| near.flyspecialline.com/favicon.ico |  188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3near.flyspecialline.com/favicon.ico IP188.114.97.1:443
Requested byhttps://near.flyspecialline.com/eGRHSERSW CertificateIssuerGoogle Trust Services LLC Subjectflyspecialline.com Fingerprint0F:CA:AC:50:74:D4:F9:76:02:D5:32:4A:6F:CC:5F:5C:BF:58:1E:36 ValidityThu, 11 Jan 2024 11:16:37 GMT - Wed, 10 Apr 2024 11:16:36 GMT
File typeJavaScript source, ASCII text, with very long lines (9872), with no line terminators Hash1f50a5c345b32f00dac4cacdac6dee32 c9d7f3fbce7a52dee0707ea73a8a1c602a6a91c1 be94ab61751b7494ad15abe618c21824d31974ee0682c1470bf93236e01879f2
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: near.flyspecialline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://near.flyspecialline.com/eGRHSERSW
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 Jan 2024 05:51:04 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sun, 28 Jan 2024 19:14:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ArgliWrfHVdiS2MPFs3ZDTVRI7NacSESHcjbKARfMvMKlIYYH8jQU%2BqcEGXfMp78XHumDSf7jznJJjev4j7zUVo5lZwAZW%2FVobmqD3EA47AhDC2Rw1y3jurAp6omqmxsG3J0lOucWbR6Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84cf33864f52b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
| near.flyspecialline.com/eGRHSERSW | 188.114.97.1 | 200 OK | 9.9 kB |
URL User Request GET HTTP/2near.flyspecialline.com/eGRHSERSW IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectflyspecialline.com Fingerprint0F:CA:AC:50:74:D4:F9:76:02:D5:32:4A:6F:CC:5F:5C:BF:58:1E:36 ValidityThu, 11 Jan 2024 11:16:37 GMT - Wed, 10 Apr 2024 11:16:36 GMT
File typeJavaScript source, ASCII text, with very long lines (9872), with no line terminators Hash1f50a5c345b32f00dac4cacdac6dee32 c9d7f3fbce7a52dee0707ea73a8a1c602a6a91c1 be94ab61751b7494ad15abe618c21824d31974ee0682c1470bf93236e01879f2
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /eGRHSERSW HTTP/1.1
Host: near.flyspecialline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 Jan 2024 05:51:04 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13sVQtY%2B8FGMIudEO%2BVJy%2BCICKlmH5lsulwTqu99DCN0ND6TmIPznspmRbS%2Fclg3WB8hRMIyrSF4EmZeCD%2FOxVRAvb%2FI%2FqX%2Bq5xeFdsiNcrJpESGNR5aLMnCOFgUxFoYnWTlOcp6biCu2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84cf3383f95f1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|