Report - 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update

Report Overview

Submitted URL
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
IP
185.155.184.48
ASN
#6898 SERVER.swiss Sagl
Submitted
2023-12-04 05:45:13
Access
public
Website Title
WARNING
Final URL
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
notix.io	14765	2020-08-20	2020-08-20	2023-12-03	1.0 kB	146 kB	139.45.240.92
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-12-03	499 B	7.5 kB	142.250.74.106
71fbbq5ib1mrnvraff.security-patch-today.com	unknown	unknown	No data	No data	4.9 kB	68 kB	185.155.184.48
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-12-03	1.7 kB	50 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	notix.io/ent/current/enot.min.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/	0 B	2023-03-07	2024-07-27
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/ IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 07:05:50 Times Seen41189203 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/scripts/bbms.js	237 B	2023-03-07	2024-07-24
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/scripts/bbms.js IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:14 Last Seen2024-07-24 06:10:11 Times Seen1107 Hash 7d28b6cbe87e8f21c3f3b924ad2fce84 a0fcb29b5007430efcedea382a71414b19a5700c 1fe518c0a3dc387ca3984382c6ed29c0c2c1018b40547523a619666040b3e760 Loading...

	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/	0 B	2023-03-07	2024-07-27
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/ IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 07:05:50 Times Seen41189203 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/jquery.min.js	92 kB	2023-05-20	2024-07-24
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/jquery.min.js IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 12:56:56 Last Seen2024-07-24 06:10:11 Times Seen1188 Hash 4a49f85f5a02fa6fe11126720da50874 22d7cc863dff0e664cee95c7b42b2f2066114788 9efc83acac2e60262a78810abf089aed8e5a2832d64b0977ab0e2922fd01021f Loading...

	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/main.js	838 B	2023-05-20	2024-07-24
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/main.js IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 12:56:56 Last Seen2024-07-24 06:10:11 Times Seen996 Hash c3ed5ac7dda566870186c4c8e6cf0dcd 116f6823fde2478b194b03cc9c160e8c1a175d45 ee975a46a04968de8e8cc99c8a7784e05be0d2347245f6cefe4bd9072d319e7d Loading...

	71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/	0 B	2023-03-07	2024-07-27
Pretty URL 71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/ IP 185.155.184.48 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 07:05:50 Times Seen41189203 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	notix.io/ent/current/enot.min.js	145 kB	2023-11-29	2023-12-08
Pretty URL notix.io/ent/current/enot.min.js IP 139.45.240.92 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-29 11:39:02 Last Seen2023-12-08 03:48:58 Times Seen370 Hash 5ec57c87dbac3f07e59e5d74ae3421e4 70121f1541a1961d7b87544001d612f18ad04243 e1d529afcbb911c99bb039ba39c7fb6716275b97650ae816a90fc03f256542bb Loading...

HTTP Transactions (15)

URL IP Response Size

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/

185.155.184.48

200 OK

1.5 kB

URL User Request GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.5 kB (1535 bytes)
Hash
ba41c329d99f0eb8187e552d179b23cd
69f0a6dae53b10fad4ab0db6d183400c8581ae09
8a8245a3c199f1f625311f28f051225b693ed14af0e06e1f1fd51abb46f7808b

HTTP Headers

GET /blocker/47514/cleaner-update_p1/ HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/css/style.css

185.155.184.48

200 OK

1.1 kB

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/css/style.css
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1051 bytes)
Hash
beef0c0ce13f25f65a84019bebe6378b
2f95dd2d3ba5e1c848487a4e28199d3ad32037df
1f3ad9786b942cf941cdbdb71e8fedaef63dbef237ce767e61229c838b46cb14

HTTP Headers

GET /blocker/47514/cleaner-update_p1/css/style.css HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: text/css
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"655e338c-1077"
Content-Encoding: gzip

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/jquery.min.js

185.155.184.48

200 OK

32 kB

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/jquery.min.js
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
ASCII text, with very long lines (32065), with CRLF line terminators
Size
32 kB (32081 bytes)
Hash
4a49f85f5a02fa6fe11126720da50874
22d7cc863dff0e664cee95c7b42b2f2066114788
9efc83acac2e60262a78810abf089aed8e5a2832d64b0977ab0e2922fd01021f

HTTP Headers

GET /blocker/47514/cleaner-update_p1/js/jquery.min.js HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: application/javascript
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"655e338c-167ce"
Content-Encoding: gzip

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/scripts/bbms.js

185.155.184.48

200 OK

170 B

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/scripts/bbms.js
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
ASCII text
Size
170 B (170 bytes)
Hash
7d28b6cbe87e8f21c3f3b924ad2fce84
a0fcb29b5007430efcedea382a71414b19a5700c
1fe518c0a3dc387ca3984382c6ed29c0c2c1018b40547523a619666040b3e760

HTTP Headers

GET /blocker/47514/cleaner-update_p1/scripts/bbms.js HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: application/javascript
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"655e338c-ed"
Content-Encoding: gzip

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/main.js

185.155.184.48

200 OK

405 B

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/js/main.js
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
ASCII text, with CRLF line terminators
Size
405 B (405 bytes)
Hash
c3ed5ac7dda566870186c4c8e6cf0dcd
116f6823fde2478b194b03cc9c160e8c1a175d45
ee975a46a04968de8e8cc99c8a7784e05be0d2347245f6cefe4bd9072d319e7d

HTTP Headers

GET /blocker/47514/cleaner-update_p1/js/main.js HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: application/javascript
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"655e338c-346"
Content-Encoding: gzip

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/close_icon.png

185.155.184.48

200 OK

248 B

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/close_icon.png
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
248 B (248 bytes)
Hash
eaf98c5e61ff92dcfd5568474e1f8d09
bb5a1dae13cf4c1de3111642d9132a89c453727a
dc02cbd81ea7799f019a1687f57a2e0b2941a5c1d28bcd8b3aa2f89fb77e07a8

HTTP Headers

GET /blocker/47514/cleaner-update_p1/images/close_icon.png HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: image/png
Content-Length: 248
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Connection: keep-alive
ETag: "655e338c-f8"
Accept-Ranges: bytes

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/warning_icon.png

185.155.184.48

200 OK

1.5 kB

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/warning_icon.png
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
PNG image data, 107 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1457 bytes)
Hash
3b9478bb5dc9a8fb3c5b80df7bcb8200
e553d00e0d91f52ae972549227f94a87c6b60947
2f09f151cb4af02177af559872b142d1898830598fe5866012189c2c616b06dd

HTTP Headers

GET /blocker/47514/cleaner-update_p1/images/warning_icon.png HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: image/png
Content-Length: 1457
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Connection: keep-alive
ETag: "655e338c-5b1"
Accept-Ranges: bytes

71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/android.png

185.155.184.48

200 OK

29 kB

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/images/android.png
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
PNG image data, 144 x 148, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28700 bytes)
Hash
f75de32d9451cc905a7b3a6c34a72914
2044c1233cfbecbe1606349f3ad218186d540134
d94f23d6bd7b27a0e2923b621132bf2d30cc8ec9e59d36d542b59709579a2c1f

HTTP Headers

GET /blocker/47514/cleaner-update_p1/images/android.png HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: image/png
Content-Length: 28700
Last-Modified: Wed, 22 Nov 2023 16:59:56 GMT
Connection: keep-alive
ETag: "655e338c-701c"
Accept-Ranges: bytes

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://71fbbq5ib1mrnvraff.security-patch-today.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 339321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://71fbbq5ib1mrnvraff.security-patch-today.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 376260
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://71fbbq5ib1mrnvraff.security-patch-today.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 348442
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

71fbbq5ib1mrnvraff.security-patch-today.com/favicon.ico

185.155.184.48

404 Not Found

20 B

URL GET HTTP/1.1
71fbbq5ib1mrnvraff.security-patch-today.com/favicon.ico
IP
185.155.184.48:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subject*.security-patch-today.com
FingerprintC8:7F:3F:77:C7:F7:44:1F:CB:0A:D9:0E:7F:3C:02:18:CF:3C:0B:29
ValidityTue, 07 Nov 2023 03:40:59 GMT - Mon, 05 Feb 2024 03:40:58 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 71fbbq5ib1mrnvraff.security-patch-today.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 04 Dec 2023 05:44:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

notix.io/settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.15.19

139.45.240.92

200 OK

318 B

URL GET HTTP/2
notix.io/settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.15.19
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
JSON data\012- , ASCII text, with very long lines (318), with no line terminators
Size
318 B (318 bytes)
Hash
82b0c0f76512e60ea030da09ee18febf
2c4b11e5713c2f7e6a3da2ef87a1c0c78c3da195
a8ca49249ca90a131bba14405671cb243da2849145a3d8074b0b5c232c2b57d1

HTTP Headers

GET /settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.15.19 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/
Origin: https://71fbbq5ib1mrnvraff.security-patch-today.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 05:44:57 GMT
content-type: application/json; charset=utf-8
content-length: 318
access-control-allow-origin: https://71fbbq5ib1mrnvraff.security-patch-today.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
12a5f984cb99e0c985a2d90f89d3f6ef
d5e7fee18eae9e9a367f6690f6a820d275c0f168
c5fc5af7d840d629587a49de952ae1ff542b0310b07034c7cd31b2d633bc95b2

HTTP Headers

GET /css2?family=Roboto:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:44:56 GMT
date: Mon, 04 Dec 2023 05:44:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

notix.io/ent/current/enot.min.js

139.45.240.92

200 OK

145 kB

URL GET HTTP/2
notix.io/ent/current/enot.min.js
IP
139.45.240.92:443
ASN
#9002 RETN Limited

Requested by
https://71fbbq5ib1mrnvraff.security-patch-today.com/blocker/47514/cleaner-update_p1/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint68:78:0C:AA:A6:75:6F:E2:65:2D:3B:7E:5B:8A:2B:6B:F6:1A:BF:1D
ValidityFri, 15 Sep 2023 11:38:16 GMT - Thu, 14 Dec 2023 11:38:15 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (144887 bytes)
Hash
5ec57c87dbac3f07e59e5d74ae3421e4
70121f1541a1961d7b87544001d612f18ad04243
e1d529afcbb911c99bb039ba39c7fb6716275b97650ae816a90fc03f256542bb

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://71fbbq5ib1mrnvraff.security-patch-today.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 05:44:56 GMT
content-type: application/javascript
last-modified: Wed, 29 Nov 2023 16:35:15 GMT
etag: W/"65676843-235f7"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN