| |  195.20.46.213 | 301 | 0 B |
URL User Request GET HTTP/1.1IP195.20.46.213:80 ASN#31624 Verotel International B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET POLICY HTTP Request to a *.tk domain | | suricata | medium | ET POLICY HTTP Request to a *.tk domain |
GET / HTTP/1.1
Host: di5xo.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301
Server: nginx
Date: Thu, 01 Jun 2023 08:37:06 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.nobrain.dk
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| |  104.21.235.19 | 200 OK | 0 B |
URL User Request GET HTTP/2IP104.21.235.19:443
CertificateIssuerGoogle Trust Services LLC Subjectnobrain.dk FingerprintEB:0E:4C:3C:B9:BF:DE:C7:60:6F:32:2C:06:C5:1D:E9:75:F1:04:0A ValiditySun, 23 Apr 2023 02:49:56 GMT - Sat, 22 Jul 2023 02:49:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.nobrain.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Jun 2023 08:37:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Jun 2023 09:37:05 GMT
Location: https://www.nobrain.dk/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vtwpj8uEpPbi%2BIvYTdADmFph2Nok7of6AbZqd8xUE52E%2F5W32TAs8kbNiOJbgxXqDKvhOUmB%2FCXbcPH6PU3d02SevCFFor1Lh1RgGcxaMfc1FBoCIUwKuFQIgIv1YEemaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0621f8394e24b8-LHR
alt-svc: h2=":443"; ma=60
|
|
| | 195.20.46.213 | 301 | 0 B |
URL User Request GET HTTP/1.1IP195.20.46.213:80 ASN#31624 Verotel International B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET POLICY HTTP Request to a *.tk domain | | suricata | medium | ET POLICY HTTP Request to a *.tk domain |
GET / HTTP/1.1
Host: di5xo.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301
Server: nginx
Date: Thu, 01 Jun 2023 08:37:07 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.nobrain.dk
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| www.nobrain.dk/cdn-cgi/apps/head/2KV8bI7Q5kUPHFGTqkPeLe51T-0.js | 104.21.235.19 | 200 OK | 2.6 kB |
URL GET HTTP/3www.nobrain.dk/cdn-cgi/apps/head/2KV8bI7Q5kUPHFGTqkPeLe51T-0.js IP104.21.235.19:443
CertificateIssuerGoogle Trust Services LLC Subjectnobrain.dk FingerprintEB:0E:4C:3C:B9:BF:DE:C7:60:6F:32:2C:06:C5:1D:E9:75:F1:04:0A ValiditySun, 23 Apr 2023 02:49:56 GMT - Sat, 22 Jul 2023 02:49:55 GMT
File typeASCII text, with very long lines (328) Hashf9595022ece9ffc956693d99a019d128 e167b275a2f72b85ea70e1b95a6fad34e6ed2de5 8750015c483d95aa00dee490a93fe2ab81262acc814c51f40750d1504b69128f
GET /cdn-cgi/apps/head/2KV8bI7Q5kUPHFGTqkPeLe51T-0.js HTTP/1.1
Host: www.nobrain.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nobrain.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 08:37:07 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: NbUolGLE/WLdYZ4Da7tEyI+VTCvhNhZq8clxKqgCpswr6XlNvNbGtf7B2yy9OSWgJV9/oHHbic0=
x-amz-request-id: 1XK0G648C8DXBE1E
cache-control: public, max-age=31536000
last-modified: Tue, 24 Apr 2018 19:30:07 GMT
x-amz-version-id: 6P6zFqMrR_ejoCHV6yMcJQuO8lT3ZSG3
etag: W/"71f1c24446879d2b181e0fe5b5749041"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anax4XtkIbOqfalxcC8RIrGGoiylnEa7Cp7H1y5BAZ8iTGZPwsJIvkCIu%2BNuG2tpQQIB1LMOQoqib9siC9DUeejYP5cyzIzbnAsyC0ebxU8MjBwgMKsp0mHmrrVhOcVgoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0621fd1ba476a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=UA-626643-4 |  142.250.74.168 | 200 OK | 64 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=UA-626643-4 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51 ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File typeASCII text, with very long lines (4372) Hash18a6a323c7097b586baa32f5d83db58a 194ab80988a92819c6b015323ebc957788d877f3 d722bb4db8365b5d92ea65d6a0085aa1a9f832d0c23b0cd66ca0b4804ad802a7
GET /gtag/js?id=UA-626643-4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nobrain.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 08:37:07 GMT
expires: Thu, 01 Jun 2023 08:37:07 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Jun 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64283
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hash5b53f2fcda25e30bbbf202b507fac96c 1d1cfb1765f42aba83c3b3e89417b228ed9f0b22 6971f9675ef64b91754cc952302f0a4e9d93b0435625536165dde4c7fe71b235
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 08:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtag/js?id=G-64YCEK8DF2&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 77 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-64YCEK8DF2&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51 ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File typeASCII text, with very long lines (5858) Hashc8c51f5f0adb8bfa1acac8eed81e9d62 f35814250976a9b2006d040329c3b5fd8fd23d2b 5856fa7cda63de3f0e4c29a4acf1541f1e32ff3e5f84be02b6d76c026bd0b960
GET /gtag/js?id=G-64YCEK8DF2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nobrain.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 08:37:07 GMT
expires: Thu, 01 Jun 2023 08:37:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.nobrain.dk/favicon.ico | 104.21.235.19 | 200 OK | 19 kB |
URL GET HTTP/3www.nobrain.dk/favicon.ico IP104.21.235.19:443
CertificateIssuerGoogle Trust Services LLC Subjectnobrain.dk FingerprintEB:0E:4C:3C:B9:BF:DE:C7:60:6F:32:2C:06:C5:1D:E9:75:F1:04:0A ValiditySun, 23 Apr 2023 02:49:56 GMT - Sat, 22 Jul 2023 02:49:55 GMT
File typeGIF image data, version 89a, 16 x 16\012- data Hasha63464ec86d4a5819fe75911d4e3e005 3c5200371eb3ac571dffc58cfebc3137822fe1df 8466679ee8f02180341124d57c00a3a292958de911e52a30fe00536f18a24218
GET /favicon.ico HTTP/1.1
Host: www.nobrain.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nobrain.dk/
Cookie: _ga_64YCEK8DF2=GS1.1.1685608627.1.0.1685608627.0.0.0; _ga=GA1.1.2034183458.1685608627
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 01 Jun 2023 08:37:07 GMT
content-type: image/vnd.microsoft.icon
last-modified: Sat, 18 Dec 2010 20:49:34 GMT
etag: W/"4be4-497b56c9dd380"
cache-control: max-age=86400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iziioku%2FePiPIz%2FOhpDMwtxrhxDlQk0YZAtzcsTnxDKAt21rSX3hOFxdnzGWxIn7H2H2qmQ%2FvDXMNyjmCu6GoIxaXrX5QgGqCcUiOJoa7kPo11SnuI%2FWgeJA8H1k2pLccQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d06220299b276a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.nobrain.dk/nobrain.mp4 | 104.21.235.19 | 206 Partial Content | 35 kB |
URL GET HTTP/3www.nobrain.dk/nobrain.mp4 IP104.21.235.19:443
CertificateIssuerGoogle Trust Services LLC Subjectnobrain.dk FingerprintEB:0E:4C:3C:B9:BF:DE:C7:60:6F:32:2C:06:C5:1D:E9:75:F1:04:0A ValiditySun, 23 Apr 2023 02:49:56 GMT - Sat, 22 Jul 2023 02:49:55 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Hashce8eca5e498a3beaa7ab7ee79e76f784 2c36e28a326f5d8ddd253134f894686dadc58847 5d6e42888a3de255e56cfa5ef530886feebcd7265ab3253fb74cd666df80eb36
GET /nobrain.mp4 HTTP/1.1
Host: www.nobrain.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://www.nobrain.dk/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 206 Partial Content
date: Thu, 01 Jun 2023 08:37:07 GMT
content-type: video/mp4
content-length: 2808360
last-modified: Wed, 12 Jan 2022 21:30:36 GMT
etag: "2ada28-5d56947ce0e19"
cache-control: max-age=86400
cf-cache-status: MISS
content-range: bytes 0-2808359/2808360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KUxcXsQ%2Fgcork9OT4%2B07rjceqNjyFesnvu4Gexa%2Bc8jtl749p2R4uXe308h3T1QREo9Go1Zw%2BdC1tXlZKBz1GABiKmcinFmG2eAIlMXxVZD36k38O7Y4sbHd2YWHO9gl8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0622011ff676a7-LHR
alt-svc: h3=":443"; ma=86400
|
|
0.0.0.0