| 185.95.84.78/rd/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 | 185.95.84.78 | | 235 B |
URL 185.95.84.78/rd/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 IP185.95.84.78:0 ASN#51559 Netinternet Bilisim Teknolojileri AS
File typeHTML document, ASCII text Hash41735c0e24be1e5bd89c1f6531207494 9eae1bfa3b43e52c21e87fabcd63a4c2a3e55554 a594b117bc9c64745935f48b866c3caa70cded9c35ee02841a28277f3e75ffe3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rd/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 499
X-Ratelimit-Reset: 1714041933
Date: Thu, 25 Apr 2024 09:45:33 GMT
Content-Length: 235
|
|
| 185.95.84.78/t/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 | 185.95.84.78 | | 182 B |
URL 185.95.84.78/t/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 IP185.95.84.78:0 ASN#51559 Netinternet Bilisim Teknolojileri AS
File typeJavaScript source, ASCII text Hashe06b4be56d710c6d17e246b065a39489 1833dfbd311276ee8b865d98fda7d497a77917a9 b3b13b0f84ac00011263aa2764ff4754b18a6bc422a63c45e8d22580fe253b4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /t/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9 HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.95.84.78/rd/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 498
X-Ratelimit-Reset: 1714041933
Date: Thu, 25 Apr 2024 09:45:33 GMT
Content-Length: 182
|
|
| 185.95.84.78/favicon.ico | 185.95.84.78 | 404 Not Found | 0 B |
IP185.95.84.78:80 ASN#51559 Netinternet Bilisim Teknolojileri AS
Requested byhttp://185.95.84.78/news?q=This%20link%20is%20locked!
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.95.84.78/t/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 497
X-Ratelimit-Reset: 1714041933
Date: Thu, 25 Apr 2024 09:45:34 GMT
Content-Length: 0
|
|
| 185.95.84.78/news?q=This%20link%20is%20locked! | 185.95.84.78 | | 3.2 kB |
URL User Request GET 185.95.84.78/news?q=This%20link%20is%20locked! IP185.95.84.78:0 ASN#51559 Netinternet Bilisim Teknolojileri AS
File typeHTML document, ASCII text Hashc2c2f06d6cb56950ed43c02a6812472e 78c077d65e297f3e62f92c28dd482ec5ba5cb562 eb55365503631634305f846b4394cfb0890da7307571dcb63e4f109c0e038f41
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /news?q=This%20link%20is%20locked! HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://185.95.84.78/t/4KVACg11243Lhfp184vhulzxbkyh3828DDUZHVBIZDCGHKS109BZBA2206V9
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 496
X-Ratelimit-Reset: 1714041933
Date: Thu, 25 Apr 2024 09:45:35 GMT
Transfer-Encoding: chunked
|
|
| feeds.foxnews.com/foxnews/world | 151.101.130.132 | 301 Moved Permanently | 0 B |
URL GET HTTP/2feeds.foxnews.com/foxnews/world IP151.101.130.132:443
Requested byhttp://185.95.84.78/news?q=This%20link%20is%20locked! CertificateIssuerLet's Encrypt Subject*.foxnews.com FingerprintBC:A6:C4:45:B6:50:28:54:62:5F:42:C0:C4:BC:61:D1:08:00:31:26 ValiditySat, 23 Mar 2024 06:26:40 GMT - Fri, 21 Jun 2024 06:26:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /foxnews/world HTTP/1.1
Host: feeds.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://185.95.84.78/
Origin: http://185.95.84.78
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
retry-after: 0
location: https://moxie.foxnews.com/google-publisher/world.xml
accept-ranges: bytes
date: Thu, 25 Apr 2024 09:45:35 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1714038335.498083,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,POST,OPTIONS
access-control-allow-headers: *
access-control-allow-credentials: false
access-control-max-age: 86400
access-control-expose-headers: etag
content-length: 0
X-Firefox-Spdy: h2
|
|
| moxie.foxnews.com/google-publisher/world.xml | 23.54.10.150 | 200 OK | 40 kB |
URL GET HTTP/2moxie.foxnews.com/google-publisher/world.xml IP23.54.10.150:443
Requested byhttp://185.95.84.78/news?q=This%20link%20is%20locked! CertificateIssuerDigiCert Inc Subjectwildcard.foxnews.com Fingerprint8A:20:02:0B:DD:67:E8:E2:81:25:54:A2:55:A2:C1:69:FC:C4:75:4B ValidityMon, 15 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File typeXML 1.0 document, Unicode text, UTF-8 text, with very long lines (6145) Hashee6b409a018062c2103bedae5a4289a7 40d533bdc50d0cb4cecde0a6ccef44a91f7c0cdc 08d70dd71fcfdbb7c054ed56c6bbb0b17d87b2a264d6ae8a95824d25b9d8adf3
GET /google-publisher/world.xml HTTP/1.1
Host: moxie.foxnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://185.95.84.78/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 40391
x-amzn-trace-id: Root=1-6629b6af-6f3fe01409d9d68b4051cb12;Parent=75f0a6c8bfacf9ee;Sampled=0;lineage=c27b69c6:0
moxie-uptime: 190.82ms
x-robots-tag: noindex, nofollow
moxie-version: 1.0
x-amzn-requestid: 0493ebe9-5769-46eb-bea9-ac84c4e769bf
x-amz-cf-id: td29Zqur_pW-KXeP_izOhHvD0rf0IpXGf9LWzApFKvgG3YbOSVW3-A==
etag: ee6b409a018062c2103bedae5a4289a7
content-type: text/xml;charset=utf-8
x-amz-cf-pop: IAD55-P5
x-amz-apigw-id: Wwl7fGBcIAMEmBg=
content-encoding: gzip
x-debug-path: /prod/fn/google-publisher/world.xml
x-origin: prod_moxie
accept-ranges: bytes
x-served-by: cache-iad-kiad7000170-IAD, cache-iad-kiad7000170-IAD, cache-bma1682-BMA
x-cache-hits: 0, 3, 1
x-timer: S1714038052.900918,VS0,VE1
cache-control: must-revalidate, max-age=1
expires: Thu, 25 Apr 2024 09:45:36 GMT
date: Thu, 25 Apr 2024 09:45:35 GMT
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
x-forwarded-host: moxie.foxnews.com
X-Firefox-Spdy: h2
|
|
| 185.95.84.78/favicon.ico | 185.95.84.78 | 404 Not Found | 0 B |
IP185.95.84.78:80 ASN#51559 Netinternet Bilisim Teknolojileri AS
Requested byhttp://185.95.84.78/news?q=This%20link%20is%20locked!
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 185.95.84.78
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.95.84.78/news?q=This%20link%20is%20locked!
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 495
X-Ratelimit-Reset: 1714041933
Date: Thu, 25 Apr 2024 09:45:35 GMT
Content-Length: 0
|
|