services LLC Subjecttabelhengheng.com FingerprintF4:16:5C:FE:43:5F:C3:67:6B:75:B8:AC:BA:85:81:00:E4:A7:F7:9E ValidityWed, 03 Apr 2024 02:50:49 GMT - Tue, 02 Jul 2024 02:50:48 GMT
File typeRIFF (little-endian) data, Web/P image Hasha8ad8630e53774e86ef409f07e595254 f71185e2f5902b94d22f03730de8c6d5b205ee61 2145f63efa0d162d838b29915e9f7e027b8b11fba2397ba8af85f7a76a99ea07
GET /logomacau.webp HTTP/1.1
Host: tabelhengheng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tabelhengheng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 15:56:55 GMT
content-type: image/webp
content-length: 18106
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 15:56:54 GMT
etag: "46ba-65a397ef-4a0d3;;;"
last-modified: Sun, 14 Jan 2024 08:14:39 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vk2Qdwed8loDl4p8j6vOn6GAvGjrCBn5HIGFp0YCtwKaAlAzQl6LWHZxU9EpwPIY1c0ms6HEd7N9ot0HEzrBdFoKH9eYSraiKcmMuesFyFT5AwbiDvu65obGApux%2BWgxOPi7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87974933bd385684-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tabelhengheng.com/css/style.css | 188.114.97.1 | 200 OK | 9.4 kB |
URL GET HTTP/3tabelhengheng.com/css/style.css IP188.114.97.1:443
Requested byhttps://tabelhengheng.com/#amp=1 CertificateIssuerGoogle Trust Services LLC Subjecttabelhengheng.com FingerprintF4:16:5C:FE:43:5F:C3:67:6B:75:B8:AC:BA:85:81:00:E4:A7:F7:9E ValidityWed, 03 Apr 2024 02:50:49 GMT - Tue, 02 Jul 2024 02:50:48 GMT
File typeASCII text, with CRLF line terminators Hash0c2a4b9bc3a16dd737945060b0be4ecf 1e42dfc7db9e7b80a9c12f559c14474b1a8d2174 1f35bb4409d5a854a0ff8023a8f243a5693e4c1d5218db6039b1022b1bfb521c
GET /css/style.css HTTP/1.1
Host: tabelhengheng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tabelhengheng.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 15:56:54 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 15:56:54 GMT
etag: W/"436-6576dcc9-47b5c;br"
last-modified: Mon, 11 Dec 2023 09:56:25 GMT
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DM3ZLweC3k1dEyoAmpaoYHXVBlxEI5NF3Zd9qOkjIGhpuNkUk4wBLBGaQSrp0tARRVL1Uq0axs%2B06bPb2KPk0DcI4zevI7Pi2tAhqcpQUZ3iVOn1InjBDrb9OxyiwkD%2FeKexCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87974933bd375684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tabelhengheng.com/ | 188.114.97.1 | 200 OK | 6.5 kB |
IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttabelhengheng.com FingerprintF4:16:5C:FE:43:5F:C3:67:6B:75:B8:AC:BA:85:81:00:E4:A7:F7:9E ValidityWed, 03 Apr 2024 02:50:49 GMT - Tue, 02 Jul 2024 02:50:48 GMT
File typeHTML document, ASCII text, with very long lines (7182), with no line terminators Hashcb1630559ec22c0e3046861b4a3f5649 e36846181b3132f0982973204bb762bd11adfd3e 8d238f5658b62ae07117ec75d3f1a7e89c7eae2b2d929ad5ff50093073250eaa
GET / HTTP/1.1
Host: tabelhengheng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 15:56:53 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=14400
vary: Accept-Encoding
last-modified: Wed, 24 Apr 2024 15:56:52 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu3DFXkCOdmlr8By1dEAmjS%2BpDUCMJVBbbflkQSrI7mfmXKLSjxK4oV0UD5XdDWmEQFCnyqD%2FCR7NBEJYM%2FZTdinXZLmlKN5YeQ7mFaPuCpAeHHKcNWzL2exhK%2BxpE1IM20CAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797493198fb56b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dewalive.cfd/mc.php | 206.189.200.243 | 200 OK | 4.8 kB |
IP206.189.200.243:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subjectdewalive.cfd Fingerprint97:EC:DF:42:DD:9C:78:C8:06:70:3E:79:B6:81:24:6C:7B:DF:20:63 ValiditySat, 20 Apr 2024 23:10:47 GMT - Fri, 19 Jul 2024 23:10:46 GMT
File typeHTML document, ASCII text, with very long lines (5225), with no line terminators Hash8a334d47771ffd102fba6abb97aa2543 eaaef4f8ac6ba03ec0608c05fc689d1535365455 39bb154105571586c0398d074f088aa505a189512d7ba23f1278b4fd15b966aa
GET /mc.php HTTP/1.1
Host: dewalive.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://209.38.140.229/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 15:56:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: X_CACHE_KEY=0f79a07129959861b3854c39370a7098; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|