Report - loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor

Report Overview

Visited public
2024-12-08 14:42:45
Tags
URL
loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Finishing URL
loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
IP / ASN
3.124.100.143
#16509 AMAZON-02
Title
Neverwinter Nights 2 Save Game Editor

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
loadingsale746.netlify.app	unknown	2018-05-08	2024-12-08	2024-12-08	1.5 kB	81 kB	3.124.100.143
nwnlexicon.com	unknown	2002-07-07	2013-04-16	2023-12-03	463 B	20 kB	78.46.64.67
www.gry-online.pl	244668	2000-07-21	2012-06-24	2024-12-08	455 B	51 kB	104.26.15.113
indejs.space	unknown	unknown	2020-12-05	2024-12-06	440 B	0 B	0.0.0.0
subcari.info	unknown	2021-02-17	2021-02-17	2024-12-07	609 B	2.7 kB	172.67.196.25

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-08	medium	indejs.space	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	unknown	367 B	2024-12-08 14:42	2024-12-08 14:42
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-12-08 14:42 Last Seen2024-12-08 14:42 Times Seen1 Hash 4e62250fd11866a81f51cfe205012a70 a7fe7b84bfaae6608b42b6d2f0e138e546dd245f 4dc9320dba7abf11f5ba3ab051c4380c3f67ab6f41257ae02b0844f518eab48f Loading...

	loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor	17 kB	2024-12-08 14:42	2024-12-08 14:42
Pretty URL loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor IP 3.124.100.143 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-08 14:42 Last Seen2024-12-08 14:42 Times Seen1 Hash 88cf1751d314f43a2b61dba41b692ca8 a2741cba471cdbf18ebdcf9534c0ae93b8b758a9 a2a65aa73453e80addc45d43d6cee55dca127e5ece4efa0b36ce72f086d853af Loading...

	loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor	569 B	2024-12-08 14:42	2024-12-08 14:42
Pretty URL loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor IP 3.124.100.143 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-08 14:42 Last Seen2024-12-08 14:42 Times Seen1 Hash c005e1c169a10be32e66b9a9a661a640 445e4bf0846958bca204929552c86396a0c29e69 4f07b3037198d179191cfdb8384c4334004e12259e090715080642ccc07948cf Loading...

		Size	First Seen	Last Seen
	#1 Eval - 57c255e9e5a344d54c42e825fee71bf9	176 B	2023-03-07 12:03	2024-12-26 11:13
Pretty Observations First Seen2023-03-07 12:03 Last Seen2024-12-26 11:13 Times Seen967 Hash 57c255e9e5a344d54c42e825fee71bf9 1e47d2deb09cf81d7a4811cbd24620b5310fdf89 9bea87171bca01d8f7aa0c7d34a5fc8f41e6483136f990056ed6413eb87c5934 Loading...

	#2 Eval - e81be8982cc8b79aaffcef6f174aa17f	1.6 kB	2024-12-08 14:42	2024-12-08 14:42
Pretty Observations First Seen2024-12-08 14:42 Last Seen2024-12-08 14:42 Times Seen1 Hash e81be8982cc8b79aaffcef6f174aa17f bc698799913581ad123f1d1e5a5a8bca08b0e49f 45dea0b18d751331a68454fb2b581ecb528d47309b01af08d9e26be0c826ddda Loading...

HTTP Transactions (7)

URL IP Response Size

loadingsale746.netlify.app/style.css

3.124.100.143

200 OK

26 kB

URL GET HTTP/2
loadingsale746.netlify.app/style.css
IP
3.124.100.143:443
ASN
#16509 AMAZON-02

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (23153)
Size
26 kB (26388 bytes)
Hash
04f928d9c44fa63966f966f17898d8b9
ee508b67b6c72e4202e1fa7c624eca7b5d8f0e66
ab8b79ecf9b56d5252e5c779e69c5f6ef36139d403a155552b060377a01802ae

HTTP Headers

GET /style.css HTTP/1.1
Host: loadingsale746.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 43597
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-type: text/css; charset=UTF-8
date: Sun, 08 Dec 2024 14:42:21 GMT
etag: "c8a0d65bfb46c3ebbc75abf1ffe4914a-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01JEKBHBP1W7RPC06WARKXC43V
content-length: 26388
X-Firefox-Spdy: h2

nwnlexicon.com/images/1/13/Debug_server_script_editor.PNG

78.46.64.67

200 OK

19 kB

URL GET HTTP/2
nwnlexicon.com/images/1/13/Debug_server_script_editor.PNG
IP
78.46.64.67:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Certificate
IssuerZeroSSL
Subjectnwnlexicon.com
Fingerprint12:A3:6B:89:86:1D:66:AF:C0:6F:EC:AB:D4:40:E2:9F:3B:6F:0F:B1
ValidityWed, 27 Nov 2024 00:00:00 GMT - Tue, 25 Feb 2025 23:59:59 GMT

File type
PNG image data, 634 x 480, 8-bit/color RGBA, non-interlaced
Size
19 kB (19294 bytes)
Hash
b9d5d4a14fb98f0898c570142b4ddee0
5571fb1f3dc202552b12667b26f9bacd5ccae6bc
d051b88b80200b6978fe9d7729843308af33f5c1f89383dc7503f2c23070723d

HTTP Headers

GET /images/1/13/Debug_server_script_editor.PNG HTTP/1.1
Host: nwnlexicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
content-type: image/png
date: Sun, 08 Dec 2024 14:42:21 GMT
etag: "4b5e-5a8b2a924ca21"
last-modified: Mon, 22 Jun 2020 21:09:38 GMT
x-clacks-overhead: GNU Terry Pratchett
content-length: 19294
X-Firefox-Spdy: h2

loadingsale746.netlify.app/favicon.ico

3.124.100.143

200 OK

1.6 kB

URL GET HTTP/2
loadingsale746.netlify.app/favicon.ico
IP
3.124.100.143:443
ASN
#16509 AMAZON-02

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1607 bytes)
Hash
d30d61cde74799a65c0100f6353172d3
6818810cd016d19a9c1fa1d6369dd23cb451aabd
2d9f46c4d0ad80c7e53aa9c5595e2aaff6d0f8d7cc1ceb8747b15c28b5578576

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: loadingsale746.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 46904
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-type: image/vnd.microsoft.icon
date: Sun, 08 Dec 2024 14:42:21 GMT
etag: "9dcdd709b24c1f969ee32af66b107731-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01JEKBHBZC7QBM9JW98ZW2JYMZ
content-length: 1607
X-Firefox-Spdy: h2

www.gry-online.pl/galeria/Html/Pliki/61547277.jpg

104.26.15.113

200 OK

50 kB

URL GET HTTP/2
www.gry-online.pl/galeria/Html/Pliki/61547277.jpg
IP
104.26.15.113:443
ASN
#13335 CLOUDFLARENET

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Certificate
IssuerGoogle Trust Services
Subjectgry-online.pl
FingerprintB7:99:7E:FD:EF:E6:36:34:0D:DE:D0:DD:48:75:26:AA:E1:E8:60:55
ValidityWed, 13 Nov 2024 01:57:31 GMT - Tue, 11 Feb 2025 01:57:30 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 640x360, components 3
Size
50 kB (49770 bytes)
Hash
1fa68a7d40c5fe2b2cc04ac3d4689c24
5b4a2bd59396d0fe4fdd105afcf011bc27a4881a
b314bf33997cea33b285288d8311e3d64759ebbf798a7dd66447621e7044c287

HTTP Headers

GET /galeria/Html/Pliki/61547277.jpg HTTP/1.1
Host: www.gry-online.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Dec 2024 14:42:21 GMT
content-type: image/jpeg
content-length: 49770
cache-control: max-age=31536000
last-modified: Wed, 19 Jul 2017 14:29:38 GMT
etag: "0f567739b0d31:0"
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FZxsXXRtxxKSjPIQa02nWaCfxZsOHq0eogI6PjnuqH8gLFwjvOJIQeZYyQ0ti%2FECdLyhcELFFFqqHzYIdfMZ9ky4bIIdrpvoDJn%2BBfqF5ynk2ybgsFafG2BYUUp%2B5OYv2Kf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8eed85848d620b41-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=571&min_rtt=453&rtt_var=127&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3278&recv_bytes=1229&delivery_rate=6621951&cwnd=254&unsent_bytes=0&cid=2906c854cfb2f355&ts=320&x=0"
X-Firefox-Spdy: h2

indejs.space/

0.0.0.0

0 B

URL GET
indejs.space/
IP
0.0.0.0:0
ASN
#0

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: indejs.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://loadingsale746.netlify.app
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor

3.124.100.143

200 OK

51 kB

URL User Request GET HTTP/2
loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
IP
3.124.100.143:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (45810), with CRLF line terminators
Size
51 kB (51376 bytes)
Hash
1cdab7e488579b3e05ef577ac3bd46ef
cbf7b3288554aef0d3b78c2a8fbdc27afce309d5
37ac7979a1bb79161cf13b1c32244e3c959eac82ac4cb3ad7d46425e2ea41625

HTTP Headers

GET /neverwinter-nights-2-save-game-editor HTTP/1.1
Host: loadingsale746.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 08 Dec 2024 14:42:21 GMT
etag: "854170cb8e5c3627c27dc705c522217d-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01JEKBHB8H5B9F3FRFXECRWYXQ
X-Firefox-Spdy: h2

subcari.info/?npc=XQFGEVBWCFVQRQUGCFVQUVsJAwwdXF1CXBMTXV4XUxYSXlkEW0QSGwAbQlJOAE5RVgxRH1RWUUBWE0gFAVIaVBVEXxMYWwRJRV9DV0tOClpTSkBRUF8TBhVNXRoCUwRVFQIcUR9VDx1nYx0fFBEATkMSEQdQFwtVag==

172.67.196.25

200 OK

1.6 kB

URL GET HTTP/2
subcari.info/?npc=XQFGEVBWCFVQRQUGCFVQUVsJAwwdXF1CXBMTXV4XUxYSXlkEW0QSGwAbQlJOAE5RVgxRH1RWUUBWE0gFAVIaVBVEXxMYWwRJRV9DV0tOClpTSkBRUF8TBhVNXRoCUwRVFQIcUR9VDx1nYx0fFBEATkMSEQdQFwtVag==
IP
172.67.196.25:443
ASN
#13335 CLOUDFLARENET

Requested by
https://loadingsale746.netlify.app/neverwinter-nights-2-save-game-editor
Certificate
IssuerGoogle Trust Services
Subjectsubcari.info
FingerprintD6:CB:D4:E6:9D:15:A5:AC:77:12:D1:9A:F9:98:F6:56:D3:31:C1:4C
ValidityMon, 25 Nov 2024 06:30:04 GMT - Sun, 23 Feb 2025 06:30:03 GMT

File type
ASCII text, with very long lines (1607), with no line terminators
Size
1.6 kB (1552 bytes)
Hash
3def7c31b097514606375fe84300121b
12f58b3a68a07d2a3f93a2e050257f05f27c5dfc
15859447a82dffda5e74dc5ef9e21df03606ea3ebb09d55220428b0831229e18

HTTP Headers

GET /?npc=XQFGEVBWCFVQRQUGCFVQUVsJAwwdXF1CXBMTXV4XUxYSXlkEW0QSGwAbQlJOAE5RVgxRH1RWUUBWE0gFAVIaVBVEXxMYWwRJRV9DV0tOClpTSkBRUF8TBhVNXRoCUwRVFQIcUR9VDx1nYx0fFBEATkMSEQdQFwtVag== HTTP/1.1
Host: subcari.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://loadingsale746.netlify.app
DNT: 1
Connection: keep-alive
Referer: https://loadingsale746.netlify.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Dec 2024 14:42:21 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://loadingsale746.netlify.app
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: gNeKOrbiAo=1.1733755341; expires=Mon, 09-Dec-2024 14:42:21 GMT; Max-Age=86400; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QO0Gw67kP%2Fogq7mMD1crd5PyxTgaB75GQL3fVfLaUjV%2Bjkr8RW3HFdebf2cwiovhMXhwZl5TP96y0PwYmfzI4bMC3i%2B08ZbVA2J7i0sMyM3to%2FgcTPA4oRHAUq7NfGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8eed858518bf56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=721&min_rtt=454&rtt_var=489&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3176&recv_bytes=1230&delivery_rate=4958904&cwnd=253&unsent_bytes=0&cid=92beff37edb4b4cc&ts=55&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (7)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers