Report - hegodev.com/tds/aietqu

Report Overview

Submitted URL
hegodev.com/tds/aietqu
IP
184.168.97.137
ASN
#26496 AS-26496-GO-DADDY-COM-LLC
Submitted
2022-09-28 16:47:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
108

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	6.5 kB	142.250.74.10
browork3er.cc	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	806 B	4.0 kB	51.15.18.159
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
hegodev.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	542 B	184.168.97.137
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	75 kB	34.120.237.76
www.hegodev.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	419 kB	184.168.97.137
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	69 kB	142.250.74.163
silverlinetogther.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	976 B	185.177.94.152
di4.biz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	574 B	397 B	185.177.92.179
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.69.181.45
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	43 kB	142.250.74.72
cdn.weatherplllatform.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	744 B	3.5 kB	91.211.91.114
away.bettershitecolumn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.4 kB	91.211.91.104
0.silverlinetogther.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	577 B	54 kB	185.177.94.152

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-28	medium	hegodev.com/tds/aietqu	Malware
2022-09-28	medium	www.hegodev.com/tds/aietqu	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8	Malware
2022-09-28	medium	www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	Malware
2022-09-28	medium	www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670	Malware
2022-09-28	medium	www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	Malware
2022-09-28	medium	www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8	Malware
2022-09-28	medium	www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff	Malware
2022-09-28	medium	www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	bettershitecolumn.com	Sinkholed
2022-09-28	medium	bettershitecolumn.com	Sinkholed
2022-09-28	medium	hegodev.com	Sinkholed
2022-09-28	medium	di4.biz	Sinkholed

JavaScript (38)

	URL	Size	First Seen	Last Seen
	www.hegodev.com/tds/aietqu	2.2 kB	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:51 Last Seen2023-03-17 12:52:27 Times Seen1 Hash 0dd3f674af338fb887ccbd5465ebee07 5181268a6b5c19737a9038bfa1cf0bb7a25b9055 ef25e99e225dde12975b29faefae4ef9db02b6a87bbbd4f935e4f0bb2f3da1bb Loading...

	www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2	5.6 kB	2023-03-07	2024-04-27
Pretty URL www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-04-27 01:43:18 Times Seen30985 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8	5.4 kB	2023-03-07	2024-03-16
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:48 Last Seen2024-03-16 22:31:13 Times Seen330 Hash 9b7664fe260d1a57a13ca71507b43499 d07064a9d012bae3f256adfa7d021c40793c962c fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6 Loading...

	www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670	12 kB	2023-03-07	2024-01-01
Pretty URL www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-01-01 13:35:37 Times Seen38 Hash 5379f8e7d63c4a22411b123b0beb6c4e c92aaa0b2e05c32e9378bd8b20d90c951f4278fe ac8ba41f2ad11b9f60654e4550ab7a47ee85f4cb9dd50df9f362081ad5cd8a7f Loading...

	cdn.weatherplllatform.com/events.js?v=2.141	2.3 kB	2023-03-08	2023-03-11
Pretty URL cdn.weatherplllatform.com/events.js?v=2.141 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash e129bf2c4a9adb540f3f6f438feeb2a3 37a3d3f83d33311cea4eea6506326a4c93e4b7b5 f0af99595f5240b6c86b70a17902c4bf72bd4f356303dd8b732ade94ecb38d69 Loading...

	www.hegodev.com/tds/aietqu	268 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:26 Times Seen1 Hash 3af8d6925807eb4ab5fd0a684586085d ac8a6c984dfc66f8fd3fbdc142d9e4c654fb200b dceefda343169de7f384d2839179fb8ad8360c6da6f3b48bccf2ff4ce41c2758 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8	2.6 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen110 Hash 3b40df82ff6a8bda5a97df7d43da8aba 2627fcb88f1b03aaa96c7ff5663c526271580414 89f280c948d1f1484534a9ddb872db305f19ce14cdf09a380362aac0ddf406de Loading...

	cdn.weatherplllatform.com/result.js?v=000	6.2 kB	2023-03-08	2023-03-10
Pretty URL cdn.weatherplllatform.com/result.js?v=000 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:57 Last Seen2023-03-10 10:58:12 Times Seen1 Hash 4161c11612d0a349df27f691b3057a5e 21c4eeeee2b97c1961d8f06b4f32497895f330e1 4b1238a1b9202c3d215ed7b3f05a6cf12fb71d520d2066f25bbda095603dc9dd Loading...

	0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8	705 B	2023-03-07	2023-04-05
Pretty URL 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2023-04-05 02:03:39 Times Seen49 Hash dd81871bef578a008b6d389ca0d1a234 31f4851126c5708430334e0b3b5674d7b22f1c2d f4805b1fa2c14f4bfb52cbfcdbd03a7ff3ace4aac7dc2466f0501d5cdfd19954 Loading...

	www.hegodev.com/tds/aietqu	5.9 kB	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:26 Times Seen1 Hash 094641aa75d7a7c816a34281eca2940a 3195b36643baf52e9433420d54dabb0a0c6ac5fe 665e9f41aae0182a721ad71a27c608822a3d97ca661e86cb099ea19512736fa6 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8	6.1 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen99 Hash e6a77e68a6b5d22c35272e47e908af27 024ebd47521baacf5cf6d3d7cfad304c2521a5ec d68d3f7e57ff1d6b8dc13b5b01994bd93e3a423ea98a5a81225d2e4758fcb025 Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	92 kB	2023-03-07	2023-03-11
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:19:01 Last Seen2023-03-11 11:06:35 Times Seen1 Hash 2fe43508c7a90752d50c6eefe74516fb 66ba87275b076ddec85fdc44c46b122fed0c0dd9 3da1d7664c9ceee8ce1c040916cf60a9f76623b28bfd31c45f3861c334ed3e9b Loading...

	www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	19 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 23:19:42 Times Seen38071 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8	8.1 kB	2023-03-08	2023-03-08
Pretty URL silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:09:04 Last Seen2023-03-08 03:09:04 Times Seen1 Hash 03f435723394d8fb629285c3318651d3 6ffd2366c9868c997c73f21883b24f8a02cd3c9f 5ffedec17c2589791c90fe7822ddcb000deba08fd6c35463d22bdc5848a7b958 Loading...

	away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29	210 B	2023-03-07	2023-03-08
Pretty URL away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29 IP 91.211.91.104 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:47:52 Last Seen2023-03-08 03:09:04 Times Seen1 Hash 203087dee7819b7b9ba6badf4057037b 823271493d2092ef02846a8b42c8d831e9744a8f 11498bc669d5e92782dd3dd24260ff914f9247e8a2e34b6712632e6693dd9563 Loading...

	www.googletagmanager.com/gtag/js?id=UA-154422125-1	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-154422125-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:09:04 Last Seen2023-03-08 03:09:04 Times Seen1 Hash 21b662024c7559720bfa9c78c3215489 fdb0794d6a07baef959ee144f94b8f4f654b675a 46347b756222a6b2d6141976cdc21bcd9c33517d395d217fb2c8d1c7006b202f Loading...

	www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0	12 kB	2023-03-07	2024-04-25
Pretty URL www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:48 Last Seen2024-04-25 08:07:38 Times Seen5599 Hash a76f61318af036823b08d73536486be6 31ff9b215dcef9151b9f4fc50ea91a9df1962102 abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	14 kB	2023-03-07	2023-12-11
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:35:56 Last Seen2023-12-11 14:23:41 Times Seen4 Hash 0ea2d9f4e507b9de3be74f262ba1ffc8 3fca561d29a70cb42e1746fd73cd62bb3bc510b5 f7e755339fedc4d779eec71de9fa9807b8efe368d9ed501a4fd978aac39f19fc Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8	6.7 kB	2023-03-07	2023-07-21
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-07-21 17:36:08 Times Seen10 Hash 9f7947e2d2a685172ba89bc754533214 6de73a75e98c42889cbb745f21704ca34c9f6991 c192257b9c926c29214d7a95383645ce682da5b95c8f1feb6b525c9937168453 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8	43 kB	2023-03-07	2024-04-25
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:24 Last Seen2024-04-25 23:55:31 Times Seen3039 Hash 777da4aaf5b960636dec0fd4e50ba489 9a94038ccae90e6d2a0f9cb61f79ae7c70320287 e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb Loading...

	www.hegodev.com/tds/aietqu	704 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:27 Times Seen1 Hash f2b76d5df55f635cbcc9fb4664641a8d 10e06e58bbef6ac451ced2af47ed1f0d4d5d4e8b 6f321f8683b1ae7f63e89c55b9137dcd90aa7c0939a4094836e6bf1b15cb999a Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8	8.4 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen109 Hash faf3fdf912d0f77654f4e1b7f2e5f7ad e7c2085507cf04d23450e1f82f053c333d84c349 7ee0bff42f17216e2d179773df183332a565a866a4b67eaeed1546111d4f283d Loading...

	0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8	8.1 kB	2023-03-08	2023-03-08
Pretty URL 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:09:04 Last Seen2023-03-08 03:09:04 Times Seen1 Hash a934cf89438cb596a250aaef9f18e42a c3e41bf2a69b760727180bf63cbc50b3380c9da0 7f532af68adb7e43790b2f01048c9ca36691a43b2921131eba1d4b34404cef24 Loading...

	0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8	3.1 kB	2023-03-07	2024-01-03
Pretty URL 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen191 Hash 68e280edf3cadafe4af8ccdc8782024d 7467ad11f5f3a21a3a4e0ab8556912db67311d90 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Loading...

	0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8	203 B	2023-03-07	2024-01-03
Pretty URL 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash c4824c2a16d2c8bb70469ed7b8508f34 783dcaa37fcdd311197de60f0c55ab5367be4fe2 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Loading...

	www.hegodev.com/tds/aietqu	369 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:27 Times Seen1 Hash 4892f8171d1ae1cd7c9a7f1fc3af9725 b31a706348062486bd53d5d58acec7a6406634dc 83d9fe3eb53ecf35cd397b9e59583e7f0fa25ad462a7bbabb15b897f23bda682 Loading...

	www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2	24 kB	2023-03-07	2024-04-27
Pretty URL www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-04-27 01:51:30 Times Seen15295 Hash 3b3fc826e58fc554108e4a651c9c7848 76778fd446e2ff2377588a7b4ac4d79f258427c9 e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb Loading...

	www.hegodev.com/tds/aietqu	30 B	2023-03-07	2024-04-04
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:28 Last Seen2024-04-04 10:39:38 Times Seen423 Hash 679db76ba3d73d824f89166df549d5c5 b9af7241b0b9b90fdfd1d4623f0b0741d4cd2c50 9795a3cbd22f4c09606f96174a1fe4d65b717c25faa5196f288436f90a72b06c Loading...

	www.hegodev.com/tds/aietqu	77 B	2023-03-07	2024-04-24
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:28 Last Seen2024-04-24 22:39:33 Times Seen931 Hash ff6c592795f4c4b7a66be5d8092cee9d 379d396226dd1d4d95e8c0e581b291e4a4c1d3f0 a1639d5a80b162ce20e1bb8d7057939dc7fd7145a870969dffccf3160a135352 Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b	1.8 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:32 Last Seen2024-04-26 22:53:05 Times Seen6660 Hash cd0eb3406096ff80266e7c9d7d419186 0e3709691bf96233766de30e2fd473b84166c5b6 c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8	716 B	2023-03-07	2024-04-18
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-04-18 13:36:03 Times Seen888 Hash 306f7b49ccd55de683e972c4bc8edf0b f36f53cb950367fff7455566e6c0f293bfe863ae 93c964e1bd5719c525c73073cf64f4c2b03dd6d4fa846d5bce3142596b3f1e97 Loading...

	www.hegodev.com/tds/aietqu	673 B	2023-03-08	2023-12-04
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:32:52 Last Seen2023-12-04 06:33:26 Times Seen12 Hash bb5e5123653c52a275d22d5bfa6d6674 f60c40a0ed8f54c11bc00d6ba0ce10fd83562a1a eddeac043ba7b1a63c76bc97aa64e39eb6611759122640f7c99722ba0f4ef45b Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8	51 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-26 19:54:41 Times Seen6077 Hash e47a9d976663a4ce4db5961af909eb58 12ca7264086b9e543605395947c6671edde9ac80 4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411 Loading...

	0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8	29 kB	2023-03-07	2024-01-03
Pretty URL 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash ae7f0f1874bd3e9a6a0e9736f3307398 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2a1a488ffed07c586e8615e1fb4ec983	8.0 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:09:04 Last Seen2023-03-08 03:09:04 Times Seen1 Hash 2a1a488ffed07c586e8615e1fb4ec983 741397120fa7914214d25204f4a587ef3ed9e8b8 fe37166eeb82cb4e865504d486a0108a344e1abd0a1c66a3c020f601525c264a Loading...

	#2 Eval - d4cee75196f9c3b24f4881fb2aa12292	8.1 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:09:04 Last Seen2023-03-08 03:09:04 Times Seen1 Hash d4cee75196f9c3b24f4881fb2aa12292 c8c695216a2c3c2c5bf8462e27ef029627055618 52313b395420d9b3a283b827f236d18c4612e92d4f936fe4e224ee3ac0634c2f Loading...

	#3 Eval - b4a6ad41270b7d57f63206a9d7d8eada	677 B	2023-03-07	2023-12-13
Pretty Observations First Seen2023-03-07 23:16:26 Last Seen2023-12-13 00:16:43 Times Seen17 Hash b4a6ad41270b7d57f63206a9d7d8eada b0eb27a0bc8d4d4ebca83a8092299c6c42c85f5a ccb5f3145aa8b1a909b8fff2fd5dcae30671628a1fc34f7ba72cb51e152773a0 Loading...

	#4 Eval - 4fdeb9bce08fc1262460319ff3c98ead	669 B	2023-03-08	2023-03-11
Pretty Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash 4fdeb9bce08fc1262460319ff3c98ead ff358afd9d250d209f28fa2594884ed2e1063ff5 2853a4833f813e7cc64c902ca1738bbe62edc7dfb62be6be46d1e0dd2514f9e7 Loading...

HTTP Transactions (74)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 15:54:51 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Yru0iEQmXJX1BzQNRzgN3OJ0-9ulHsFh5fqqIS8xrVCRV9iNBsOxcQ==
Age: 3136

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -yAMwK9nqJbWl6tL7pWkuHYruKADsDfwCUEuyxFimEWecNkmp3vhWQ==
age: 40721
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
490c003436e215e91596f285fcba92f5
0c4c9a5802e7cdb699f4918c252dbdf8431c25ec
9fe6beb1cb3851018168765a243b6de69ec71d30770f8c2dcc57cae7d9978cc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FE6BEB1CB3851018168765A243B6DE69EC71D30770F8C2DCC57CAE7D9978CC1"
Last-Modified: Wed, 28 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12631
Expires: Wed, 28 Sep 2022 20:17:38 GMT
Date: Wed, 28 Sep 2022 16:47:07 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 16:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 17:25:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7GO9uYnw6VnYQETcxeKWzIVbNSUH9qB6lzIXrp8ngXqxVSfUt40urg==
Age: 1055

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3519
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:08 GMT
Last-Modified: Wed, 28 Sep 2022 15:48:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.69.181.45

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.69.181.45:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xjEZdqhY+W1sEaujd/I81Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ea7oXLyCY5BXOYHkVsLyeRjjhOI=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13299 bytes)
Hash
ad84ed0c5b2090df7996007514cf1984
651600f2ef18cecc2e38370069bbb5e1d86f68e0
a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
content-type: image/jpeg
age: 68225
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8500 bytes)
Hash
6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 68291
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14464 bytes)
Hash
aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 68466
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7455 bytes)
Hash
ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 41098
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13213 bytes)
Hash
62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 68888
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12016 bytes)
Hash
4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 68311
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hegodev.com/tds/aietqu

184.168.97.137

301 Moved Permanently

1 B

URL HTTP/2
hegodev.com/tds/aietqu
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
data
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /tds/aietqu HTTP/1.1
Host: hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: 6ff_HTTP.404,6ff_HTTP.301
x-redirect-by: WordPress
set-cookie: slicevisitor=1; expires=Wed, 28-Sep-2022 16:49:09 GMT; Max-Age=120; path=/
location: https://www.hegodev.com/tds/aietqu
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Wed, 28 Sep 2022 16:47:08 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-154422125-1

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-154422125-1
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2039)
Size
42 kB (42333 bytes)
Hash
04189dceee55f23d5c0d987004bdf270
30243fcfd0f5de52b1cf1e2bedc0b0f37b7bba39
5a61441b66d9f141f73c34da1587672d35c086951c21886cf2002ce5b791dd9b

HTTP Headers

GET /gtag/js?id=UA-154422125-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 16:47:11 GMT
expires: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 16:03:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hegodev.com/tds/aietqu

184.168.97.137

404 Not Found

15 kB

URL HTTP/2
www.hegodev.com/tds/aietqu
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39232), with CRLF, LF line terminators
Size
15 kB (14914 bytes)
Hash
1716066ba6d8be1afa0578e317ad7976
3cd0988e70d29b9c31092b584c4c23ace45466c7
ed7fdc6d080f84cfac5204c80ed796254818e7e3ba4015179d9a1276c31a654e

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /tds/aietqu HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
x-powered-by: PHP/7.4.30
x-litespeed-tag: 6ff_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hegodev.com/wp-json/>; rel="https://api.w.org/"
set-cookie: slicevisitor=1; expires=Wed, 28-Sep-2022 16:49:10 GMT; Max-Age=120; path=/
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14914
content-type: text/html; charset=UTF-8
date: Wed, 28 Sep 2022 16:47:10 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2

184.168.97.137

200 OK

493 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
493 B (493 bytes)
Hash
34c447fc8b7747ca0cbb40fec67c28cb
5ef14f89ead8d0d496271cc4a0e482419fe4f667
bdb8e3868d4d8efd5135931edd978ed4f16111f110994ff161e44bd7c3d44467

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2862-767-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 493
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2

184.168.97.137

200 OK

774 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
774 B (774 bytes)
Hash
6e67560034ebfe1a21ca7838a79b3602
98c217a0786d8196f58ac0046e5572f765f50050
447874e04268e1cd9e1269a6df0d7e1a78fdde489d27c7f247052e59aed4c5b1

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2861-d15-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 774
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2

184.168.97.137

200 OK

2.0 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (9062), with no line terminators
Size
2.0 kB (1955 bytes)
Hash
5c569f4b806cef7bae156536de7a6bbe
e333c2951afcd43c3f67af65eec7798142f3b693
87dfa898fa648e03706e8fa4153e5cada9e2c6dc8954607b419d1aa21f3c55f7

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281c-2366-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1955
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2

184.168.97.137

200 OK

1.4 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1023), with CRLF line terminators
Size
1.4 kB (1361 bytes)
Hash
73ee631a66b856896702d8f5992129ad
e2a34ecd904e4ae9de4583a545c2717334c385f7
e5f555322926d2339db8f05008e17b35b453350b8ac8c173542845a9b58f571d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa-business/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 15 Apr 2022 11:47:32 GMT
etag: "e3f67-df4-5dcaff9d452af-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1361
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0

184.168.97.137

200 OK

6.6 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (30429)
Size
6.6 kB (6581 bytes)
Hash
de7a7b0a7cefd6f77d360ab9819ce7c5
73ab1b9dbc0f89e39140965f7f6cc4edb723ff77
f085f338dd26cfc96e4b338ffe0a6b2fe8e4eb7477bfa14883646c08f6b49634

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e4836-777f-5ac8557aaea40-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 6581
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2

184.168.97.137

200 OK

691 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (2414), with CRLF line terminators
Size
691 B (691 bytes)
Hash
70e97a82cb2bd23c0544142f7ec5e48f
99ce9a22208dc751c6dab5b3bfbe99a73a0ce01a
807b94feb5ee85ba59311b80b2e6a15dbcf06336949e10c5a28eae5d22bfbe9f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281f-9cd-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 691
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2

184.168.97.137

200 OK

12 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (59158), with CRLF line terminators
Size
12 kB (12405 bytes)
Hash
37a0cc3233ba8513c0996bf4220250fd
e15ddd5aab9ee220054be8d22178b37ce7862a0e
0c23d7e2429213ce557799efab8f3d55d175b6b40ebc650bd01f70bbf6d1c162

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2808-e7d4-5e4d4065d283a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 12405
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2

184.168.97.137

200 OK

11 kB

URL HTTP/2
www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (43771)
Size
11 kB (10912 bytes)
Hash
069a79d16ded6a02071f286cd2025c44
dd5970e01b8a10dadcf074f72a1c8095f25e947a
78261bccee805c6913bf7e23e2e25314f05f690300a77a40ca36e1e516b20203

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
etag: "125f63-15b64-5e2f99fa9e940-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10912
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

184.168.97.137

200 OK

628 B

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1626)
Size
628 B (628 bytes)
Hash
5b31f9f2f4e068d0932e615b4c1430d7
a84aad0dae77532f66a7777d67facca9a2e6ab6f
af3fdfe4f024a9ae6bad6e550e63a4636396208b9554a2eb5aa4f8a4de716d0e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
etag: "164a9e-71b-53a5d2030ec80-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 628
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2

184.168.97.137

200 OK

1.7 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (5477)
Size
1.7 kB (1733 bytes)
Hash
b1ead9e078b8c6a5044a583ef6fbbd5e
577658f92d2657f1131a97b6f128dfdb50d21d1a
b337360f9345d0763a9394d9a2b032459e0fe6199bee2a4b76f2b8ca24d8b867

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/imagesloaded.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126622-15fd-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1733
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8

184.168.97.137

200 OK

993 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
993 B (993 bytes)
Hash
0880979edd9517f9a7b7307495d2e853
9680cf285e27e869e1b90baaea045cc375e0a2c1
a25525fac97c4a6cb0c565349aeeae0f79b5bdedc77c88f7521e946bb7567924

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287a-17ab-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 993
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0

184.168.97.137

200 OK

3.0 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1577)
Size
3.0 kB (3018 bytes)
Hash
c42db5fc087004f61b1fd52f2fa6589a
d315714e57e1b83e3851a3261bcb6f3a8f8aedbd
47bec89c01cd4cc1e52ab92fcd1d1f50d73342d368064fd693a619e8072d4f93

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:38 GMT
etag: "105ac6-2e7a-5e4d403037d5f-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 3018
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2

184.168.97.137

200 OK

19 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (65319), with CRLF line terminators
Size
19 kB (18894 bytes)
Hash
a08b37e95872eb5945c89f729fe74d26
a4e542358e28aacc01fb2ca977feaf1567a35bc9
1210d07107cc6e06709991d7e78d50039183e90962f7e8a92744134a40a37878

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2811-2268e-5e4d4065d2c22-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 18894
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2

142.250.74.10

200 OK

2.4 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
2.4 kB (2353 bytes)
Hash
96761bc4aad59e4de37752c7cc4e49b2
2b9faa807ecaa54ca1fc6cb2decf7065d160e804
5ca3a97356acdbb7cc0cfac7a1b09969ae994c5f9c7a83be736c5322f2d1b7f4

HTTP Headers

GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 16:47:11 GMT
date: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

184.168.97.137

200 OK

4.6 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (11126)
Size
4.6 kB (4641 bytes)
Hash
55050b24c45c4eb4288d37c787febc62
0e2e51876c68c377021c7ca922b671df43f40667
6f37b7fe435d863f1b2e3671ae9ccdab95189f4bfba860383e48cf2d1306467a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:05:35 GMT
etag: "164a9d-3602-5e942e0f8e243-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4641
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8

184.168.97.137

200 OK

338 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
338 B (338 bytes)
Hash
295d8e7be879e4b8f375f36a9ac45e07
616274653f472969eaa37880ce42db18be993aae
ace732d52491f3fafa3b95770ce6e10b0ef7ce9c87ea178cb8f75927b2379417

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2876-2cc-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 338
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2

184.168.97.137

200 OK

23 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1137)
Size
23 kB (22726 bytes)
Hash
951d728eb6833d22f9c81d65f0b86125
2eb36f396caa9da773c34cade2459e2b39d7153f
61703f377447272f82b6f36cbaaee9a0f31a037c64a6f4e9b803aafae34b6efc

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "12338a-2948d-5e4d4065d0ce2-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 22726
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8

184.168.97.137

200 OK

2.5 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (8320), with CRLF line terminators
Size
2.5 kB (2504 bytes)
Hash
f4d1dc17a8b538c2c3ea8ff13ea6d10b
a0bac998d0ac28f0e5b6a2993190daa435861724
2e2949f1f3b9db6036a9c9d97b431623572ce674e9944e44d2f2807061fcfe64

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287e-20e6-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2504
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2

142.250.74.10

200 OK

2.6 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
2.6 kB (2635 bytes)
Hash
0b52112ec18c1ce6030e6ef90732911c
9615d4d22b3b57f3efa6618b3ce470efc279472e
e7d3c4a343439d096bb344fcaf5e062b925450c8fd28d16a8c8f11643a0e3efe

HTTP Headers

GET /css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 16:47:11 GMT
date: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8

184.168.97.137

200 OK

1.6 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Size
1.6 kB (1636 bytes)
Hash
e74167fd14ae4f773d3afd5138ad81f2
9062953647b497a403cec22ad1ca2d31f76d96b2
b3539412526d3a6c6f18e32b9bcacb4274e51b44e876fb6ad9a02f8449c61c52

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2875-1537-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1636
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

184.168.97.137

200 OK

31 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (62845)
Size
31 kB (30937 bytes)
Hash
7e34be448eebf21b9ab8cfcd8fde9504
a4e968811822f988b09ad62e4701286a6fad2e75
7893733ef7a787b4d182abf64a9fc6cbc40c9cced8b203dca707d4d09bc8bd6f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 13:07:21 GMT
etag: "164aa5-167db-5e943bde0430c-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 30937
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670

184.168.97.137

200 OK

4.7 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (12498), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
178e76046eb0e7272c90d4c8f5c6a582
0f6b3d54c1630ac1fe511a9de4dc6963c0f66c0c
4c78ef5db663c8ceb5185f1ed58195e871afd4f036eb89a83776f8851ad79c2b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:33 GMT
etag: "1059d1-30d2-5e4d402ba7d82-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4706
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2

184.168.97.137

200 OK

4.6 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (15660)
Size
4.6 kB (4614 bytes)
Hash
a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "126637-48b9-5dc6eb878efc0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2

184.168.97.137

200 OK

7.1 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (23966)
Size
7.1 kB (7130 bytes)
Hash
b15709b26cbed268be463aeb7221d12d
8ece754f196cdbace087ee39d77784626f1bac9a
381c481a826838b8eadc28c8290f1928bea7edb660da92dfc08dd6bdf2d37122

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126636-5e4a-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 7130
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8

184.168.97.137

200 OK

10 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (42862), with CRLF line terminators
Size
10 kB (10104 bytes)
Hash
73b81ca4bccda384885bffd32b65d8e8
f66055b3dbf1ede1f0c2fa56a888981c3961bfe6
668d4731db28264dbce69d3dd601d722b0dcb1c785e8b2e8a58d81f1cfba00d6

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e286a-a770-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10104
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8

184.168.97.137

200 OK

14 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (50758), with CRLF line terminators
Size
14 kB (13455 bytes)
Hash
0ee8c174de1686d6078ac63eda46404e
cc0de71ae4dde2bf22a32776e517d80777f204ad
53c30939a24897a873222ecebb9228316342f1b96bdd5849f9bcf847b707fa45

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2815-c765-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 13455
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2

142.250.74.163

200 OK

11 kB

URL HTTP/2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10840, version 1.0\012- data
Size
11 kB (10840 bytes)
Hash
1dfdc31ff2064daaaf92877a90bed3b8
a538ee943a4cc54748827e91b91fb5932d3fde50
f5346003928ce35756d754b207e777261fc6b226caf252f5c07e302a3ed2accd

HTTP Headers

GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 10:56:22 GMT
expires: Thu, 28 Sep 2023 10:56:22 GMT
cache-control: public, max-age=31536000
age: 21050
last-modified: Tue, 19 Apr 2022 18:13:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 341147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2

142.250.74.163

200 OK

11 kB

URL HTTP/2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10808, version 1.0\012- data
Size
11 kB (10808 bytes)
Hash
813e62d2193672e925a80aa9c4a85696
248768195074f87fd8bee6b45e87ab265d4ce7f1
2a257de7d16cbc56379bbeba00afc1533e9aee044331ef5d618ec6db47ba103c

HTTP Headers

GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:12:59 GMT
expires: Fri, 22 Sep 2023 07:12:59 GMT
cache-control: public, max-age=31536000
age: 552853
last-modified: Tue, 19 Apr 2022 18:08:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg

184.168.97.137

200 OK

30 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 360x203, components 3\012- data
Size
30 kB (29594 bytes)
Hash
624934584c27faf93df0f15f1ab5f7c3
ecd3df25050330a2ce11d4e1f7e8e22b2229eb95
29d4c1b20b4ed7a5c8e399e46879567e0f31f7b75205dd6355cc455382b14aa1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/images/bosa-360-200.jpg HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e282f-739a-5e4d4065d33f2"
accept-ranges: bytes
content-length: 29594
content-type: image/jpeg
date: Wed, 28 Sep 2022 16:47:12 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0

184.168.97.137

200 OK

98 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Size
98 kB (98024 bytes)
Hash
fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:28 GMT
etag: "e483e-17ee8-5ac8557d8b100"
accept-ranges: bytes
content-length: 98024
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Wed, 28 Sep 2022 16:47:13 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff

184.168.97.137

200 OK

104 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Web Open Font Format, TrueType, length 104280, version 331.-31327\012- data
Size
104 kB (104280 bytes)
Hash
4bfbf7eb4b19d9ff9293eb177b6d0070
18d9a334e7184ae08e3a1c0468afb56a2a5b51cc
54b246419327b460f37af4f2dfaa4ac9cb901f62ea517ab95c06ae8605cf51e6

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f9-19758-5e4d4065d206a"
accept-ranges: bytes
content-length: 104280
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Wed, 28 Sep 2022 16:47:13 GMT
server: Apache
X-Firefox-Spdy: h2

cdn.weatherplllatform.com/result.js?v=000

91.211.91.114

200 OK

2.1 kB

URL HTTP/2
cdn.weatherplllatform.com/result.js?v=000
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type
ASCII text, with very long lines (6188), with no line terminators
Size
2.1 kB (2082 bytes)
Hash
d868962b4e4d69fd837a3e1556c7381b
b8652d5ae1fb0f2d0fd0c5743a53c838a4a392ae
675e3090a5bd969bd83b2db91451dcb981568b53f63b383069b92fd5eb305170

HTTP Headers

GET /result.js?v=000 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:46:59 GMT
vary: Accept-Encoding
etag: W/"6331bb63-182c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29

91.211.91.104

302 Found

0 B

URL HTTP/2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29

91.211.91.104

200 OK

816 B

URL HTTP/2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
816 B (816 bytes)
Hash
158636bd94d6293314d30df78496ca4f
64b9c3738b143d180e274a0d8015f5e5074b0c35
09f6a0fd9e385aebf884555e2c898a3c49d2d1590207ee874b6c8b0f6019795a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
content-length: 816
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9e78811da7e103e73261ab022d74a10b
8efd6d841ef786645cd5a0fcf2676fb9e8c6397e
1a763759c4e128a6bac5bacb72e88d4d21f5650bd9196ae87618e1247f3bcd98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A763759C4E128A6BAC5BACB72E88D4D21F5650BD9196AE87618E1247F3BCD98"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4141
Expires: Wed, 28 Sep 2022 17:56:15 GMT
Date: Wed, 28 Sep 2022 16:47:14 GMT
Connection: keep-alive

silverlinetogther.net/b81698fd2.js

185.177.94.152

200 OK

54 B

URL HTTP/2
silverlinetogther.net/b81698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
54 B (54 bytes)
Hash
30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f

HTTP Headers

GET /b81698fd2.js HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

silverlinetogther.net/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
silverlinetogther.net/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
14f6289b0a75e05290efe60d88641e14
a33856565cc264bb6a2c3e2d75d5399180ea3074
98a3c1d48b09b9b17f6cdfeef9bd6c87e3980d1b46873b7c9634784c24dd10e3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A3C1D48B09B9B17F6CDFEEF9BD6C87E3980D1B46873B7C9634784C24DD10E3"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6863
Expires: Wed, 28 Sep 2022 18:41:38 GMT
Date: Wed, 28 Sep 2022 16:47:15 GMT
Connection: keep-alive

cdn.weatherplllatform.com/events.js?v=2.141

91.211.91.114

200 OK

633 B

URL HTTP/2
cdn.weatherplllatform.com/events.js?v=2.141
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type
data
Size
633 B (633 bytes)
Hash
659c9651712b354b7023f0561ad5d6a4
fe44771a7dbf12854925d1d8e23c85d8c5858c3c
36a705c45e5326adf23f4db13f1b8d1b883f44e3834f04566771708f8a2b126e

HTTP Headers

GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8

185.177.94.152

200 OK

53 kB

URL HTTP/2
0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Size
53 kB (53126 bytes)
Hash
c56a440d7195db53a724974c116657f7
2052f1eed7a9c5943f64099a49bdc74e37600a6b
337163acfb1fa3e1af4b90a9572661fe071b738f4254dace3423383e9e9912ba

HTTP Headers

GET /index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 HTTP/1.1
Host: 0.silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa; expires=Fri, 28-Oct-2022 16:47:15 GMT; Max-Age=2592000; path=/; domain=0.silverlinetogther.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

browork3er.cc/sw/bro.js

51.15.18.159

200 OK

1.9 kB

URL HTTP/2
browork3er.cc/sw/bro.js
IP
51.15.18.159:0
ASN
#12876 Online S.a.s.

File type
data
Size
1.9 kB (1883 bytes)
Hash
f4be42785bf387902bac0d5780496e69
9eefde87f4a8e8a9279ad83d935da4380bbdfbf0
7a28a6668b4ab5b34fea7fd17ac87a664636e2488ecb44118e30661e2ba62005

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 28 Sep 2023 16:47:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

browork3er.cc/sw/bro.js

51.15.18.159

200 OK

1.4 kB

URL HTTP/2
browork3er.cc/sw/bro.js
IP
51.15.18.159:0
ASN
#12876 Online S.a.s.

File type
ASCII text
Size
1.4 kB (1380 bytes)
Hash
57b44c6c58640afa1dbc8ea67a60dfd9
2a94bc42bbe9487e11514c56920713b98e287ea5
abf988b1596979ad8ef5719d82e2c159a2fb4023e174339344e972a74a554e5d

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 28 Sep 2023 16:47:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2

184.168.97.137

200 OK

0 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f7-1397c-5e4d4065d206a"
accept-ranges: bytes
content-length: 80252
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Wed, 28 Sep 2022 16:47:12 GMT
server: Apache
X-Firefox-Spdy: h2

silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8

185.177.94.152

200 OK

0 B

URL HTTP/2
silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /go/he2tszrzmq5dcmbugayq?sub2=dpicer8 HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa; expires=Fri, 28-Oct-2022 16:47:14 GMT; Max-Age=2592000; path=/; domain=silverlinetogther.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

di4.biz/?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0

185.177.92.179

200 OK

0 B

URL HTTP/2
di4.biz/?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0
IP
185.177.92.179:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=4b24b250-b1c1-4f24-8ba3-6d1abad30f19; expires=Fri, 28-Oct-2022 16:47:15 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations