Report - avyvliyh4.tk/

Report Overview

Submitted URL
avyvliyh4.tk/
IP
142.4.5.138
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-02-05 06:52:52
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
30
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
avyvliyh4.tk	unknown	2022-12-29T18:02:36Z	2023-01-31T13:45:21Z	9.1 kB	386 kB	142.4.5.138
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	53 kB	34.120.237.76
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.83.22.170
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.131
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	387 B	32 kB	142.250.74.42
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	797 B	93.184.220.29
www.arvest.com	205942	2012-08-07T23:03:50Z	2023-03-07T19:50:24Z	389 B	884 B	45.60.198.180
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.0 kB	5.3 kB	95.101.11.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-05 06:53:20	medium	Client IP	Internal IP	ET DNS Query to a .tk domain - Likely Hostile
2023-02-05 06:53:20	medium	Client IP	Internal IP	ET DNS Query to a .tk domain - Likely Hostile
2023-02-05 06:53:21	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:21	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:21	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:21	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:22	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain
2023-02-05 06:53:23	medium	Client IP	142.4.5.138	ET POLICY HTTP Request to a *.tk domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 01:58:48 Times Seen261038 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	avyvliyh4.tk/	299 B	2023-03-07	2023-03-26
Pretty URL avyvliyh4.tk/ IP 142.4.5.138 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:57:48 Last Seen2023-03-26 05:16:16 Times Seen2 Hash 8888c8fd77e2aa8bac67634766be6733 219418b779354e74dfe8504a579fd781ba99f941 ae9f8f2eaf580b23c52a81147279b6557c7fff6130ee4ff4452c5b915495fa17 Loading...

HTTP Transactions (50)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6609
Expires: Sun, 05 Feb 2023 08:42:50 GMT
Date: Sun, 05 Feb 2023 06:52:41 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9807
Expires: Sun, 05 Feb 2023 09:36:08 GMT
Date: Sun, 05 Feb 2023 06:52:41 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17416
Expires: Sun, 05 Feb 2023 11:42:57 GMT
Date: Sun, 05 Feb 2023 06:52:41 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 06:33:54 GMT
content-type: application/json
age: 1127
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: /p9qtrxjKE0CKIBx1OArAM4+RTl7250PAT0fp5bfxEX9jP6m7E2Q/7Ezwg4OsDnrAqLvGvZUe8iMINb0qKaqrA==
x-amz-request-id: B9560280CACG7ZJE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 06:24:22 GMT
age: 1699
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 06:52:41 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 06:49:07 GMT
age: 215
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6804
Expires: Sun, 05 Feb 2023 08:46:06 GMT
Date: Sun, 05 Feb 2023 06:52:42 GMT
Connection: keep-alive

avyvliyh4.tk/assets/css/MyFontsWebfontsKit.css

142.4.5.138

200 OK

1.7 kB

URL HTTP/1.1
avyvliyh4.tk/assets/css/MyFontsWebfontsKit.css
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text
Size
1.7 kB (1700 bytes)
Hash
e0e20f2b5e4c384980af5f5e9ea59396
a0ebc44e98ee2ae630c3a048378c85a5ef15cb1e
eb51051662b0e9fcccbb9e8d3a940f1f198bb8dd8a4cf0ff39a8861d7352e90e

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/css/MyFontsWebfontsKit.css HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:42 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 1700
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

push.services.mozilla.com/

35.83.22.170

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.83.22.170:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: toS/UrIPyFG8WHFjK41UeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IJOqdms6QX+MwmG9nGxDEkXv+Qg=

avyvliyh4.tk/

142.4.5.138

200 OK

45 kB

URL HTTP/1.1
avyvliyh4.tk/
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1056), with CRLF line terminators
Size
45 kB (45406 bytes)
Hash
7faca1b9f079ba3e6e78871d959e2932
1e8d3bed778e0cf083d149eadce2ed464dd4413a
9f2714aa40f7e0a07e5f69f52b9da70859b4a88f7d3705ec421a7b8065d0ab0c

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET / HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:41 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 06:52:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.42

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://avyvliyh4.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 10:11:27 GMT
expires: Fri, 02 Feb 2024 10:11:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
age: 247275
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 06:52:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

avyvliyh4.tk/assets/css/layout2.css

142.4.5.138

200 OK

33 kB

URL HTTP/1.1
avyvliyh4.tk/assets/css/layout2.css
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (7986)
Size
33 kB (32799 bytes)
Hash
1be2444e18a72b16139a84d78a7dd523
8e6c3e2df5f9675ba42061c0c21f4bef5cfa1f07
c6e8ea86abcaddc6a606dcedd54bfc62c296e481273494988f15262d2ca5747f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/css/layout2.css HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:42 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:25:58 GMT
Accept-Ranges: bytes
Content-Length: 32799
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

avyvliyh4.tk/assets/css/bootstrap_custom.css

142.4.5.138

200 OK

84 kB

URL HTTP/1.1
avyvliyh4.tk/assets/css/bootstrap_custom.css
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (7997)
Size
84 kB (84206 bytes)
Hash
3529597e7e00790c33dd0e1aab372cc1
218900a9f0c9536a02e470c20e7426f6a2d69a18
6744d458d05bf8a19898a309342c9011ad1a9907f1f553dfcaf7e1a73e0a4655

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/css/bootstrap_custom.css HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:42 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:25:58 GMT
Accept-Ranges: bytes
Content-Length: 84206
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

avyvliyh4.tk/assets/img/debit-card-beach-mainnav-ad.png

142.4.5.138

200 OK

23 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/debit-card-beach-mainnav-ad.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
23 kB (23282 bytes)
Hash
0a01c98ed517204fcd4635e15c8ac4d1
9adeaf3d815c03a9da07c99ffef364be618fdcec
5566d8578cf4b69b5523a1d983aa31de64c5e40bc55db1c5551ac01f647ca529

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/debit-card-beach-mainnav-ad.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 23282
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/soc-instagram.png

142.4.5.138

200 OK

686 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/soc-instagram.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Size
686 B (686 bytes)
Hash
91b6ec862551b25a5a254bc219d2d0d6
49a743ec6e545e31b8074f0b09ba12a6eeba5080
2ee5b697a7b857ffe13445f6b2ee5ca3f0ab76be6c03b51bc53879648c7bd9a8

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/soc-instagram.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 686
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/fdic.png

142.4.5.138

200 OK

1.4 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/fdic.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 43 x 41, 8-bit/color RGB, non-interlaced\012- data
Size
1.4 kB (1411 bytes)
Hash
4d7d634e423739bcc12cf93f7f9d526c
a28a5ab097bd295ac094206062902a6271995fd8
971cbfd037bdfa175bbcc512eb44ef5430b917a88df8b0b0344d85dff95f795e

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/fdic.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 1411
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/login-arrow-icon.png

142.4.5.138

200 OK

271 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/login-arrow-icon.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 15 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
271 B (271 bytes)
Hash
5b7b9d12e8761792332ba60dc88d4a0f
9460decf6b3018147c938608402e9f0245755d77
01d1a470c25a6f60c6fa9e7de42b0158533a7bf3de3c0d7c2687f5a5a8269377

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/login-arrow-icon.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 271
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/soc-twitter.png

142.4.5.138

200 OK

542 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/soc-twitter.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
542 B (542 bytes)
Hash
ed724d47f6d81a1a1904aafdd523c1ad
3bf38baca232251233a2f59b5bf4a3946931940d
39f485ef565c7ced26632fea1c6fb2f67b5c90c49c38fe856ead961258b65682

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/soc-twitter.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 542
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/housing-logo2.png

142.4.5.138

200 OK

653 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/housing-logo2.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 32 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
653 B (653 bytes)
Hash
8c339bc63e8f842ea73fbd6f6c05738b
001b1bba7b4a22d4216d7a2f9a5d87a21e2ed7da
3132b69dbeb859635eea70dbdae8557c143d111eeb9a473fb84fe5fac904cc18

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/housing-logo2.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 653
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/images/template/top-nav-bg.png

142.4.5.138

404 Not Found

315 B

URL HTTP/1.1
avyvliyh4.tk/assets/images/template/top-nav-bg.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/images/template/top-nav-bg.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/layout2.css

HTTP/1.1 404 Not Found
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

avyvliyh4.tk/assets/img/nav-search-bar-bg.png

142.4.5.138

200 OK

3.0 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/nav-search-bar-bg.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 970 x 34, 8-bit/color RGB, non-interlaced\012- data
Size
3.0 kB (2951 bytes)
Hash
3e3135f10b6dce5b4a7cf93c7863b5f9
be0590d22f42fe07b1736f6dee4f451d5a79b509
e2266eb423ddf014680bf965dfdefc302947c231645f864e7ed3e16e70941d31

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/nav-search-bar-bg.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/layout2.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 2951
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/arvest-logo.png

142.4.5.138

200 OK

4.1 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/arvest-logo.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 201 x 69, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4092 bytes)
Hash
f6ac29e98162f51a7782eb78160dd31c
32effa4f9335e1d4308256fb20fd61c381a6f83b
8d8f81b3deb15a8d8a4d940347fb3322ca6d49640e7ce14514ccbe07862a1aba

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/arvest-logo.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 4092
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/myArvest.png

142.4.5.138

200 OK

1.4 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/myArvest.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 48 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1410 bytes)
Hash
7c784f953c8a9cbcff8a050a3910550c
339d48bcc2535f1c1ea7b9d12f33e3e79b218673
9ddd9fab5342d91721c67a39aa003a8b6baefc3fa9c35d07ae7c61b62b0e8304

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/myArvest.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/layout2.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 1410
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/fonts/26DA37_0_0.woff

142.4.5.138

200 OK

23 kB

URL HTTP/1.1
avyvliyh4.tk/assets/fonts/26DA37_0_0.woff
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 23258, version 0.0\012- data
Size
23 kB (23258 bytes)
Hash
89f5d8dea6b4b179a2e2a1384ff12b27
056e30f79b5defebe8cff6d08b7d7976979e6853
1252843b50c568f5a207600688226e7c516d706623b50ab4ad33fe438f25a514

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/fonts/26DA37_0_0.woff HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/MyFontsWebfontsKit.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 23258
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

avyvliyh4.tk/assets/fonts/26DA37_1_0.woff

142.4.5.138

200 OK

24 kB

URL HTTP/1.1
avyvliyh4.tk/assets/fonts/26DA37_1_0.woff
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 23644, version 0.0\012- data
Size
24 kB (23644 bytes)
Hash
13ec1868a49e8c03270efbcb20fa4950
de672c9b89b0e881458bc14ce6880450e7ead228
b9be58dfbf40a15b63977356d7a343d790e89f241cf28bcb7883da48e2eea19f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/fonts/26DA37_1_0.woff HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/MyFontsWebfontsKit.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 23644
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

avyvliyh4.tk/assets/img/button-arrow.png

142.4.5.138

200 OK

163 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/button-arrow.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 5 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
163 B (163 bytes)
Hash
bc9eeec78669c4c2bf7d99bcf8f83139
23c8b29855e878980030e855b0787238069a0dbb
9fb1794640596b6601ece58fae25be2a00d2e71981f55dd2b743d4f45909c5e3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/button-arrow.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/bootstrap_custom.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 163
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/custserv.png

142.4.5.138

200 OK

3.5 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/custserv.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 60 x 50, 8-bit/color RGB, non-interlaced\012- data
Size
3.5 kB (3468 bytes)
Hash
dde469c4cdb5a40fb40983a1ce51d62d
12ed39270cd550ce88a922634577ba8f5720ef61
3ac4db385ce573e1038b4a1a504bac75d82114d03a863bc8e9ef19328304f587

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/custserv.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/layout2.css

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 3468
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/images/template/footer-bg960.png

142.4.5.138

404 Not Found

315 B

URL HTTP/1.1
avyvliyh4.tk/assets/images/template/footer-bg960.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/images/template/footer-bg960.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/assets/css/layout2.css

HTTP/1.1 404 Not Found
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

avyvliyh4.tk/assets/img/soc-fb.png

142.4.5.138

200 OK

589 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/soc-fb.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
589 B (589 bytes)
Hash
751b8ec0162efb0faf7d37ff3a1c9467
3a524903ab49b0273f484b62e5740e306aad2f6f
610c99d9f333e8e356584239f9cbf91592f1c38877fce7d1d1da4bf3aac94e44

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/soc-fb.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 589
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/soc-youtube.png

142.4.5.138

200 OK

15 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/soc-youtube.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (15201 bytes)
Hash
c8bdada8e3406cb7f96ca9a3f28977b1
dc7ed96e2c5c32999cdd6ada4bfe0b4b93269667
3ffbb276d8124704f5a7e0035b5bb87e4adc7a7e4b322ae2ed476ee37ffa7ffc

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/soc-youtube.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 15201
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/soc-share-circle.png

142.4.5.138

200 OK

717 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/soc-share-circle.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
717 B (717 bytes)
Hash
61e6e6016584e2d1ee3a7ff2fba0e7fd
3cfcf1223ded85b667aed1a925038cf719a0b7c5
16eba136a35400f1100a450d2f48d656b67296e74c62521aedcd8fab29c7d4ce

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/soc-share-circle.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 717
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20557
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 06:52:43 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20557
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 06:52:43 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9108 bytes)
Hash
7dbe304b5138a360ff07a9842bcf6a7f
00572f7667e322c9ef34bc35b7998c1c172dd34c
d63c58d6c96e23c61b92272de8c2aab01f4cf85f3420cc434c05447d355b1c77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: a3bffa19-86ce-4a59-b826-551deddb3e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fostZG2xIAMF0wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c188-18acd7311c6190c9486e86ac;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 01:34:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mWqq5MbsWYvQmSzPw3kTdjzTkz22mNHbOoqyiHfbxv0BhNhgFfnZGw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:52 GMT
age: 32931
etag: "00572f7667e322c9ef34bc35b7998c1c172dd34c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6202 bytes)
Hash
251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 64017
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

avyvliyh4.tk/assets/img/nhl.png

142.4.5.138

200 OK

1.3 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/nhl.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 39 x 41, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
830f5671b5f424dbdec5eceef461f89c
fda690c867fdb5a93c0011d5c164491fdeca60b9
f4d067fab799e99b87904f659c692a443efdefb8d5eefcc98fc7db2cd5bd39cb

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/nhl.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7288 bytes)
Hash
b1092c4dd4d9ca4d09462ae46e1dd7c1
17444ff60be1afbc40d3653fa936f9eaf9478068
ea8362c7249080b34288ee675f70333607fc3be37e716fdcf63e4901849def9f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 1aa297f5-2f9a-45be-b823-1eb4d5887769
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WrwH-iIAMFyhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded17e-2b630b4a302b8ae118883b71;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:43:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z2oKgp1keqEkvN6jjsUepMbrxD4JCXKAOHrMNJHcuXN0CpulUh5GLA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:39 GMT
etag: "17444ff60be1afbc40d3653fa936f9eaf9478068"
content-type: image/jpeg
age: 32944
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

avyvliyh4.tk/assets/img/fdic-logo.png

142.4.5.138

200 OK

916 B

URL HTTP/1.1
avyvliyh4.tk/assets/img/fdic-logo.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 36 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
800553ff197a72440416efc73af23684
dede91df387cb2af03b09ab56050ebd5648087c4
4bf5ca21167bd44e7b547a5c908f0cb82a9420f0b4927ff1ded1232446f6f17e

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/fdic-logo.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 916
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (5014 bytes)
Hash
5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:53:45 GMT
age: 57538
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6486 bytes)
Hash
bee08788da5b88dde69aeb1d4de005c9
537c7a19a9395a60452b6b0b3ae08d47f4705181
02365d88ae9ff3ace3f29509df0e436ab0838d44714ef0f25dea463d665f794a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 544d13b9-8d45-4029-88e0-280f27cc0fa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi4-SHN1IAMFSkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76ec1-3f1ee84f53fe45cc01439a28;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TtyPO9j12ZpU3XdElRgCrqB4XNERrppavwJZJn5As8mqjjDLyZBmsw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:39 GMT
age: 32944
etag: "537c7a19a9395a60452b6b0b3ae08d47f4705181"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12967 bytes)
Hash
8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 38c58626-f4ad-4e2b-ad71-a628519d2ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmEdHFwCoAMFhxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8b453-7da6d0c1093468d320caaa1e;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 06:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t8dZTwod1-pZr8ACfp-6gfEu0TA3kGpfJrQeF8VgLg2tlrt03sa6Bg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:40:08 GMT
age: 11555
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

avyvliyh4.tk/assets/img/mortgage-home4me-mainnav-ad.png

142.4.5.138

200 OK

54 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/mortgage-home4me-mainnav-ad.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit/color RGB, non-interlaced\012- data
Size
54 kB (54009 bytes)
Hash
908bb95330d7cba223bacb9f76d92c91
8ace44f4e715599a5ac2402c8f424f3e186657c1
fbd9e72fc8811406de10190f29478f63524a88c6c33ac96017c2f38374787c55

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/mortgage-home4me-mainnav-ad.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 54009
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/awm-trust-mainnav-ad.png

142.4.5.138

200 OK

29 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/awm-trust-mainnav-ad.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
29 kB (29336 bytes)
Hash
a8f4bd728e6eabd68138be06777eb0e5
179dfde17a8cc71c8ae5cebb053f43e1193359b2
e7cf593c0726db50aeaeb0f6973332ae8c226f467b28463e5cb225c07a9ad5da

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/awm-trust-mainnav-ad.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 29336
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/merchant-services-mainnav-ad.png

142.4.5.138

200 OK

22 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/merchant-services-mainnav-ad.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 217 x 234, 8-bit colormap, interlaced\012- data
Size
22 kB (22341 bytes)
Hash
877277fc1f039ddd2b3fb681fa69d442
108b83c05ecd920d2161217fb99cd3db337e497f
13cdcd37ed238e27c50fac06ba440885e95bbae7a85c8c7447111738f7bdbaaf

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/merchant-services-mainnav-ad.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 22341
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

avyvliyh4.tk/assets/img/ios.png

142.4.5.138

200 OK

4.9 kB

URL HTTP/1.1
avyvliyh4.tk/assets/img/ios.png
IP
142.4.5.138:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 225 x 90, 8-bit gray+alpha, non-interlaced\012- data
Size
4.9 kB (4885 bytes)
Hash
bef3793b9b9a330f75b84614e2748868
f53f8b1cd3edf18fc1c361bd725637c8a4d95e75
45b33290a887374b0351ad46d4f1fddc8038b3b805ae11fc1520c732108691a8

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to a *.tk domain

HTTP Headers

GET /assets/img/ios.png HTTP/1.1
Host: avyvliyh4.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://avyvliyh4.tk/

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 06:52:43 GMT
Server: Apache
Last-Modified: Wed, 10 Aug 2022 12:26:00 GMT
Accept-Ranges: bytes
Content-Length: 4885
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e93d3824b97e079c710934997548f8d2
9d8be7e441223b4f40c3ff090de1d26e88431ba5
86964e67da8af027ae9b12aa809e1a5caa8d976d7fefe215391916f96c2203e9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4719
Cache-Control: max-age=157519
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 06:52:44 GMT
Etag: "63df041c-1d7"
Expires: Tue, 07 Feb 2023 02:38:03 GMT
Last-Modified: Sun, 05 Feb 2023 01:19:24 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

www.arvest.com/arvest.com/favicon.ico

45.60.198.180

200 OK

0 B

URL HTTP/2
www.arvest.com/arvest.com/favicon.ico
IP
45.60.198.180:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /arvest.com/favicon.ico HTTP/1.1
Host: www.arvest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://avyvliyh4.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 06:52:44 GMT
server: HTTP Server
strict-transport-security: max-age=31536000; includeSubdomains;
last-modified: Fri, 28 Feb 2014 18:10:11 GMT
etag: "1ece-4f37b5952d7b8"
accept-ranges: bytes
content-type: image/vnd.microsoft.icon
x-powered-by: 
set-cookie: visid_incap_2181318=cAKBblBNRcW5gEDGoJBs2ztS32MAAAAAQUIPAAAAAAAoBqygOXhcNlOQFCW3w5Ut; expires=Sun, 04 Feb 2024 22:31:13 GMT; HttpOnly; path=/; Domain=.arvest.com; Secure; SameSite=None
nlbi_2181318=RrBnLGIU71gBG0GBtj1qRwAAAACF/Fdm4w6v4wetn8Jsb5Ba; path=/; Domain=.arvest.com; Secure; SameSite=None
incap_ses_7233_2181318=043sdxBQKEwXB7ZAucdgZDxS32MAAAAAYSN6J2lGd6feWOiZ/J8SPQ==; path=/; Domain=.arvest.com; Secure; SameSite=None
x-cdn: Imperva
cache-control: max-age=0
x-iinfo: 7-7389871-7389873 NNNN CT(148 150 0) RT(1675579963642 36) q(0 0 3 1) r(5 5) U18
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (50)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type