Report - hegodev.com/tds/aietqu

Report Overview

Submitted URL
hegodev.com/tds/aietqu
IP
184.168.97.137
ASN
#26496 AS-26496-GO-DADDY-COM-LLC
Submitted
2022-09-29 20:29:22
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
126

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	69 kB	142.250.74.163
away.bettershitecolumn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.7 kB	91.211.91.104
silverlinetogther.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	976 B	185.177.94.152
0.silverlinetogther.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	14 kB	185.177.94.152
cdn.weatherplllatform.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	377 B	91.211.91.114
browork3er.cc	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	364 B	51.15.16.150
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	4.1 kB	142.250.74.10
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.214.17.205
www.hegodev.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	403 kB	184.168.97.137
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	7.1 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	43 kB	142.250.74.72
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
hegodev.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	454 B	184.168.97.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-29	medium	hegodev.com/tds/aietqu	Malware
2022-09-29	medium	www.hegodev.com/tds/aietqu	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0	Malware
2022-09-29	medium	www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8	Malware
2022-09-29	medium	www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670	Malware
2022-09-29	medium	www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	Malware
2022-09-29	medium	www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8	Malware
2022-09-29	medium	www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2	Malware
2022-09-29	medium	www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0	Malware
2022-09-29	medium	silverlinetogther.com/b81698fd2.js	Phishing
2022-09-29	medium	0.silverlinetogther.com/b81698fd2.js	Phishing
2022-09-29	medium	silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	hegodev.com	Sinkholed
2022-09-29	medium	bettershitecolumn.com	Sinkholed
2022-09-29	medium	bettershitecolumn.com	Sinkholed
2022-09-29	medium	bettershitecolumn.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed
2022-09-29	medium	silverlinetogther.com	Sinkholed

JavaScript (33)

	URL	Size	First Seen	Last Seen
	www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8	8.4 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen109 Hash faf3fdf912d0f77654f4e1b7f2e5f7ad e7c2085507cf04d23450e1f82f053c333d84c349 7ee0bff42f17216e2d179773df183332a565a866a4b67eaeed1546111d4f283d Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8	6.7 kB	2023-03-07	2023-07-21
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-07-21 17:36:08 Times Seen10 Hash 9f7947e2d2a685172ba89bc754533214 6de73a75e98c42889cbb745f21704ca34c9f6991 c192257b9c926c29214d7a95383645ce682da5b95c8f1feb6b525c9937168453 Loading...

	www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	19 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 01:56:03 Times Seen38055 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	92 kB	2023-03-07	2023-03-11
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:19:01 Last Seen2023-03-11 11:06:35 Times Seen1 Hash 2fe43508c7a90752d50c6eefe74516fb 66ba87275b076ddec85fdc44c46b122fed0c0dd9 3da1d7664c9ceee8ce1c040916cf60a9f76623b28bfd31c45f3861c334ed3e9b Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8	2.6 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen110 Hash 3b40df82ff6a8bda5a97df7d43da8aba 2627fcb88f1b03aaa96c7ff5663c526271580414 89f280c948d1f1484534a9ddb872db305f19ce14cdf09a380362aac0ddf406de Loading...

	cdn.weatherplllatform.com/events.js?v=2.141	2.3 kB	2023-03-08	2023-03-11
Pretty URL cdn.weatherplllatform.com/events.js?v=2.141 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash e129bf2c4a9adb540f3f6f438feeb2a3 37a3d3f83d33311cea4eea6506326a4c93e4b7b5 f0af99595f5240b6c86b70a17902c4bf72bd4f356303dd8b732ade94ecb38d69 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8	6.1 kB	2023-03-07	2024-03-23
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-03-23 02:36:13 Times Seen99 Hash e6a77e68a6b5d22c35272e47e908af27 024ebd47521baacf5cf6d3d7cfad304c2521a5ec d68d3f7e57ff1d6b8dc13b5b01994bd93e3a423ea98a5a81225d2e4758fcb025 Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	14 kB	2023-03-07	2023-12-11
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:35:56 Last Seen2023-12-11 14:23:41 Times Seen4 Hash 0ea2d9f4e507b9de3be74f262ba1ffc8 3fca561d29a70cb42e1746fd73cd62bb3bc510b5 f7e755339fedc4d779eec71de9fa9807b8efe368d9ed501a4fd978aac39f19fc Loading...

	www.hegodev.com/tds/aietqu	369 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:27 Times Seen1 Hash 4892f8171d1ae1cd7c9a7f1fc3af9725 b31a706348062486bd53d5d58acec7a6406634dc 83d9fe3eb53ecf35cd397b9e59583e7f0fa25ad462a7bbabb15b897f23bda682 Loading...

	www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2	5.6 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-04-26 04:19:35 Times Seen30974 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29	210 B	2023-03-07	2023-03-08
Pretty URL away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29 IP 91.211.91.104 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:10:30 Last Seen2023-03-08 03:35:03 Times Seen1 Hash 7d33de7dd4d49bc9b36ea3de5913179d 387807eaae925294a470fea69c59f27d78c3f502 8c7bc877139d024b4f78c59d006456ff4a3c1637b45d5fb9a8df40e35a768e58 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8	716 B	2023-03-07	2024-04-18
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-04-18 13:36:03 Times Seen888 Hash 306f7b49ccd55de683e972c4bc8edf0b f36f53cb950367fff7455566e6c0f293bfe863ae 93c964e1bd5719c525c73073cf64f4c2b03dd6d4fa846d5bce3142596b3f1e97 Loading...

	www.googletagmanager.com/gtag/js?id=UA-154422125-1	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-154422125-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:35:03 Last Seen2023-03-08 03:35:03 Times Seen1 Hash c1f9b022de328b58488b448c6eebaa41 88d384ded9a83e5fc1abc70e1dec1d313f013523 37c82ae9688217ed3188717ba1fb3520aed169efa0703705852768061cf13731 Loading...

	www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0	12 kB	2023-03-07	2024-04-25
Pretty URL www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:48 Last Seen2024-04-25 08:07:38 Times Seen5599 Hash a76f61318af036823b08d73536486be6 31ff9b215dcef9151b9f4fc50ea91a9df1962102 abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e Loading...

	www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670	12 kB	2023-03-07	2024-01-01
Pretty URL www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2024-01-01 13:35:37 Times Seen38 Hash 5379f8e7d63c4a22411b123b0beb6c4e c92aaa0b2e05c32e9378bd8b20d90c951f4278fe ac8ba41f2ad11b9f60654e4550ab7a47ee85f4cb9dd50df9f362081ad5cd8a7f Loading...

	www.hegodev.com/tds/aietqu	268 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:26 Times Seen1 Hash 3af8d6925807eb4ab5fd0a684586085d ac8a6c984dfc66f8fd3fbdc142d9e4c654fb200b dceefda343169de7f384d2839179fb8ad8360c6da6f3b48bccf2ff4ce41c2758 Loading...

	www.hegodev.com/tds/aietqu	30 B	2023-03-07	2024-04-04
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:28 Last Seen2024-04-04 10:39:38 Times Seen423 Hash 679db76ba3d73d824f89166df549d5c5 b9af7241b0b9b90fdfd1d4623f0b0741d4cd2c50 9795a3cbd22f4c09606f96174a1fe4d65b717c25faa5196f288436f90a72b06c Loading...

	www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2	24 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-04-26 03:48:06 Times Seen15285 Hash 3b3fc826e58fc554108e4a651c9c7848 76778fd446e2ff2377588a7b4ac4d79f258427c9 e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb Loading...

	www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b	1.8 kB	2023-03-07	2024-04-26
Pretty URL www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:32 Last Seen2024-04-26 00:51:36 Times Seen6658 Hash cd0eb3406096ff80266e7c9d7d419186 0e3709691bf96233766de30e2fd473b84166c5b6 c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25 Loading...

	silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5	8.1 kB	2023-03-08	2023-03-08
Pretty URL silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:35:03 Last Seen2023-03-08 03:35:03 Times Seen1 Hash 4143f0e56ddb240955a67a7ecd3b5831 2792255fab6f82dc2cb8a3372141b7f3141a02a7 ac678f83a4a22aa5a4b49c6a92fee70358134a2127b46dbb36220ab0775bce4a Loading...

	www.hegodev.com/tds/aietqu	5.9 kB	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:26 Times Seen1 Hash 094641aa75d7a7c816a34281eca2940a 3195b36643baf52e9433420d54dabb0a0c6ac5fe 665e9f41aae0182a721ad71a27c608822a3d97ca661e86cb099ea19512736fa6 Loading...

	cdn.weatherplllatform.com/result.js?v=000	6.2 kB	2023-03-08	2023-03-10
Pretty URL cdn.weatherplllatform.com/result.js?v=000 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:57 Last Seen2023-03-10 10:58:12 Times Seen1 Hash 4161c11612d0a349df27f691b3057a5e 21c4eeeee2b97c1961d8f06b4f32497895f330e1 4b1238a1b9202c3d215ed7b3f05a6cf12fb71d520d2066f25bbda095603dc9dd Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8	5.4 kB	2023-03-07	2024-03-16
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:48 Last Seen2024-03-16 22:31:13 Times Seen330 Hash 9b7664fe260d1a57a13ca71507b43499 d07064a9d012bae3f256adfa7d021c40793c962c fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6 Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8	51 kB	2023-03-07	2024-04-24
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-24 20:05:32 Times Seen6075 Hash e47a9d976663a4ce4db5961af909eb58 12ca7264086b9e543605395947c6671edde9ac80 4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411 Loading...

	www.hegodev.com/tds/aietqu	704 B	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:31 Last Seen2023-03-17 12:52:27 Times Seen1 Hash f2b76d5df55f635cbcc9fb4664641a8d 10e06e58bbef6ac451ced2af47ed1f0d4d5d4e8b 6f321f8683b1ae7f63e89c55b9137dcd90aa7c0939a4094836e6bf1b15cb999a Loading...

	0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5	8.1 kB	2023-03-08	2023-03-08
Pretty URL 0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:35:03 Last Seen2023-03-08 03:35:03 Times Seen1 Hash 3ed23d98ac476b1d4d34a61151959e09 92316e458b3af6d740390c2377a9140cb4a5ab1a 02ad824e44daaff1aa86369f43ede7373bdf9376d8cbb8dccdc7ed6a35d186bf Loading...

	www.hegodev.com/tds/aietqu	2.2 kB	2023-03-07	2023-03-17
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:51 Last Seen2023-03-17 12:52:27 Times Seen1 Hash 0dd3f674af338fb887ccbd5465ebee07 5181268a6b5c19737a9038bfa1cf0bb7a25b9055 ef25e99e225dde12975b29faefae4ef9db02b6a87bbbd4f935e4f0bb2f3da1bb Loading...

	www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8	43 kB	2023-03-07	2024-04-25
Pretty URL www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:24 Last Seen2024-04-25 23:55:31 Times Seen3039 Hash 777da4aaf5b960636dec0fd4e50ba489 9a94038ccae90e6d2a0f9cb61f79ae7c70320287 e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb Loading...

	www.hegodev.com/tds/aietqu	77 B	2023-03-07	2024-04-24
Pretty URL www.hegodev.com/tds/aietqu IP 184.168.97.137 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:28 Last Seen2024-04-24 22:39:33 Times Seen931 Hash ff6c592795f4c4b7a66be5d8092cee9d 379d396226dd1d4d95e8c0e581b291e4a4c1d3f0 a1639d5a80b162ce20e1bb8d7057939dc7fd7145a870969dffccf3160a135352 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b4a6ad41270b7d57f63206a9d7d8eada	677 B	2023-03-07	2023-12-13
Pretty Observations First Seen2023-03-07 23:16:26 Last Seen2023-12-13 00:16:43 Times Seen17 Hash b4a6ad41270b7d57f63206a9d7d8eada b0eb27a0bc8d4d4ebca83a8092299c6c42c85f5a ccb5f3145aa8b1a909b8fff2fd5dcae30671628a1fc34f7ba72cb51e152773a0 Loading...

	#2 Eval - 4fdeb9bce08fc1262460319ff3c98ead	669 B	2023-03-08	2023-03-11
Pretty Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash 4fdeb9bce08fc1262460319ff3c98ead ff358afd9d250d209f28fa2594884ed2e1063ff5 2853a4833f813e7cc64c902ca1738bbe62edc7dfb62be6be46d1e0dd2514f9e7 Loading...

	#3 Eval - 662270f63f134e22df04a2ebe3d98cc0	8.0 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:35:03 Last Seen2023-03-08 03:35:03 Times Seen1 Hash 662270f63f134e22df04a2ebe3d98cc0 dcda9fa940f1d6bb167420020637a4adbd3a130a f40e174dc82f13b4bbf400ab4f567461391047b94e391d5959f2c330bf61277c Loading...

	#4 Eval - 8199e000155fc2758cf450dfed567345	8.1 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:35:03 Last Seen2023-03-08 03:35:03 Times Seen1 Hash 8199e000155fc2758cf450dfed567345 58dcf182786a1521a7c1531cfaa630ff430cdc58 cb67bd85ca80f5d2c92840eee1c82436d15b137a6cbd80a2e4bfae3adc32c7ac Loading...

HTTP Transactions (77)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5782
Expires: Thu, 29 Sep 2022 22:05:33 GMT
Date: Thu, 29 Sep 2022 20:29:11 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 20:15:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 90mZULkbQ8V9a0AYvA657rpK9bbgN60bm6O-BM7REcny8Gar8KtnAg==
Age: 796

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4XgGjvnWq4a4Ny3UFQJCTEgvg-umMPe9ubo0wd5k2rtciFHcGwN7xg==
age: 54044
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 19:29:33 GMT
Expires: Thu, 29 Sep 2022 19:46:28 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DFa6GW53D5vpps7NmgaQFnl-FhTof9sYUR0Wr7BaANUu5efKSa8rMA==
Age: 3579

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4064
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:12 GMT
Last-Modified: Thu, 29 Sep 2022 19:21:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.214.17.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.17.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uAtSKvPRLEjYzMjf9CDGIA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +gO87yGkwtiY3zAVWgYbRkVfK/g=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg

34.120.237.76

200 OK

4.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.1 kB (4093 bytes)
Hash
aed4d25286420a1405c3274931194002
c17c7bdfa4b40f9a0634da65c610869e5c410bf1
f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4093
x-amzn-requestid: 4275d743-8507-4fbe-83d1-cc0da2adef7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoPHCMIAMF7wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be34-5ddb717430e7b38e3ee53657;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H713oiiX6wslZytV_P5NblH5vT7KZ2fv1G3DLKLrH5nw0lHOquia4w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:48 GMT
etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1"
content-type: image/jpeg
age: 82106
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10023 bytes)
Hash
f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:43 GMT
age: 82111
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4235 bytes)
Hash
30471179bd7cdeecea2fa4ea98701aef
2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb
967e070aec3942c64cc6c4cfdc13d430825c9e5c26dbec5bb3d66237d5978dfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4235
x-amzn-requestid: 60825c64-7743-4b16-b80d-d1195ccb0f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK2nFsDoAMFRwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be90-1898e5d9111db7c843c1ebb4;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C-XC9qsktkENdI6lWZp5RQjeEvrrFMUfBq1mA5dxEjRq5tkfL5Jsxw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:46 GMT
age: 82108
etag: "2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14073 bytes)
Hash
11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gP4V4fq53Z5BFfjDlx1LCR9AhUPTq0qusBaOY_UEXjJjM6SByqDgXg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:41:45 GMT
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
age: 82049
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7859 bytes)
Hash
c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 07:36:34 GMT
age: 46360
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9654 bytes)
Hash
36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7277f59f-452d-4cb6-a76e-1561b4ff3de0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGW2REPzoAMFrww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326b5b-4f5d775830c95b065ce40d3f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:17:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jTiWrrcC29QaFlnaiNH_KmEaphRZhWyzf1JbWb6uL00D3vOMR7Wfyg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 03:28:09 GMT
age: 61265
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hegodev.com/tds/aietqu

184.168.97.137

301 Moved Permanently

1 B

URL HTTP/2
hegodev.com/tds/aietqu
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
data
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /tds/aietqu HTTP/1.1
Host: hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: 6ff_HTTP.404,6ff_HTTP.301
x-redirect-by: WordPress
location: https://www.hegodev.com/tds/aietqu
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Thu, 29 Sep 2022 20:29:12 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
15cc1791864e78e4f2d1219e1bc4e4af
4be1a8496350a8144ae81e10bfe413930628c41e
4fe223392c71727585b3e429b7042d076263242036179a1d5fcc812a3c6cee10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
86e0fe14ac54b7b9131a460fd65d73fd
49ec80657f4183e2ad7e906583b94cbf48a94809
9f30a1437666225f096d72763cf89a4e5ae9e5f501ffed4becc51b08c515cf6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
86e0fe14ac54b7b9131a460fd65d73fd
49ec80657f4183e2ad7e906583b94cbf48a94809
9f30a1437666225f096d72763cf89a4e5ae9e5f501ffed4becc51b08c515cf6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-154422125-1

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-154422125-1
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2039)
Size
42 kB (42377 bytes)
Hash
d567cef3f1849c1455aa1ab6688b4645
cd1de6ff06224f2735c2b4d8aa38beb8256ef303
6e7b91e20097a5000c9a54ce35541dfe5bf3624165e517c349eeb4eb0793344f

HTTP Headers

GET /gtag/js?id=UA-154422125-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 20:29:15 GMT
expires: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42377
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
6ac97060c75238244bfa94c6c6f63e40
9a640270fe62b82a8d971472f28a150e23f3a0c2
f7c0b8dc16c4a08e73772eadf8303a509768acf9d70f132c1c1db899534d4bab

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8eb56ca84ce38713c2575c9d5506eabe
294a9ea859390bfe5d73cf810eefae10bf0f2f5e
6e7141f2c597344a55bf1d3a3ca0b9f0bf02f32a6046b3bfa03b64048a1d7002

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hegodev.com/tds/aietqu

184.168.97.137

404 Not Found

15 kB

URL HTTP/2
www.hegodev.com/tds/aietqu
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39232), with CRLF, LF line terminators
Size
15 kB (14645 bytes)
Hash
be6c2f24b9bf882917331e8de48e00db
491fc7a226ab255a70c6444872c30b022c3c702a
fdcf59ed68d0371e1ca6e74904d574a865717b3373866a1761dad7b37c1a4375

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /tds/aietqu HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
x-powered-by: PHP/7.4.30
x-litespeed-tag: 6ff_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hegodev.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14645
content-type: text/html; charset=UTF-8
date: Thu, 29 Sep 2022 20:29:14 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2

184.168.97.137

200 OK

493 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
493 B (493 bytes)
Hash
34c447fc8b7747ca0cbb40fec67c28cb
5ef14f89ead8d0d496271cc4a0e482419fe4f667
bdb8e3868d4d8efd5135931edd978ed4f16111f110994ff161e44bd7c3d44467

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2862-767-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 493
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2

184.168.97.137

200 OK

774 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
774 B (774 bytes)
Hash
6e67560034ebfe1a21ca7838a79b3602
98c217a0786d8196f58ac0046e5572f765f50050
447874e04268e1cd9e1269a6df0d7e1a78fdde489d27c7f247052e59aed4c5b1

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2861-d15-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 774
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2

184.168.97.137

200 OK

2.0 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (9062), with no line terminators
Size
2.0 kB (1955 bytes)
Hash
5c569f4b806cef7bae156536de7a6bbe
e333c2951afcd43c3f67af65eec7798142f3b693
87dfa898fa648e03706e8fa4153e5cada9e2c6dc8954607b419d1aa21f3c55f7

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281c-2366-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1955
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2

184.168.97.137

200 OK

691 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (2414), with CRLF line terminators
Size
691 B (691 bytes)
Hash
70e97a82cb2bd23c0544142f7ec5e48f
99ce9a22208dc751c6dab5b3bfbe99a73a0ce01a
807b94feb5ee85ba59311b80b2e6a15dbcf06336949e10c5a28eae5d22bfbe9f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281f-9cd-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 691
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2

184.168.97.137

200 OK

1.4 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1023), with CRLF line terminators
Size
1.4 kB (1361 bytes)
Hash
73ee631a66b856896702d8f5992129ad
e2a34ecd904e4ae9de4583a545c2717334c385f7
e5f555322926d2339db8f05008e17b35b453350b8ac8c173542845a9b58f571d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa-business/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 15 Apr 2022 11:47:32 GMT
etag: "e3f67-df4-5dcaff9d452af-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1361
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0

184.168.97.137

200 OK

6.6 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (30429)
Size
6.6 kB (6581 bytes)
Hash
de7a7b0a7cefd6f77d360ab9819ce7c5
73ab1b9dbc0f89e39140965f7f6cc4edb723ff77
f085f338dd26cfc96e4b338ffe0a6b2fe8e4eb7477bfa14883646c08f6b49634

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e4836-777f-5ac8557aaea40-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 6581
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2

184.168.97.137

200 OK

12 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (59158), with CRLF line terminators
Size
12 kB (12405 bytes)
Hash
37a0cc3233ba8513c0996bf4220250fd
e15ddd5aab9ee220054be8d22178b37ce7862a0e
0c23d7e2429213ce557799efab8f3d55d175b6b40ebc650bd01f70bbf6d1c162

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2808-e7d4-5e4d4065d283a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 12405
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2

184.168.97.137

200 OK

11 kB

URL HTTP/2
www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (43771)
Size
11 kB (10912 bytes)
Hash
069a79d16ded6a02071f286cd2025c44
dd5970e01b8a10dadcf074f72a1c8095f25e947a
78261bccee805c6913bf7e23e2e25314f05f690300a77a40ca36e1e516b20203

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
etag: "125f63-15b64-5e2f99fa9e940-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10912
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

184.168.97.137

200 OK

628 B

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1626)
Size
628 B (628 bytes)
Hash
5b31f9f2f4e068d0932e615b4c1430d7
a84aad0dae77532f66a7777d67facca9a2e6ab6f
af3fdfe4f024a9ae6bad6e550e63a4636396208b9554a2eb5aa4f8a4de716d0e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
etag: "164a9e-71b-53a5d2030ec80-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 628
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8

184.168.97.137

200 OK

993 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
993 B (993 bytes)
Hash
0880979edd9517f9a7b7307495d2e853
9680cf285e27e869e1b90baaea045cc375e0a2c1
a25525fac97c4a6cb0c565349aeeae0f79b5bdedc77c88f7521e946bb7567924

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287a-17ab-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 993
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8

184.168.97.137

200 OK

1.1 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document, ASCII text, with very long lines (2639), with no line terminators
Size
1.1 kB (1132 bytes)
Hash
cb816e47ca3d13aad71248bbeabff91e
f2c86e70321390663f230239416c8b747f9c94f1
28ca5b93945b26543a79912da6b4651fdf0f1b7880f76f388c73e88f934c2113

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287f-a4f-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1132
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0

184.168.97.137

200 OK

3.0 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1577)
Size
3.0 kB (3018 bytes)
Hash
c42db5fc087004f61b1fd52f2fa6589a
d315714e57e1b83e3851a3261bcb6f3a8f8aedbd
47bec89c01cd4cc1e52ab92fcd1d1f50d73342d368064fd693a619e8072d4f93

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:38 GMT
etag: "105ac6-2e7a-5e4d403037d5f-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 3018
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2

184.168.97.137

200 OK

19 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (65319), with CRLF line terminators
Size
19 kB (18894 bytes)
Hash
a08b37e95872eb5945c89f729fe74d26
a4e542358e28aacc01fb2ca977feaf1567a35bc9
1210d07107cc6e06709991d7e78d50039183e90962f7e8a92744134a40a37878

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2811-2268e-5e4d4065d2c22-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 18894
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

184.168.97.137

200 OK

4.6 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (11126)
Size
4.6 kB (4641 bytes)
Hash
55050b24c45c4eb4288d37c787febc62
0e2e51876c68c377021c7ca922b671df43f40667
6f37b7fe435d863f1b2e3671ae9ccdab95189f4bfba860383e48cf2d1306467a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:05:35 GMT
etag: "164a9d-3602-5e942e0f8e243-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4641
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2

184.168.97.137

200 OK

23 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (1137)
Size
23 kB (22726 bytes)
Hash
951d728eb6833d22f9c81d65f0b86125
2eb36f396caa9da773c34cade2459e2b39d7153f
61703f377447272f82b6f36cbaaee9a0f31a037c64a6f4e9b803aafae34b6efc

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "12338a-2948d-5e4d4065d0ce2-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 22726
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8

184.168.97.137

200 OK

2.5 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (8320), with CRLF line terminators
Size
2.5 kB (2504 bytes)
Hash
f4d1dc17a8b538c2c3ea8ff13ea6d10b
a0bac998d0ac28f0e5b6a2993190daa435861724
2e2949f1f3b9db6036a9c9d97b431623572ce674e9944e44d2f2807061fcfe64

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287e-20e6-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2504
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2

142.250.74.10

200 OK

2.6 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
2.6 kB (2635 bytes)
Hash
0b52112ec18c1ce6030e6ef90732911c
9615d4d22b3b57f3efa6618b3ce470efc279472e
e7d3c4a343439d096bb344fcaf5e062b925450c8fd28d16a8c8f11643a0e3efe

HTTP Headers

GET /css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 20:29:15 GMT
date: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2

184.168.97.137

200 OK

1.7 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (5477)
Size
1.7 kB (1733 bytes)
Hash
b1ead9e078b8c6a5044a583ef6fbbd5e
577658f92d2657f1131a97b6f128dfdb50d21d1a
b337360f9345d0763a9394d9a2b032459e0fe6199bee2a4b76f2b8ca24d8b867

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/imagesloaded.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126622-15fd-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1733
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8

184.168.97.137

200 OK

1.6 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Size
1.6 kB (1636 bytes)
Hash
e74167fd14ae4f773d3afd5138ad81f2
9062953647b497a403cec22ad1ca2d31f76d96b2
b3539412526d3a6c6f18e32b9bcacb4274e51b44e876fb6ad9a02f8449c61c52

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2875-1537-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1636
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8

184.168.97.137

200 OK

338 B

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with CRLF line terminators
Size
338 B (338 bytes)
Hash
295d8e7be879e4b8f375f36a9ac45e07
616274653f472969eaa37880ce42db18be993aae
ace732d52491f3fafa3b95770ce6e10b0ef7ce9c87ea178cb8f75927b2379417

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2876-2cc-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 338
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2

184.168.97.137

200 OK

4.6 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (15660)
Size
4.6 kB (4614 bytes)
Hash
a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "126637-48b9-5dc6eb878efc0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670

184.168.97.137

200 OK

4.7 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (12498), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
178e76046eb0e7272c90d4c8f5c6a582
0f6b3d54c1630ac1fe511a9de4dc6963c0f66c0c
4c78ef5db663c8ceb5185f1ed58195e871afd4f036eb89a83776f8851ad79c2b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:33 GMT
etag: "1059d1-30d2-5e4d402ba7d82-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4706
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

184.168.97.137

200 OK

31 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (62845)
Size
31 kB (30937 bytes)
Hash
7e34be448eebf21b9ab8cfcd8fde9504
a4e968811822f988b09ad62e4701286a6fad2e75
7893733ef7a787b4d182abf64a9fc6cbc40c9cced8b203dca707d4d09bc8bd6f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 13:07:21 GMT
etag: "164aa5-167db-5e943bde0430c-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 30937
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2

142.250.74.163

200 OK

11 kB

URL HTTP/2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10840, version 1.0\012- data
Size
11 kB (10840 bytes)
Hash
1dfdc31ff2064daaaf92877a90bed3b8
a538ee943a4cc54748827e91b91fb5932d3fde50
f5346003928ce35756d754b207e777261fc6b226caf252f5c07e302a3ed2accd

HTTP Headers

GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 10:56:22 GMT
expires: Thu, 28 Sep 2023 10:56:22 GMT
cache-control: public, max-age=31536000
age: 120775
last-modified: Tue, 19 Apr 2022 18:13:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2

142.250.74.163

200 OK

11 kB

URL HTTP/2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 10808, version 1.0\012- data
Size
11 kB (10808 bytes)
Hash
813e62d2193672e925a80aa9c4a85696
248768195074f87fd8bee6b45e87ab265d4ce7f1
2a257de7d16cbc56379bbeba00afc1533e9aee044331ef5d618ec6db47ba103c

HTTP Headers

GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 07:13:35 GMT
expires: Fri, 29 Sep 2023 07:13:35 GMT
cache-control: public, max-age=31536000
age: 47742
last-modified: Tue, 19 Apr 2022 18:08:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 440872
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2

184.168.97.137

200 OK

7.1 kB

URL HTTP/2
www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (23966)
Size
7.1 kB (7130 bytes)
Hash
b15709b26cbed268be463aeb7221d12d
8ece754f196cdbace087ee39d77784626f1bac9a
381c481a826838b8eadc28c8290f1928bea7edb660da92dfc08dd6bdf2d37122

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126636-5e4a-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 7130
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8

184.168.97.137

200 OK

10 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (42862), with CRLF line terminators
Size
10 kB (10104 bytes)
Hash
73b81ca4bccda384885bffd32b65d8e8
f66055b3dbf1ede1f0c2fa56a888981c3961bfe6
668d4731db28264dbce69d3dd601d722b0dcb1c785e8b2e8a58d81f1cfba00d6

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e286a-a770-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10104
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8

184.168.97.137

200 OK

14 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (50758), with CRLF line terminators
Size
14 kB (13455 bytes)
Hash
0ee8c174de1686d6078ac63eda46404e
cc0de71ae4dde2bf22a32776e517d80777f204ad
53c30939a24897a873222ecebb9228316342f1b96bdd5849f9bcf847b707fa45

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2815-c765-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 13455
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg

184.168.97.137

200 OK

30 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 360x203, components 3\012- data
Size
30 kB (29594 bytes)
Hash
624934584c27faf93df0f15f1ab5f7c3
ecd3df25050330a2ce11d4e1f7e8e22b2229eb95
29d4c1b20b4ed7a5c8e399e46879567e0f31f7b75205dd6355cc455382b14aa1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/images/bosa-360-200.jpg HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e282f-739a-5e4d4065d33f2"
accept-ranges: bytes
content-length: 29594
content-type: image/jpeg
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2

184.168.97.137

200 OK

80 kB

URL HTTP/2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Size
80 kB (80252 bytes)
Hash
9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f7-1397c-5e4d4065d206a"
accept-ranges: bytes
content-length: 80252
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png

184.168.97.137

200 OK

6.6 kB

URL HTTP/2
www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
PNG image data, 135 x 74, 8-bit/color RGBA, non-interlaced\012- data
Size
6.6 kB (6638 bytes)
Hash
d00f913aa1e1765eb74ed5d4956150c2
ef2e07c16e3925f1ff81abeb19f0a78aeca57f3c
ee599d1ea592c3f277f3490e3e235f0f651ece900b0115c0ccf59ce26eb410e3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2020/09/cropped-image-1.png HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 May 2021 09:07:54 GMT
etag: "105cc7-19ee-5c24694418095"
accept-ranges: bytes
content-length: 6638
content-type: image/png
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2

www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0

184.168.97.137

200 OK

98 kB

URL HTTP/2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
IP
184.168.97.137:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Size
98 kB (98024 bytes)
Hash
fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:28 GMT
etag: "e483e-17ee8-5ac8557d8b100"
accept-ranges: bytes
content-length: 98024
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2

away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46

91.211.91.104

302 Found

0 B

URL HTTP/2
away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /hit.php?a=1311&b=334-1166-567334-46 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29

91.211.91.104

302 Found

0 B

URL HTTP/2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29

91.211.91.104

200 OK

816 B

URL HTTP/2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
816 B (816 bytes)
Hash
6bac0faa39c53c5cd2957f588b23c83f
6ae5c29908a38628e133d0f2aa7865ee052d1564
4f8ba92935c40b31f61ae2d3edb3a4fa7842716beac9e7d5be0a1deae887b586

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 816
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9e78811da7e103e73261ab022d74a10b
8efd6d841ef786645cd5a0fcf2676fb9e8c6397e
1a763759c4e128a6bac5bacb72e88d4d21f5650bd9196ae87618e1247f3bcd98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A763759C4E128A6BAC5BACB72E88D4D21F5650BD9196AE87618E1247F3BCD98"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11163
Expires: Thu, 29 Sep 2022 23:35:22 GMT
Date: Thu, 29 Sep 2022 20:29:19 GMT
Connection: keep-alive

silverlinetogther.com/b81698fd2.js

185.177.94.152

200 OK

54 B

URL HTTP/2
silverlinetogther.com/b81698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
54 B (54 bytes)
Hash
30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /b81698fd2.js HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

silverlinetogther.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
silverlinetogther.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4f61aae79fa723a918640005c6f5ec7e
04398234e882ee3527db3c3d8f6e483985c32166
9a5421ec3b32a2aff8941b90f245de9d5d711e9afb2e7d15778382a8c7fb433a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A5421EC3B32A2AFF8941B90F245DE9D5D711E9AFB2E7D15778382A8C7FB433A"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=746
Expires: Thu, 29 Sep 2022 20:41:45 GMT
Date: Thu, 29 Sep 2022 20:29:19 GMT
Connection: keep-alive

0.silverlinetogther.com/b81698fd2.js

185.177.94.152

200 OK

54 B

URL HTTP/2
0.silverlinetogther.com/b81698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
54 B (54 bytes)
Hash
30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /b81698fd2.js HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

0.silverlinetogther.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
0.silverlinetogther.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62cdb0c97e2d0c0773060ebfcb960643
3d2aea9c5c6fba5b72766c72c123b6ecdf52eb9d
3bb477d2001857f82ab93b324cd45051e87ef77d3a0f8541dc074a64e1133de9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BB477D2001857F82AB93B324CD45051E87EF77D3A0F8541DC074A64E1133DE9"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14374
Expires: Fri, 30 Sep 2022 00:28:54 GMT
Date: Thu, 29 Sep 2022 20:29:20 GMT
Connection: keep-alive

0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5

185.177.94.152

200 OK

13 kB

URL HTTP/2
0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7729)
Size
13 kB (13379 bytes)
Hash
20e91992de1ce515b39e3fc4ac601907
1aa6bf8bb697c011d07b2daf1b5d8eb461bb7907
8f8abac303fea9d16625ac1d432b7e3c2078d3b7346cefd5cc1463bfc6d605f9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5 HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; expires=Sat, 29-Oct-2022 20:29:20 GMT; Max-Age=2592000; path=/; domain=0.silverlinetogther.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5

185.177.94.152

200 OK

0 B

URL HTTP/2
silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /go/he2tszrzmq5dcmbugayq?sub2=dpicer5 HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; expires=Sat, 29-Oct-2022 20:29:19 GMT; Max-Age=2592000; path=/; domain=silverlinetogther.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

cdn.weatherplllatform.com/events.js?v=2.141

91.211.91.114

200 OK

0 B

URL HTTP/2
cdn.weatherplllatform.com/events.js?v=2.141
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

browork3er.cc/sw/bro.js

51.15.16.150

200 OK

0 B

URL HTTP/2
browork3er.cc/sw/bro.js
IP
51.15.16.150:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Fri, 29 Sep 2023 20:29:19 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 20:29:15 GMT
date: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations