Report - andrewrussell.autos/perpetuum/zero/?blue=socks

Report Overview

Visited public
2023-12-04 23:58:58
Tags
fake_software scam
URL
andrewrussell.autos/perpetuum/zero/?blue=socks
Finishing URL
andrewrussell.autos/perpetuum/zero/?blue=socks
IP / ASN
146.190.112.14
#0
Title
Security Center Code 0x5611z8 Service
Scam - Fake AntiVirus / Security software

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
andrewrussell.autos	unknown	2023-11-26	2023-11-27 12:17:43	2023-11-27 12:17:43	15 kB	1.7 MB	146.190.112.14
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-04 06:26:24	1.7 kB	148 kB	216.58.207.227
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-12-04 06:43:52	558 B	68 kB	104.18.10.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-04 06:42:16	543 B	36 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	andrewrussell.autos/perpetuum/zero/Nm7nM7AQ.js	ScriptElement	245 B	2023-03-07	2025-04-30
Pretty URL andrewrussell.autos/perpetuum/zero/Nm7nM7AQ.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-30 14:41 Times Seen997 Hash 62f519fe72808a3ec681392b7ff47417 2ee16112e35feb9d6d48ae0f4e66187514dec811 43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	947 B	2023-03-07	2025-04-30
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-30 14:41 Times Seen943 Hash bdef85124f57f822d19cfa00f81b963b a3340b3288e6c3544fd013ed4a664b85f53d88d2 26f081811536ae9cf31db110acd4a319f399de9bad0e354ce20299685b3561cf Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	354 B	2024-08-20	2024-08-20
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash b5862ad9264450012eec655e05427280 92f9c47e65db661b395339939f22e1871c070a7b 6a7478aa0c048f85ac8d8bce6615bb0250f869cef23035fe9c48b6e01677659d Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	440 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-10 12:38 Times Seen603 Hash 00fadc8947f0dbbdeae061e8fd0b1921 d8969451c66ff82ad37e7cc56a9da4d63259df8e b5c7cb0438303e8d088cc38f3a241829f76813cc14e0fcfb2c797a0c62e1ca24 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	3.9 kB	2023-03-07	2025-04-17
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 15:44 Times Seen670 Hash 3139f7d4c337fc7ea46b9a9730008e52 4938996f8712f57facebb2d5ed622a49c0ea95f0 4c66d3873787387414ffa9fe6a26555cfcf4e8dc271f32c8291390d10bc35974 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	499 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-04-10 12:48 Times Seen123 Hash 0652f8a2ba8a4021ad96171ab02b7cb5 82c577c4765f626b889ba05b43e92fff99b955f2 dc5b62951dbcf2dd9abef8bfbfbf9a2b7dd1b14e674d5c40c783963919a50f53 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	146 B	2023-03-07	2025-04-30
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-30 14:41 Times Seen967 Hash 01c7c3ae0abdb0272bf7bd209dbb84b2 bf44fb29c253e6790a29c47d3aba9e316a35b8b2 b63a8c8faf6e973bdbe4b87efdaf0bdb4fac88eebd573eba529d75467e4e0a0c Loading...

	andrewrussell.autos/perpetuum/zero/cjoWArgu.js	ScriptElement	86 kB	2023-03-07	2025-05-10
Pretty URL andrewrussell.autos/perpetuum/zero/cjoWArgu.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 10:37 Times Seen173981 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	andrewrussell.autos/perpetuum/zero/D7BmAVWI.js	ScriptElement	11 kB	2023-03-07	2025-05-10
Pretty URL andrewrussell.autos/perpetuum/zero/D7BmAVWI.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 03:39 Times Seen2470 Hash 65f1d21d5fcc9d21da758adababd0c3c e0661d07d64c00008bc9d013d16eec0a0f156dc7 d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	268 B	2023-03-07	2025-04-30
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-30 14:41 Times Seen940 Hash f79dd5e30c3ffc1f47cb576925817390 f1e0088b7aaed01974807ca980dc7310bc73bee2 c091a178652a39bea6ffed82b2517edf4046b3fbf84cf1a754b29861d95af80f Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	755 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-10 12:38 Times Seen637 Hash 4e2f05b574fedaf91f2512387645cc58 ea0cf59a0337bae5fab7ef33718cb5743475b774 a72cb2c772959b2af05bb5fa7aa8c44fb1c3fb2645180874f6758b761307890a Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	86 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-10 12:38 Times Seen640 Hash c29ebcb02d59af397a5eec3b649acf42 900496a5912defe85a3a8fcf77bb4526f9bec22c 56bc284830b8a74f516c857972a0b2d2c8d288b29e9871e5df3c7fe421f3ef0d Loading...

	andrewrussell.autos/perpetuum/zero/bEqN54Se.js	ScriptElement	84 kB	2023-03-07	2025-05-10
Pretty URL andrewrussell.autos/perpetuum/zero/bEqN54Se.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 00:33 Times Seen2435 Hash f81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b Loading...

	andrewrussell.autos/perpetuum/zero/lqeXW1oD.js	ScriptElement	1.6 kB	2024-08-20	2024-08-20
Pretty URL andrewrussell.autos/perpetuum/zero/lqeXW1oD.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash 69aff05072d1705b855111ad724b41d3 f4ff6ff3d66659ed9f56f3039f30a878d49c9895 694383b94ccaa21a16d9994e2eca7e53f9a40dda225820d83aecc41ae751ef81 Loading...

	andrewrussell.autos/perpetuum/zero/raxD3uev.js	ScriptElement	503 B	2023-03-07	2025-05-09
Pretty URL andrewrussell.autos/perpetuum/zero/raxD3uev.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 00:49 Times Seen4264 Hash cd6c33fbc221d0271c910af910e6ebed 9b52f24d6f10b885bb19db1c4b531469f96d2914 318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	123 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-04-10 12:38 Times Seen120 Hash 40efd9b9bb144163927d4cebbb652483 955b56682591b523e57580c4224c75efb0938b63 8dc7ba0961a7319845cbbeb789ecb7a43abbcd91d6a9f6c06435b9aa6563d67a Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	394 B	2023-03-07	2025-04-10
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-04-10 12:38 Times Seen120 Hash 8bb82b9303ec3b7d41e33d0dfb85a487 7d95cdc6b3af127c5a3c2e3b009df3408a3b9c0d 44ef42b30d768361bab9f38af6a828f7e368248d236e93248a0f9afa5da8519c Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	140 B	2023-03-07	2025-04-17
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-04-17 15:44 Times Seen223 Hash b61b8e3d409bb003a4b67343fec90125 57f046a023b28f873dd434928edbda24ab6642a9 929cf4f40de951d3cf3f582220c25a7eb0080ef5810adcf1a7f7e01569d1bf81 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	145 B	2023-03-07	2025-04-17
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-04-17 15:44 Times Seen223 Hash 4bebc37ed90f1ede923a6070f9d968cf c5ebfcf479b5dc0cae5d165dd3c95d6adf48e209 ac3b64e73a9d42ca79d6ebe334d8a7ba0262a7dc50774cd0ab8fc4e4533734a6 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	155 B	2023-03-07	2025-05-07
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-05-07 22:24 Times Seen237 Hash 2987190b25a4d21711ac736d3be85de3 1a2619f15cf20b29765fb21f3564a2dd6a2cfb60 ef2c1fa8c0e307244f3f62dae3cfa6a99253950cbe59b11a287b617705a173b7 Loading...

	unknown	EventHandler	19 B	2023-04-10	2025-05-09
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 16:23 Last Seen2025-05-09 00:49 Times Seen7862 Hash 57381d43f260aa3b8c47820ca38655a3 8d087b53d91f8e3ff0def7d1d94a6dada72fac79 35b90e4b54b87ed6cd2b439eac195f9eb59e731e17248c95fb1e26e15d61f943 Loading...

	andrewrussell.autos/perpetuum/zero/TPdk8e9x.js	ScriptElement	366 B	2023-03-07	2025-04-30
Pretty URL andrewrussell.autos/perpetuum/zero/TPdk8e9x.js IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-30 14:41 Times Seen1023 Hash 87c2dc3aeb373ca8445f7410ef387689 688f4be3cfb8688b4441f382724495a7b82b3f62 31681779c6f394370dad146169896e9ec2b8f7c716c4b1db78c459033e48bf95 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	145 B	2023-03-07	2025-05-07
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-05-07 22:24 Times Seen237 Hash a279ee8f51bd8ad54a6dfbd6d875617f 1f0910115a6c98856b6410142f9e6e5140da9f5f 410035f51da981031a422a8ff8afd624db1077a2374d876d08375f99aa5f08f2 Loading...

	andrewrussell.autos/perpetuum/zero/?blue=socks	ScriptElement	165 B	2023-03-07	2025-04-17
Pretty URL andrewrussell.autos/perpetuum/zero/?blue=socks IP 146.190.112.14 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 15:44 Times Seen282 Hash 1b679d8e5015e417fba4768487a9a820 1f068e74c440ef374c2eb6d19f42ba7f237fb64e 713bce5989ca2e8043931eb733ae37b3bcd5980332b8bc09780734513cb5e654 Loading...

HTTP Transactions (33)

URL IP Response Size

andrewrussell.autos/perpetuum/zero/Nm7nM7AQ.js

146.190.112.14

200 OK

245 B

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/Nm7nM7AQ.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with CRLF line terminators
Size
245 B (245 bytes)
Hash
62f519fe72808a3ec681392b7ff47417
2ee16112e35feb9d6d48ae0f4e66187514dec811
43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/Nm7nM7AQ.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
content-length: 245
last-modified: Sun, 26 Nov 2023 23:11:53 GMT
etag: "6563d0b9-f5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/4jrCECvL.css

146.190.112.14

200 OK

52 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/4jrCECvL.css
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
gzip compressed data, from Unix\012- data
Size
52 kB (52414 bytes)
Hash
783d5fe3be7992188b14aa803482ca7e
081786fe0c2c6ba6c1e668b34389aad3d101a507
cd74d877e0feb9b568b1a2b76300c5b9be7b7938e6a0dc4d36704a51e65c5bbd

HTTP Headers

GET /perpetuum/zero/4jrCECvL.css HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: text/css
last-modified: Sun, 26 Nov 2023 23:11:55 GMT
vary: Accept-Encoding
etag: W/"6563d0bb-51bb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/nYr9DBwG.png

146.190.112.14

200 OK

1.4 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/nYr9DBwG.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 148 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1443 bytes)
Hash
5bfbcd30ce3355f8de3fb0536de70715
51fd9c511bc0d2e0e3fb23955575eacd94d5b9e5
dfcc16fd49167f62d2acb07ed991fb0535f5ca863c5c15cfa20cfd76c1b1cfbe

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/nYr9DBwG.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 1443
last-modified: Sun, 26 Nov 2023 23:11:58 GMT
etag: "6563d0be-5a3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/HwDhIseu.png

146.190.112.14

200 OK

1.0 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/HwDhIseu.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1045 bytes)
Hash
bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/HwDhIseu.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 1045
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
etag: "6563d0ba-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/0w3EOf21.png

146.190.112.14

200 OK

364 B

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/0w3EOf21.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/0w3EOf21.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 364
last-modified: Sun, 26 Nov 2023 23:11:55 GMT
etag: "6563d0bb-16c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/S72byNB1.png

146.190.112.14

200 OK

349 B

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/S72byNB1.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size
349 B (349 bytes)
Hash
7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/S72byNB1.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 349
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
etag: "6563d0ba-15d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/E4gcOJQq.png

146.190.112.14

200 OK

26 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/E4gcOJQq.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (25871 bytes)
Hash
2c497dfff84bd8c5af9254c9d6278ce1
667e72e7ba6f00a54629e28133317022d4b59af6
b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/E4gcOJQq.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 25871
last-modified: Sun, 26 Nov 2023 23:11:56 GMT
etag: "6563d0bc-650f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/zOqMcNqo.png

146.190.112.14

200 OK

1.1 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/zOqMcNqo.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1108 bytes)
Hash
a3555871399f1f67bfacaf437974b03a
b6337de87cd7a75a73cd804774651d14c83fe76a
2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/zOqMcNqo.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 1108
last-modified: Sun, 26 Nov 2023 23:11:56 GMT
etag: "6563d0bc-454"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/Zh402oDQ.png

146.190.112.14

200 OK

4.9 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/Zh402oDQ.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4949 bytes)
Hash
cc5132b56ba46b03dd998aa1fe220106
403e007a0b17d76a9945fa5ec46a9d01733b3040
598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/Zh402oDQ.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 4949
last-modified: Sun, 26 Nov 2023 23:11:58 GMT
etag: "6563d0be-1355"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/iWaTOJAh.png

146.190.112.14

200 OK

3.8 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/iWaTOJAh.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3834 bytes)
Hash
77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/iWaTOJAh.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 3834
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
etag: "6563d0ba-efa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/6PijBPcq.png

146.190.112.14

200 OK

8.4 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/6PijBPcq.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
8.4 kB (8350 bytes)
Hash
0139bc5bdf466894ec687696e2dc65cd
5c0a326bfbd3ca27e73d36d8ea3fdfd8f8c53b1b
13ee09efef992ec899ca28dea08d00886fce5e8b3ad6c19e6c753a899bcfdaea

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/6PijBPcq.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 8350
last-modified: Sun, 26 Nov 2023 23:11:58 GMT
etag: "6563d0be-209e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/UT1UbTZa.png

146.190.112.14

200 OK

18 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/UT1UbTZa.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17558 bytes)
Hash
6e3d6800eef9cff4b94abc025255eb2b
7d606044af2f4fb7f10cad9e88a3e0647c0f2b38
b2901f408265c7a9d8d5cfe0c8865e27289949848862945f8a3eda85898100be

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/UT1UbTZa.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 17558
last-modified: Sun, 26 Nov 2023 23:11:57 GMT
etag: "6563d0bd-4496"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/D7BmAVWI.js

146.190.112.14

200 OK

53 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/D7BmAVWI.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
gzip compressed data, from Unix\012- data
Size
53 kB (52943 bytes)
Hash
dfceda51b5c82a6957d7b2991d054936
c1db1f7cbdf6b2e5ae25e576fac75ea7c2c1e892
1204e44b5f4bf6e11cf1743ab0fcffd755f2aa87ac98d5b1ca2ca69898ff853f

HTTP Headers

GET /perpetuum/zero/D7BmAVWI.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:58 GMT
vary: Accept-Encoding
etag: W/"6563d0be-2b4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/Dn6ZXhkd.mp3

146.190.112.14

206 Partial Content

8.7 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/Dn6ZXhkd.mp3
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo\012- data
Size
8.7 kB (8650 bytes)
Hash
591a90571498a046b979043a88a574b8
220b4a0f8a226ae4edb4b927f1da1e7e503c5621
e5cf7987f8eda377da9ce7bb1aed3144eccc244cac88c225d3c3d2f7a1226494

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/Dn6ZXhkd.mp3 HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Mon, 04 Dec 2023 23:58:41 GMT
content-type: audio/mpeg
content-length: 8650
last-modified: Sun, 26 Nov 2023 23:11:56 GMT
etag: "6563d0bc-21ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-range: bytes 0-8649/8650
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/raxD3uev.js

146.190.112.14

200 OK

201 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/raxD3uev.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
gzip compressed data, from Unix\012- data
Size
201 kB (201080 bytes)
Hash
35269252f3af4d840f85a8159e87d113
83623e34d497509d1bcac2879e556c4e20ea7e21
e48ec97895dde7c201b7c49feb634ddd43f705b5b15c1cbb1f828a174b2d813d

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/raxD3uev.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:55 GMT
vary: Accept-Encoding
etag: W/"6563d0bb-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/BgDjOizJ.png

146.190.112.14

200 OK

229 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/BgDjOizJ.png
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
PNG image data, 1920 x 1126, 8-bit colormap, non-interlaced\012- data
Size
229 kB (228699 bytes)
Hash
a2d12c57680a1afe4db571924393de06
ab5366977ef499046980c840df9851059e4ce5c0
0d3d36645ffc457b43e604a6e0e0dfde2b9d7eef5cbe9e179b2d30a05483ae2b

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/BgDjOizJ.png HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/png
content-length: 228699
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
etag: "6563d0ba-37d5b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/IqfLwRAn.jpg

146.190.112.14

200 OK

367 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/IqfLwRAn.jpg
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2022:08:26 11:44:30], baseline, precision 8, 1920x1051, components 3\012- data
Size
367 kB (366853 bytes)
Hash
dd6f5df6c78a7369fe8ceb7c0f70dd50
d664e27e8c2b8154f9b31e2dcda0b21e3e4935ba
40dd8a184408b9c6f376673ffd39c74611f4ef9ff0a1daa8b3760015d801883d

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/IqfLwRAn.jpg HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: image/jpeg
content-length: 366853
last-modified: Sun, 26 Nov 2023 23:11:58 GMT
etag: "6563d0be-59905"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

andrewrussell.autos/favicon.ico

146.190.112.14

404 Not Found

146 B

URL GET HTTP/2
andrewrussell.autos/favicon.ico
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 04 Dec 2023 23:58:41 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://andrewrussell.autos
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:58 GMT
expires: Fri, 29 Nov 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 413864
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://andrewrussell.autos
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:58 GMT
expires: Fri, 29 Nov 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 413865
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

104.18.10.207

200 OK

67 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://andrewrussell.autos
DNT: 1
Connection: keep-alive
Referer: https://andrewrussell.autos/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:58:43 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 10/31/2023 18:48:08
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: ca888f6a76968cea870e64264de00be2
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8307ffc19dcdb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://andrewrussell.autos
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:58 GMT
expires: Fri, 29 Nov 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 413865
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

andrewrussell.autos/perpetuum/zero/TPdk8e9x.js

146.190.112.14

200 OK

366 B

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/TPdk8e9x.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (380), with no line terminators
Size
366 B (366 bytes)
Hash
30ab0fccfb4c857f608e51c255c26796
5923f53a21825d79b436e2c98e6ab53068370ad3
92e7f01957ef9660eb84aa2d821d4fff017b66659f7a74b900fad60053a1c88c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/TPdk8e9x.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:57 GMT
vary: Accept-Encoding
etag: W/"6563d0bd-16e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/MzqCccxr.mp3

146.190.112.14

206 Partial Content

66 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/MzqCccxr.mp3
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural\012- data
Size
66 kB (65536 bytes)
Hash
2acf6187ae365a8babd3ecebf9507d73
4ad6a7051fd76afcf6ea6507bb9883df0241514f
2668f591bf000e7eb4d83275b5e5a47e5f494cb95eee5a538115213fa5937e8a

HTTP Headers

GET /perpetuum/zero/MzqCccxr.mp3 HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
server: nginx
date: Mon, 04 Dec 2023 23:58:41 GMT
content-type: audio/mpeg
content-length: 200832
last-modified: Sun, 26 Nov 2023 23:11:55 GMT
etag: "6563d0bb-31080"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-range: bytes 0-200831/200832
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/?blue=socks

146.190.112.14

200 OK

38 kB

URL User Request GET HTTP/2
andrewrussell.autos/perpetuum/zero/?blue=socks
IP
146.190.112.14:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Size
38 kB (38177 bytes)
Hash
3b6cb54658abda139a8b7bcb66ce9720
07cabe0ed18ad5c16d26b03dfa9ad336f1a08669
2ee638ed5679234bb6a1092bbdeb73b05183547f8745aa5fa39fcfe16bfc30d6

HTTP Headers

GET /perpetuum/zero/?blue=socks HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: FirstTimer=1; expires=Wed, 03 Jan 2024 23:58:39 GMT; Max-Age=2592000; path=/
phone=855-575-1968; expires=Wed, 03 Jan 2024 23:58:39 GMT; Max-Age=2592000; path=/
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer-when-downgrade
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/MzqCccxr.mp3

146.190.112.14

206 Partial Content

201 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/MzqCccxr.mp3
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural\012- data
Size
201 kB (200832 bytes)
Hash
0116152611dd51432e852781f8cc7e82
2408d3d281b25649894f78a4e19f7f8a8ac735f9
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/MzqCccxr.mp3 HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: audio/mpeg
content-length: 200832
last-modified: Sun, 26 Nov 2023 23:11:55 GMT
etag: "6563d0bb-31080"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-range: bytes 0-200831/200832
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

142.250.74.106

200 OK

35 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
35 kB (35274 bytes)
Hash
19602f1f4d84cdb858d234032329d0c2
adce58e161aacccaa48b83bfbefed021f60dd8b3
fad08488ab9bdf68897a3a6eeb699584c94d259cf814b1f81a330964852f0274

HTTP Headers

GET /css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://andrewrussell.autos/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 23:58:40 GMT
date: Mon, 04 Dec 2023 23:58:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/bEqN54Se.js

146.190.112.14

200 OK

84 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/bEqN54Se.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (65299)
Size
84 kB (84378 bytes)
Hash
f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/bEqN54Se.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:57 GMT
vary: Accept-Encoding
etag: W/"6563d0bd-1499a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/30ZVB5OF.css

146.190.112.14

200 OK

210 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/30ZVB5OF.css
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (629), with CRLF line terminators
Size
210 kB (209665 bytes)
Hash
37dbae0d17208c34f7a96af284f52018
d5a76a529c3c53297a5a394541fa49d504b69d50
10a99594267aa4bd3ea83586bbc93bea00f127ac756526763bdf856b437e413c

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/30ZVB5OF.css HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: text/css
last-modified: Sun, 26 Nov 2023 23:11:52 GMT
vary: Accept-Encoding
etag: W/"6563d0b8-33301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/lqeXW1oD.js

146.190.112.14

200 OK

1.6 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/lqeXW1oD.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (1805), with no line terminators
Size
1.6 kB (1615 bytes)
Hash
f840d9740ba2cf4af76de91ff65ea574
5cea22f433f098ad4ea1559bc6cde472e226dbf6
33ddc6527ce782ea3ad6cec59720d19a694c952f3da0cd3a2b2ef68c0b589bae

HTTP Headers

GET /perpetuum/zero/lqeXW1oD.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:53 GMT
vary: Accept-Encoding
etag: W/"6563d0b9-64f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/cjoWArgu.js

146.190.112.14

200 OK

86 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/cjoWArgu.js
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/cjoWArgu.js HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: application/javascript
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
vary: Accept-Encoding
etag: W/"6563d0ba-14e4a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/3kNBbMZt.css

146.190.112.14

200 OK

28 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/3kNBbMZt.css
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (27591)
Size
28 kB (27754 bytes)
Hash
835820949e29e350f15768fda86f3df2
aceea7abce057d3e585f57be47bf23d1e1ca7222
c1782a8e7e3ff0043f0b4312520e07f8477299e2ac89a11ec473f847c1bc3dc3

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /perpetuum/zero/3kNBbMZt.css HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: text/css
last-modified: Sun, 26 Nov 2023 23:11:53 GMT
vary: Accept-Encoding
etag: W/"6563d0b9-6c6a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

andrewrussell.autos/perpetuum/zero/9DfEoGTA.css

146.190.112.14

200 OK

8.9 kB

URL GET HTTP/2
andrewrussell.autos/perpetuum/zero/9DfEoGTA.css
IP
146.190.112.14:443
ASN
#0

Requested by
https://andrewrussell.autos/perpetuum/zero/?blue=socks
Certificate
IssuerLet's Encrypt
Subjectandrewrussell.autos
FingerprintBD:30:60:C7:BE:93:AA:DF:45:43:A3:D7:3E:58:C0:36:C4:A5:30:48
ValiditySun, 26 Nov 2023 21:44:59 GMT - Sat, 24 Feb 2024 21:44:58 GMT

File type
ASCII text, with very long lines (9729), with no line terminators
Size
8.9 kB (8931 bytes)
Hash
d157e383ef9b4664048d91cb6e6d6925
093b3c5f1348f105b1bdf2c23499b0934a91e8e1
aa21796a3d8af00959baecef77a9a286c06eee864eb52c876d31cac03aeb5025

HTTP Headers

GET /perpetuum/zero/9DfEoGTA.css HTTP/1.1
Host: andrewrussell.autos
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://andrewrussell.autos/perpetuum/zero/?blue=socks
DNT: 1
Connection: keep-alive
Cookie: FirstTimer=1; phone=855-575-1968
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 23:58:40 GMT
content-type: text/css
last-modified: Sun, 26 Nov 2023 23:11:54 GMT
vary: Accept-Encoding
etag: W/"6563d0ba-22e3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by