Report - ggsteal.in/updated.exe

Report Overview

Submitted URL
ggsteal.in/updated.exe
IP
104.21.26.44
ASN
#13335 CLOUDFLARENET
Submitted
2022-08-30 15:41:19
Access
public
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-16T19:15:17Z	329 B	737 B	93.184.220.29
zhbi-v.narod.ru	unknown	2017-02-08T18:03:25Z	2023-02-13T05:05:00Z	440 B	46 kB	193.109.247.233
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-16T18:12:42Z	594 B	127 B	52.27.12.161
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-15T18:12:39Z	758 B	2.7 kB	143.204.55.115
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-16T18:27:20Z	401 B	5.8 kB	143.204.55.49
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-16T18:15:09Z	321 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-16T16:03:25Z	2.6 kB	51 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-16T18:12:09Z	1.3 kB	3.5 kB	23.36.77.32
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-16T23:06:49Z	326 B	729 B	23.36.76.226
ggsteal.in	unknown	2022-01-21T06:21:56Z	2022-12-21T20:50:23Z	3.5 kB	22 kB	172.67.135.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed
2022-08-30	medium	ggsteal.in	Sinkholed

JavaScript (1)

	URL	Size	First Seen	Last Seen
	ggsteal.in/updated.exe	375 B	2023-03-07	2024-02-12
Pretty URL ggsteal.in/updated.exe IP 172.67.135.95 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-02-12 00:41:30 Times Seen1694 Hash 56df91490fa1984fa82b297dcb23c22d 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Loading...

HTTP Transactions (25)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
517693963cc46e7a35a054296d0edfd5
11dfcd7e118e5f8d31e664e56ac29c57f973b8b3
ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3367
Expires: Tue, 30 Aug 2022 16:37:16 GMT
Date: Tue, 30 Aug 2022 15:41:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 30 Aug 2022 15:25:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YhS074zN1_ESgUAFg0fAcCBhfaQYYobgqyAIA2gC1yrSh2zd304tEA==
Age: 914

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 29 Aug 2022 22:35:59 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0MDF0BA0MvsPfyJeMHxkUlAFVMLdQWT15G3kirTssILSU_w8Qqg8Uw==
age: 61511
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
ce47bd5be934bc7bcd0c08267e63f66a
ec0d36277e2401dd3448692ed9b6fa5fb27bfb33
08ab6c275a3836e490d590882cec6e143be82238812a45ec2a5f011523716884

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "08AB6C275A3836E490D590882CEC6E143BE82238812A45EC2A5F011523716884"
Last-Modified: Sun, 28 Aug 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 30 Aug 2022 21:41:09 GMT
Date: Tue, 30 Aug 2022 15:41:09 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 15:41:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 30 Aug 2022 15:17:12 GMT
Cache-Control: max-age=3600
Expires: Tue, 30 Aug 2022 15:23:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sLcGVSCDNbfsXv3SuKq3g0mJk-USeqG-V6HwEzVZBtsfLHAMzzg3cg==
Age: 1438

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f67e41cdd7e5f2aa8f93d031979c9109
5f4c0093f9bf8f8e48e0d7f56ed31aba0c6f43f6
608e2b7d208977f18da12165c9eb1539656d7754dc49f3f687736151a4810e06

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1549
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 15:41:10 GMT
Last-Modified: Tue, 30 Aug 2022 15:15:23 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

zhbi-v.narod.ru/saves/f/forzahorizon4/saves.rar

193.109.247.233

206 Partial Content

45 kB

URL HTTP/1.1
zhbi-v.narod.ru/saves/f/forzahorizon4/saves.rar
IP
193.109.247.233:0
ASN
#204343 Compubyte Limited

File type
data
Size
45 kB (45273 bytes)
Hash
0642191af2822f2f34f105f963e6798b
71c6fbb441912837d0e75010d8fb502bf4dd4aba
991a6c8752981f460d5af101457366cd46956145c91ed97566a4c83e657fe5e9

HTTP Headers

GET /saves/f/forzahorizon4/saves.rar HTTP/1.1
Host: zhbi-v.narod.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=69385957-
If-Match: "5e4e4893-4236fbe"
If-Unmodified-Since: Thu, 20 Feb 2020 08:51:31 GMT

HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue, 30 Aug 2022 15:41:18 GMT
Content-Type: application/x-rar-compressed
Content-Length: 45273
Last-Modified: Thu, 20 Feb 2020 08:51:31 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5e4e4893-4236fbe"
Content-Range: bytes 69385957-69431229/69431230

push.services.mozilla.com/

52.27.12.161

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.27.12.161:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8mH1KDbNrc+6pOhUtx7LWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8NC6qbR18EUYTXkaRi/11udFSr8=

ggsteal.in/cdn-cgi/images/cf-icon-browser.png

172.67.135.95

200 OK

484 B

URL HTTP/2
ggsteal.in/cdn-cgi/images/cf-icon-browser.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 80, 8-bit colormap, non-interlaced\012- data
Size
484 B (484 bytes)
Hash
59caf3c7eb63af78f12db37f41433779
8024e688e78e910ae1ea3bc25be7a7ab65444b02
78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: image/png
content-length: 484
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: "6304b3c8-1e4"
server: cloudflare
cf-ray: 742ea113bf11b51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

ggsteal.in/cdn-cgi/images/cf-icon-ok.png

172.67.135.95

200 OK

946 B

URL HTTP/2
ggsteal.in/cdn-cgi/images/cf-icon-ok.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
946 B (946 bytes)
Hash
dfaf0fbb758c874be231335db178381d
8f2597eb7ba4c89892aac0559816db3f5280b23e
ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: image/png
content-length: 946
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: "6304b3c8-3b2"
server: cloudflare
cf-ray: 742ea113bf13b51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

ggsteal.in/cdn-cgi/images/cf-icon-cloud.png

172.67.135.95

200 OK

1.5 kB

URL HTTP/2
ggsteal.in/cdn-cgi/images/cf-icon-cloud.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 152 x 77, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1484 bytes)
Hash
3ec81e5e3a4de9fec46ce9e6999b9e27
8f03b6857ab8d31feb65f97b1ae6b678efdc2ddd
3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: image/png
content-length: 1484
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: "6304b3c8-5cc"
server: cloudflare
cf-ray: 742ea113bf17b51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

ggsteal.in/cdn-cgi/images/cf-icon-server.png

172.67.135.95

200 OK

1.4 kB

URL HTTP/2
ggsteal.in/cdn-cgi/images/cf-icon-server.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 95 x 75, 8-bit colormap, non-interlaced\012- data
Size
1.4 kB (1384 bytes)
Hash
2c11e67182601007f577f8bf2c72fee8
01dc915d4745f00632021c05d3eef634747a9c3d
41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: image/png
content-length: 1384
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: "6304b3c8-568"
server: cloudflare
cf-ray: 742ea113bf19b51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

ggsteal.in/cdn-cgi/images/cf-icon-error.png

172.67.135.95

200 OK

854 B

URL HTTP/2
ggsteal.in/cdn-cgi/images/cf-icon-error.png
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
854 B (854 bytes)
Hash
e5577f04b6d92590410e26bd2292933b
16946b2c99d98a57f83eac170ce94b012b7d1a7b
67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggsteal.in/cdn-cgi/styles/main.css
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: image/png
content-length: 854
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: "6304b3c8-356"
server: cloudflare
cf-ray: 742ea113bf1bb51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8483eb99dbd130593ed0072e2fbaccf9
fcb83f0b4a448f0b94b0bf9db431cc802413dacd
5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8728
Expires: Tue, 30 Aug 2022 18:06:40 GMT
Date: Tue, 30 Aug 2022 15:41:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8483eb99dbd130593ed0072e2fbaccf9
fcb83f0b4a448f0b94b0bf9db431cc802413dacd
5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8728
Expires: Tue, 30 Aug 2022 18:06:40 GMT
Date: Tue, 30 Aug 2022 15:41:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8483eb99dbd130593ed0072e2fbaccf9
fcb83f0b4a448f0b94b0bf9db431cc802413dacd
5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8728
Expires: Tue, 30 Aug 2022 18:06:40 GMT
Date: Tue, 30 Aug 2022 15:41:12 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9980 bytes)
Hash
82bc1c69018845280d29653d6b2d6f8d
0c122f15422cab7ee3461e8fa657183ae54adcc5
e221638eff281c27ef4656f76e64963718186285c57e50a8958bd3065e662674

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9980
x-amzn-requestid: b9f6b930-9c47-41b9-879d-ce239e39f033
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpTMGHlNoAMFuoA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d324d-72ea52c010dff34438bbca28;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 21:40:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: orq6ucCez7UBzTSPTyJR8u8ZYf1VOV_zPOLsJFvGD2jfiW0YJmxVSg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 29 Aug 2022 21:45:02 GMT
age: 64570
etag: "0c122f15422cab7ee3461e8fa657183ae54adcc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19e4053-4c42-4436-ba83-5e76fd16f5a4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10056 bytes)
Hash
0502c5060f29d82fd10f9f79459e2ce0
110f2eecf72c6b89f250ebefeff5ef664dc2f3f6
f722656c432bbec2baa63b6edc4116c1996850462864456105d9fea9c3bc7ff4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19e4053-4c42-4436-ba83-5e76fd16f5a4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10056
x-amzn-requestid: 2eb7bbf2-47ad-4f80-98e8-ecb45e98961b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xguh2H_woAMFXnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309c472-7dda060b4e7c81262aef3421;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1cunCq4Z1J-oQSmTlcAtgfXO0A4_XpHKl2UHpRCbf75--3eHEIgZGQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 11:39:46 GMT
age: 14486
etag: "110f2eecf72c6b89f250ebefeff5ef664dc2f3f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67641144-189e-4213-b00d-7d27d45f0e9b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8684 bytes)
Hash
4aa2a22c2851d082acd55c1c9782cee9
20b6a116eb4d8a7c1321e09c7ad4d8aa1269603e
d0d6a3cc781786f5377191e2b1f3495ac76f4f8af7c56291f761a49a167b8726

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67641144-189e-4213-b00d-7d27d45f0e9b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8684
x-amzn-requestid: e02c26f6-e28d-4b3f-971a-f42cbbf67845
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpTWIGH0oAMFpEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d328d-3183e76132b622350a75a86b;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 21:41:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: T1FGC5fMnwea3ltKnLgvqI1AueU8xp5ukWXnRptxDQoAH0DUbXPOEA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 29 Aug 2022 21:59:22 GMT
age: 63710
etag: "20b6a116eb4d8a7c1321e09c7ad4d8aa1269603e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ggsteal.in/updated.exe

172.67.135.95

523 No Reason Phrase

13 kB

URL HTTP/2
ggsteal.in/updated.exe
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
13 kB (12997 bytes)
Hash
a740c480f5e760bd7c09ac1d45c0a2ff
afd75bff3f22ae0574c87d74c6963afb2f24f0c9
739e4be3ed903e166ea4c716065f25f2a47289ad627314c52ea3c9a68e8726bd

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /updated.exe HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 523 No Reason Phrase
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_use_ob=0; path=/; expires=Tue, 30-Aug-22 15:41:41 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 742ea109494ab51e-OSL
server: cloudflare
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3a7959a-ba16-4840-a4e4-ca7b2c6305c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10319 bytes)
Hash
76021ba70733e8d4647f29e4c990180c
66558c36958c9162188e7aeef27c38e0c4b37cdd
c5278295212999c6941d57d5cee8f4d33447302af0eb74985f5dae48434607c1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3a7959a-ba16-4840-a4e4-ca7b2c6305c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10319
x-amzn-requestid: 4f0cb1b4-c2a6-410a-965c-4cc72459484a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XhG-yG-eIAMFbQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309eb91-58fb7017711dd2a56fe5ef79;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 10:01:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JcHN5unq1F9L9h2My0SFXdW-n06ebaRZ8jj0W0I67pTuddWWkJ9RkQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 29 Aug 2022 22:20:19 GMT
age: 62453
etag: "66558c36958c9162188e7aeef27c38e0c4b37cdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac715f17-8b9a-495f-bc62-6136925908ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6405 bytes)
Hash
7bfe221c6ea8b215ff7f30b28f7cd389
84b01ce7d173848c449e4332eb1fa1abe8ac307d
6c53f4d30d7f0f735c793f46ab25feb5767373718b6f92c7f13eeec8306b8ab5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac715f17-8b9a-495f-bc62-6136925908ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6405
x-amzn-requestid: 1c49054a-8058-48cc-8660-46e06070b23b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XYcDvEJ4oAMFkyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630673b1-19d3c0a020e8efca51a1bb05;Sampled=0
x-amzn-remapped-date: Wed, 24 Aug 2022 18:53:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SqsgdB7nD_msORiQkay5KD55fD1lW5wRyDFO4qCM0zR0W4HIy8UI6w==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 29 Aug 2022 22:48:13 GMT
age: 60779
etag: "84b01ce7d173848c449e4332eb1fa1abe8ac307d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ggsteal.in/favicon.ico

172.67.135.95

523 No Reason Phrase

0 B

URL HTTP/2
ggsteal.in/favicon.ico
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ggsteal.in/updated.exe
Connection: keep-alive
Cookie: cf_use_ob=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 523 No Reason Phrase
date: Tue, 30 Aug 2022 15:41:14 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_use_ob=0; path=/; expires=Tue, 30-Aug-22 15:41:44 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 742ea113df3db51e-OSL
server: cloudflare
X-Firefox-Spdy: h2

ggsteal.in/cdn-cgi/styles/main.css

172.67.135.95

200 OK

0 B

URL HTTP/2
ggsteal.in/cdn-cgi/styles/main.css
IP
172.67.135.95:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/main.css HTTP/1.1
Host: ggsteal.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ggsteal.in/updated.exe
Connection: keep-alive
Cookie: cf_use_ob=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 15:41:11 GMT
content-type: text/css
last-modified: Tue, 23 Aug 2022 11:02:32 GMT
etag: W/"6304b3c8-1f4d"
server: cloudflare
cf-ray: 742ea1134e92b51e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 Aug 2022 17:41:11 GMT
cache-control: max-age=7200, public
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (25)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size