IP 192.124.249.41:0
Hash 221f288156d8b66958f1dbde85fb6f4a
093bad3d5ba442d72a897cf4278da29ef5206bf5
5154618bf260d799668d08dc853e87fe43520020b50530da3fb102bff195250c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 16:55:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 02:18:11 GMT
Expires: Mon, 22 May 2023 02:18:11 GMT
ETag: "093bad3d5ba442d72a897cf4278da29ef5206bf5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
icvpartners.com/gkonf/rentfree.zip
192.124.249.104200 OK 1 B URL User Request GET HTTP/2 icvpartners.com/gkonf/rentfree.zip
IP 192.124.249.104:443
Certificate IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
threatfox QakBot
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /gkonf/rentfree.zip HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 21 May 2023 16:55:05 GMT
content-type: text/html; charset=UTF-8
content-length: 1
x-sucuri-id: 19004
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
icvpartners.com/favicon.ico
192.124.249.104302 Found 1 B URL GET HTTP/2 icvpartners.com/favicon.ico
IP 192.124.249.104:443
Requested by https://icvpartners.com/gkonf/rentfree.zip
Certificate IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/gkonf/rentfree.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 21 May 2023 16:55:06 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
x-sucuri-id: 19004
link: <https://www.icvpartners.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
172.67.192.147200 OK 3.2 kB URL GET HTTP/2 www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
IP 172.67.192.147:443
Requested by https://icvpartners.com/gkonf/rentfree.zip
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:C1:21:29:CF:3C:61:2D:1C:2C:73:6D:56:B5:99:88:4F:A2:0B:30
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 7a13861c03da303dfd81b09b9b88c966
8bec9a78448b122c042bc2247e9ef4a4864af696
f026991a98dcd89c66d04eda096c44b9b4abad132cc21dd7aeacad96bb8920f7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2017/10/favicon.png HTTP/1.1
Host: www.icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 21 May 2023 16:55:06 GMT
content-type: image/png
content-length: 3237
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
last-modified: Mon, 30 Oct 2017 20:58:00 GMT
etag: "8817e3-ca5-55cc9e4c74600"
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vhGrhmGxnZJzJoxboqetkbRVYvpVVR0vAv%2B7zi9YqG9EbAVCkBTv%2Fn3Jx2qd6BQNf7KHRGTfyUcxxZUmXANeJhgN7gNj4hqk7N2Gy6oyKWa8spQWbp5uRcqF%2B8eq71YZPTspKWEo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cae58555824b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2