down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324
185.107.56.59200 OK 710 B URL User Request GET HTTP/2 down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324
IP 185.107.56.59:443
ASN #43350 NForce Entertainment B.V.
Certificate IssuerLet's Encrypt
Subjectackng.com
Fingerprint6F:34:A5:E7:38:66:6C:8C:29:CB:71:F0:A4:D6:DB:6E:26:F2:BA:8A
ValidityTue, 25 Apr 2023 22:00:11 GMT - Mon, 24 Jul 2023 22:00:10 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (710), with no line terminators
Hash 3a9af991c9453ddca88a741759be7702
cda1118c1f4972e52f39b3fdbc6c6aa19c09853f
6304c9d967980afabf97ce65384863737dbdda6cf25e296f72b66ba35646f075
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324 HTTP/1.1
Host: down.ackng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 710
content-type: text/html; charset=utf-8
date: Thu, 25 May 2023 20:49:19 GMT
server: Cowboy
set-cookie: sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53; path=/; domain=.ackng.com; expires=Wed, 13 Jun 2091 00:03:27 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
down.ackng.com/favicon.ico
185.107.56.59404 Not Found 9 B URL GET HTTP/2 down.ackng.com/favicon.ico
IP 185.107.56.59:443
ASN #43350 NForce Entertainment B.V.
Requested by https://down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324
Certificate IssuerLet's Encrypt
Subjectackng.com
Fingerprint6F:34:A5:E7:38:66:6C:8C:29:CB:71:F0:A4:D6:DB:6E:26:F2:BA:8A
ValidityTue, 25 Apr 2023 22:00:11 GMT - Mon, 24 Jul 2023 22:00:10 GMT
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: down.ackng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324
Cookie: sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Thu, 25 May 2023 20:49:19 GMT
server: Cowboy
X-Firefox-Spdy: h2
down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR=&ID=PC&IF=0&MAC=00%3A50%3AC0%3AA3%3AA6%3ADC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC%24&_T=1571299023.6324&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTA1NDk2MCwiaWF0IjoxNjg1MDQ3NzYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGg3czBsNnBlY3FydGNmbDgxcGNzNGciLCJuYmYiOjE2ODUwNDc3NjAsInRzIjoxNjg1MDQ3NzYwNDQzMzEyfQ.VJtJ0LQSov_QciHG_J87rwk6t7TtTDLsnvls8TzVuFs&sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
185.107.56.59 11 B URL User Request GET down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR=&ID=PC&IF=0&MAC=00%3A50%3AC0%3AA3%3AA6%3ADC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC%24&_T=1571299023.6324&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTA1NDk2MCwiaWF0IjoxNjg1MDQ3NzYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGg3czBsNnBlY3FydGNmbDgxcGNzNGciLCJuYmYiOjE2ODUwNDc3NjAsInRzIjoxNjg1MDQ3NzYwNDQzMzEyfQ.VJtJ0LQSov_QciHG_J87rwk6t7TtTDLsnvls8TzVuFs&sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
IP 185.107.56.59:0
ASN #43350 NForce Entertainment B.V.
Certificate IssuerLet's Encrypt
Subjectackng.com
Fingerprint6F:34:A5:E7:38:66:6C:8C:29:CB:71:F0:A4:D6:DB:6E:26:F2:BA:8A
ValidityTue, 25 Apr 2023 22:00:11 GMT - Mon, 24 Jul 2023 22:00:10 GMT
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR=&ID=PC&IF=0&MAC=00%3A50%3AC0%3AA3%3AA6%3ADC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC%24&_T=1571299023.6324&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4NTA1NDk2MCwiaWF0IjoxNjg1MDQ3NzYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydGg3czBsNnBlY3FydGNmbDgxcGNzNGciLCJuYmYiOjE2ODUwNDc3NjAsInRzIjoxNjg1MDQ3NzYwNDQzMzEyfQ.VJtJ0LQSov_QciHG_J87rwk6t7TtTDLsnvls8TzVuFs&sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53 HTTP/1.1
Host: down.ackng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://down.ackng.com/if.bin?BIT=64&CD=Standard+VGA+Graphics+Adapter&D=E_R&DOMAIN=WORKGROUP&FI=0&FM=0&GUID=00000000-0000-0000-0000-000000000000&HR&ID=PC&IF=0&MAC=00:50:C0:A3:A6:DC&MF=0&OS=6.1.7601&P=1&UP=1452468.755&USER=PC$&_T=1571299023.6324
Cookie: sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Thu, 25 May 2023 20:49:20 GMT
location: http://ww1.ackng.com/?subid1=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
server: Cowboy
set-cookie: sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53; path=/; domain=.ackng.com; expires=Wed, 13 Jun 2091 00:03:27 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
ww1.ackng.com/?subid1=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
0.0.0.0 0 B URL User Request GET ww1.ackng.com/?subid1=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /?subid1=9f68aab6-fb3d-11ed-af8e-9a03f4959d53 HTTP/1.1
Host: ww1.ackng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: sid=9f68aab6-fb3d-11ed-af8e-9a03f4959d53
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache