| l24.im/Up5FKV/Errors/404 | 172.67.186.156 | | 167 B |
IP172.67.186.156:0
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Up5FKV/Errors/404 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 14:44:20 GMT
content-type: text/html
content-length: 167
location: https://l24.im/Home/Main/404.html
cache-control: max-age=3600
expires: Thu, 18 Apr 2024 15:44:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mlhiwfmLkPkEzFbh9gXJbXw5ZQ8SSlrSy8HVsKcIi8%2F%2F5nPFu66OF6n4X5LozDjD6%2BO86ezk6aim9nZx4APjmQ82fcYJxfaPcrmke33hScAozGqqDBhW2MY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eac780956b5-OSL
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css | 104.17.25.14 | | 17 kB |
URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css IP104.17.25.14:0
File typeASCII text, with very long lines (65317) Hash8ef777107c4620d4ddd4f8c4bb14a36c 0ae47fa834fb55de7b50c79021aeabecfae50c9c c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f
GET /ajax/libs/font-awesome/6.1.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: text/css; charset=utf-8
content-length: 17188
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "62deef96-4324"
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 249741
expires: Tue, 08 Apr 2025 14:44:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0DyTzSblMGjE%2Br5t%2Bgynz9y6dt24RAfnl9reB4Ca129BEAWSzjPskapr8zYhRASQ8YuPSzvxoGUmxneaAEzRN6FdIaBYr%2BaN4oa8ivcdtY4Osf2u9RD9tB7%2FbGMz6DucVBddhoW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87656eaf684b5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| l24.im/Home/Main/assets/images/banklogos.png | 172.67.186.156 | | 14 kB |
URL l24.im/Home/Main/assets/images/banklogos.png IP172.67.186.156:0
File typePNG image data, 429 x 32, 8-bit/color RGBA, non-interlaced Hashbd652944bc6ccda4690900baa6226ca9 eb3faf37fcecd7fb23e8270a298f56bfd0e3c14d d0ca4e684b6a94cdc68c6b622aa32ddefccf9f022a2b88cb0a38ce21e2d78e35
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Home/Main/assets/images/banklogos.png HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/404.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: image/png
content-length: 14196
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "baaa9193ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxT6tEwc645EhccXa4d44aAGQAKbdcwzNZ9m9tLCncCfG%2FLH8ju8k5r3WGGhezyNX12Qtz6Dm5pd83H8sAYDdPpFR5tcsj1WHQaiLPR08QPTbctxGfvuiHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eaf5dea0b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css | 151.101.129.229 | | 3.4 kB |
URL cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css IP151.101.129.229:0
File typeASCII text, with very long lines (12795), with no line terminators Hasha2d42584292f64c5827e8b67b1b38726 1be9b79be02a1cfc5d96c4a5e0feb8f472babd95 5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:21 GMT
age: 20097017
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3370
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js | 151.101.129.229 | | 23 kB |
URL cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js IP151.101.129.229:0
File typeJavaScript source, ASCII text, with very long lines (31972) Hash49a6b4d019a934bcf83f0c397eba82d8 6181412e73966696d08e1e5b1243a572d0f22ba6 cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:21 GMT
age: 21998928
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23149
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL | 142.250.74.72 | | 100 kB |
URL www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL IP142.250.74.72:0
File typeJavaScript source, ASCII text, with very long lines (5955) Size100 kB (100092 bytes) Hash475844ee65adbdf7bdda3fa9d29c1609 fd691708d2f0a76ca984eb2bb3a0807bd5d9a770 af97a0bee8931d8993f1c1b230ff20fe2bc80f695a51a41a49b197331c2f3db4
GET /gtag/js?id=G-7N67D0CRJL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 14:44:21 GMT
expires: Thu, 18 Apr 2024 14:44:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100092
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js | 142.250.74.74 | | 34 kB |
URL ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js IP142.250.74.74:0
File typeJavaScript source, ASCII text, with very long lines (32038) Hashf03e5a3bf534f4a738bc350631fd05bd 37b1db88b57438f1072a8ebc7559c909c9d3a682 aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 06:44:16 GMT
expires: Sun, 13 Apr 2025 06:44:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 460805
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J | 142.250.74.72 | 200 OK | 87 kB |
URL GET HTTP/3www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J IP142.250.74.72:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3041) Hash7f7ec6de56326a950590e53743e41819 d0bb0d4f6b381cfb84103e67412a2234db2dc1e2 fd0641c3ce62b789315c5e0eb10de017c7de7ad67733d4903216221fc01030ba
GET /gtm.js?id=GTM-MF73SG9J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 14:44:21 GMT
expires: Thu, 18 Apr 2024 14:44:21 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86679
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| l24.im/Home/Main/assets/css/fonts/icomoon.ttf?im35gw | 172.67.186.156 | | 1.3 kB |
URL l24.im/Home/Main/assets/css/fonts/icomoon.ttf?im35gw IP172.67.186.156:0
File typeTrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon Hash7884770eaf1d93e9eccd036fe0a60a03 ebe3722dfe9ed21ce9528473f44b8f7c6739ad8d 83e9ea82dbfbeea43439acd171ba6882284d1c23bc58b290a603b97ee9b61119
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Home/Main/assets/css/fonts/icomoon.ttf?im35gw HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/assets/css/font.css
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.0.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; admatic-user-session=25011866496020100101960561024128024
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: application/octet-stream
content-length: 1284
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: "e3358193ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZthqLEP2XfsdEUdzaSrLial0Ea0c6bA0sPEtS8zb7GPiufUYDq%2BNQq0bH7rCx5W4vgX5SPemZsi1eFFjZDyQF7unEK79mqcVdsS%2B1vFmU0jgz%2BfygDBpP54%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eb2999a0b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap | 142.250.74.106 | | 20 kB |
URL fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap IP142.250.74.106:0
File typegzip compressed data, max compression Hash1052ed4c6bf81a7e1b3e159068473067 64e59836bc737ae1fb6536849cca23b5c6c3a7e6 a7e5e926dbc21b3e99dfc323146794e7ecd553c0346bdabfe9c665dfe50de40c
GET /css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 14:44:21 GMT
date: Thu, 18 Apr 2024 14:44:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AI9sdO_q.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/3fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AI9sdO_q.woff2 IP216.58.207.227:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15872, version 1.0 Hash0f2d41d2b986c330afb05429a8a840b3 51d1197898ffc6215b37d035b6c1ca3dbb29b961 4064fb191238671603c1fcf604554950ee4800051a681f1e29d215a6c0e111a7
GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AI9sdO_q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 23:27:36 GMT
expires: Tue, 15 Apr 2025 23:27:36 GMT
cache-control: public, max-age=31536000
age: 227805
last-modified: Tue, 02 May 2023 15:44:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| l24.im/Home/Main/assets/js/site.js?v=1.0.4 | 172.67.186.156 | | 22 kB |
URL l24.im/Home/Main/assets/js/site.js?v=1.0.4 IP172.67.186.156:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1046), with CRLF, LF line terminators Hash96c52025a30eb84af4482b9a0c2f4928 fcee4473f77f19fffc86a5bb3293261ab38810e3 16d928206b28f3bd9da318b4e9b7d1001d0142a04cd78efbc1198e8dcafd3d32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Home/Main/assets/js/site.js?v=1.0.4 HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/404.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14114
etag: W/"9940a7d694c9d91:0"
last-modified: Tue, 08 Aug 2023 01:08:27 GMT
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YNGiMZn1U53fL9C6n97lrGlUinzWdG%2FJuy2%2BNlQqlQnk7il1QS1HsiwezqUkuVTzoRjkM7Uvrf8CeftXoQgxfkeuE8qIdUu8NMVKrKtWCyVgSb8Ar4M1OLA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eaf5df50b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ssp-service.admatic.com.tr/check | 172.67.73.96 | 204 No Content | 0 B |
URL OPTIONS HTTP/3ssp-service.admatic.com.tr/check IP172.67.73.96:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectssp-service.admatic.com.tr FingerprintF5:F5:FA:6E:3F:8D:6C:89:82:A7:49:3C:1C:96:94:06:8B:80:07:C9 ValidityMon, 18 Mar 2024 07:06:56 GMT - Sun, 16 Jun 2024 07:06:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /check HTTP/1.1
Host: ssp-service.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 18 Apr 2024 14:44:21 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
working-on: admatic-k8s
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E4TvO4QAgA5sih9UBnow5UtVMHKe%2B01QGThIzjsEBbr%2B4fbv3lqW2s4y8nc1Xqm6fKKa0WL%2F8V19uyZF4rGkUdnatnWr%2F4dp%2B4wOjsIPm%2FmkG0nlxzqtcZDJQz40iH1Ngw6AdPgne5Epo3I%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656eb2ce185691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| l24.im/Home/Main/assets/images/twitter.svg | 172.67.186.156 | | 1.0 kB |
URL l24.im/Home/Main/assets/images/twitter.svg IP172.67.186.156:0
File typeSVG Scalable Vector Graphics image Hash71c636b942fa3cbee418a65aa476cb91 5f7b44ae7c4f5df6bed53a64f8b7d02e7842533f 731f6f8e0d18bfdab2c690939150426c469c4e7621b8679e769e32ead3db71c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Home/Main/assets/images/twitter.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/404.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:26 GMT
etag: W/"e56021a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yjorHP%2FjAWzmkBOH8yKL3nGCQ7ZZggcjRAtEhBZZlD3KZhBWiINkHMsS8rCmwUfAWGwrwGSmbH60e2UNF73zAwIf4dqBaJTmXiKOmLTfx3a4gU7UXSCHzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eaf5de90b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 | 216.58.207.227 | | 22 kB |
URL fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21904, version 1.0 Hash27b2f94167bce460f3e669c52be7301e de5636d6096f5a29f0764aa563c54f157b1f9de9 51c8eae79bf05bbcc1811da8cb56ff69d87d40bafdce8282fea8a43259b4afcb
GET /s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:44:50 GMT
expires: Fri, 11 Apr 2025 17:44:50 GMT
cache-control: public, max-age=31536000
age: 593971
last-modified: Wed, 31 Jan 2024 23:15:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDZbtPY_Q.woff2 | 216.58.207.227 | | 12 kB |
URL fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDZbtPY_Q.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 12104, version 1.0 Hashabb3f57b98102cf543c7795cf100b05d 6a3b737da36773cd1f071e9033ee7104b0fc165b aa02e16620f4ec43893c5a54c91a6b1b87d42fa5110022a312cf5b91690d657b
GET /s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDZbtPY_Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12104
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:45:05 GMT
expires: Fri, 18 Apr 2025 02:45:05 GMT
cache-control: public, max-age=31536000
age: 43156
last-modified: Wed, 31 Jan 2024 23:12:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15724, version 1.0 Hash0e2c71ca88ef614ed360af7147277927 9eee92090322dc7f14422e5babc7a4239e334400 9a4ad5a9fd17ad03f878c0f1b126f460c4f409f29c633d5fc7c20276a7060914
GET /s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhd_eFb5N.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:43:23 GMT
expires: Fri, 18 Apr 2025 02:43:23 GMT
cache-control: public, max-age=31536000
age: 43258
last-modified: Tue, 02 May 2023 16:04:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2 | 216.58.207.227 | | 20 kB |
URL fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 20356, version 1.0 Hashe78568807d101b47dfd21e34244e072f 4cfc3c246e975c42ef684033a58afdacf8d5f54b 31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6
GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20356
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:26:48 GMT
expires: Wed, 16 Apr 2025 07:26:48 GMT
cache-control: public, max-age=31536000
age: 199053
last-modified: Tue, 02 May 2023 16:19:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ssp-service.admatic.com.tr/check | 172.67.73.96 | 204 No Content | 0 B |
URL OPTIONS HTTP/3ssp-service.admatic.com.tr/check IP172.67.73.96:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectssp-service.admatic.com.tr FingerprintF5:F5:FA:6E:3F:8D:6C:89:82:A7:49:3C:1C:96:94:06:8B:80:07:C9 ValidityMon, 18 Mar 2024 07:06:56 GMT - Sun, 16 Jun 2024 07:06:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /check HTTP/1.1
Host: ssp-service.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 18 Apr 2024 14:44:21 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
working-on: admatic-k8s
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJANCB1WnFLueLbhUqMMDpPo%2FJJcYLBePyE7z96WKK3eeQpedi%2BvWjMYmyFIqu8Wz3jv5s1hfrJiI9Qk6ardY3QKi54vvgookQVOsv6pxIlljGupVc3kijlcWyFhArGlk4fVwtK%2BYGpifJf0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656eb3fff95691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AI9sdO_q.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AI9sdO_q.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16264, version 1.0 Hash4267dfb25bc2bf828613ad27adb49edf 67f4eba4b05ea3d7f7c3ad5279c12c1f8c52bcd2 19d8e8252c984a204ba97d48d9abfe56a1ab5caa0b3468495d8db57dd144a780
GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AI9sdO_q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16264
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 03:03:23 GMT
expires: Fri, 18 Apr 2025 03:03:23 GMT
cache-control: public, max-age=31536000
age: 42058
last-modified: Tue, 02 May 2023 16:19:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101za200&_p=1713451460942&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEAE&_s=1&sid=1713451461&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90&tfd=979 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101za200&_p=1713451460942&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEAE&_s=1&sid=1713451461&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90&tfd=979 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101za200&_p=1713451460942&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEAE&_s=1&sid=1713451461&sct=1&seg=0&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90&tfd=979 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://l24.im
date: Thu, 18 Apr 2024 14:44:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.segmage.dev/segmage.min.js | 188.114.97.1 | 200 OK | 19 kB |
URL GET HTTP/3cdn.segmage.dev/segmage.min.js IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash7be0e3ff82027518c342e362e8609c5a e00524c6f06ed4d30ebed607f347bd0cfc72c479 f60b0e6d0bd6c5d921ed03561848edfee90d78c751a068ab639e57cf951e78d5
GET /segmage.min.js HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:22 GMT
content-type: text/javascript
etag: W/"1da867e9a173cf3"
last-modified: Thu, 04 Apr 2024 10:55:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eE4SnCIu7ZcNX92IIj77kp9%2BvxBuy7T97kgiish7NrOkIFR%2Fk0vwzo7j7Dy%2BZdPYfdbJ%2B0DPgKn4v1Sl80TN1ZjxefpUsFKwXR9LPOgAK%2B1%2BxyQ%2FtN8TWtRvTBtrOQFgcXs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87656eb4fa4b712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.serve.admatic.com.tr/showad/showad.js | 104.26.4.92 | 200 OK | 26 kB |
URL GET HTTP/3cdn.serve.admatic.com.tr/showad/showad.js IP104.26.4.92:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectcdn.serve.admatic.com.tr FingerprintA1:FC:42:5D:E6:3A:2F:85:AF:0D:01:19:4E:83:DE:40:9F:18:E2:A6 ValiditySat, 30 Mar 2024 20:44:19 GMT - Fri, 28 Jun 2024 20:44:18 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash13d519b35b83871a5a69f445acf527f7 be44982d8113569b49aeba35d9ce340841e273aa bf77cf0ca47e8538faba0fb6ee028bbd3cbfc8bbf0bfb50891180b694f6d8466
GET /showad/showad.js HTTP/1.1
Host: cdn.serve.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
cdn-pullzone: 1905149
cdn-uid: e7d0f040-08f3-443e-a640-656beb6c8b3b
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=3600
etag: W/"661e9321-11349"
last-modified: Tue, 16 Apr 2024 15:02:57 GMT
cdn-storageserver: DE-664
cdn-fileserver: 658
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/16/2024 15:03:15
cdn-edgestorageid: 1048
cdn-status: 200
cdn-requestid: 6b683e49469b2f630bd81dcd0170d3db
cdn-cache: HIT
cf-cache-status: HIT
age: 941
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xz4AiHa1Z%2BtPI0nRyOwy8%2FOblM6kBha%2FT6Kxr1vP%2BpjiMvVFKY9Xaz5MdbqAMdBGc2%2BqD50bEEtq7roVsSlP6tMP%2BeLq6I3d1jC8WJxm8JIl2%2BTZwDXTF5ijIV5%2FZl4nX0Vtg7Mz9chzjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656eafdde95694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| l24.im/Home/Main/assets/images/menuicon1.svg | 172.67.186.156 | | 8.6 kB |
URL l24.im/Home/Main/assets/images/menuicon1.svg IP172.67.186.156:0
File typeSVG Scalable Vector Graphics image Hashc3780f989f484de2b8f0d3c1dbed8908 9e63c8651885230c9fd956e8826050cc394e8967 63b3c4e333558a101fd29cb6ecce29f9b3dee5de4765d77aec0367fd8eb8047b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Home/Main/assets/images/menuicon1.svg HTTP/1.1
Host: l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l24.im/Home/Main/404.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:21 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Jul 2022 11:26:25 GMT
etag: W/"2eb712a3ea3d81:0"
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pTyBmG9eV9lk32aClqLoSVFZ0WbqNuHrKV1zU%2FmAWxN6D4Ra2ujjVlA4Ep7ROfjNK3jKo7z2kn0vqwsWSJJ84pAqXllddqV5kA1A2uLUomxZXeDML%2Bz4rII%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656eaf4dd20b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css | 151.101.129.229 | | 3.4 kB |
URL cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css IP151.101.129.229:0
File typeASCII text, with very long lines (12795), with no line terminators Hasha2d42584292f64c5827e8b67b1b38726 1be9b79be02a1cfc5d96c4a5e0feb8f472babd95 5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 3370
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:23 GMT
age: 20097019
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js | 151.101.129.229 | | 6.4 kB |
URL cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js IP151.101.129.229:0
File typeASCII text, with very long lines (23002) Hash00debcf6cf0789a19cee2278011afcd4 8017f8b1869077db728573f1ca4684a00af69462 faee7815a5fd27e938d1e01c8392b66332024908eb118048f608eee671371df6
GET /particles.js/2.0.0/particles.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 6363
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"5b44-gBf4sYaQd9tyhXPxykaEoAr2lGI"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:23 GMT
age: 1094453
x-served-by: cache-fra-eddf8230124-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js | 151.101.129.229 | | 23 kB |
URL cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js IP151.101.129.229:0
File typeJavaScript source, ASCII text, with very long lines (65299) Hashf81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 23377
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:23 GMT
age: 5369985
x-served-by: cache-fra-etou8220121-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js | 151.101.129.229 | | 23 kB |
URL cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js IP151.101.129.229:0
File typeJavaScript source, ASCII text, with very long lines (31972) Hash49a6b4d019a934bcf83f0c397eba82d8 6181412e73966696d08e1e5b1243a572d0f22ba6 cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
GET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 23149
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.7
x-jsd-version-type: version
etag: W/"10a9d-YYFBLnOWZpbQjh5bEkOlctDyK6Y"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 14:44:23 GMT
age: 21998930
x-served-by: cache-fra-etou8220109-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css | 104.17.25.14 | | 17 kB |
URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css IP104.17.25.14:0
File typeASCII text, with very long lines (65317) Hash8ef777107c4620d4ddd4f8c4bb14a36c 0ae47fa834fb55de7b50c79021aeabecfae50c9c c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f
GET /ajax/libs/font-awesome/6.1.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: text/css; charset=utf-8
content-length: 17188
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "62deef96-4324"
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 249743
expires: Tue, 08 Apr 2025 14:44:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yo4ZvBpXU82qxEHrxbLcwJLvyn%2BByW3KSzaNnUD%2FTIizVKtaG5e2TVdc8FYZpAvmdyh4sluw5Bg1kIi%2Frz3XUTocX0YU7FIuPWjXxPigpi0I%2Br9aKIn31cS8vy7NAIjk124wm3aI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87656ec1ae565699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J | 142.250.74.72 | 200 OK | 87 kB |
URL GET HTTP/3www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J IP142.250.74.72:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3041) Hash71718d08dbacd40e9757106181f9bfe5 02e372c80def05e82798f87e56d0a6b85da815dd 76dc252148215f14c2b2a0a91f0854d2b020e837e2500a569f2d29ad3a4e0cff
GET /gtm.js?id=GTM-MF73SG9J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 14:44:24 GMT
expires: Thu, 18 Apr 2024 14:44:24 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86604
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&refUrl= | 188.114.97.1 | | 0 B |
URL collect.segmage.dev/js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&refUrl= IP188.114.97.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /js/set?sr=1280x1024&sa=1280x1024&sc=24-bit&ul=en-US&cs=UTF-8&title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&refUrl= HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,d,ga,sg,source,t,tz,u
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:24 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,d,ga,sg,source,t,tz,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcVquLeoQ0u%2B98TNKQHDxuaN1z%2FCbp4nNHfIzEkkFjsub4mWvc7Fxvu1wtnXV%2Bo2X0wXXcfOwJNHDoelnYtrC3hETX0%2FW0LTdwWxnHG7aJ7IzzX53BRkivbDQSUhC6SiVau2fzGB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ec1ffcfb50c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js | 188.114.96.1 | | 113 kB |
URL app.l24.im/polyfills-es2015.7228265d48574b6b5adf.js IP188.114.96.1:0
File typeJavaScript source, ASCII text, with very long lines (37660), with no line terminators Size113 kB (113172 bytes) Hashabd2525eedb8a6321c99e53e01d75d37 3fc0cabedaefe7af15964afe691493fd1606203d 649baa63f06598655b146f6ce37865fabe947dfa0f542607899d9864f7588498
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills-es2015.7228265d48574b6b5adf.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d02401171c"
last-modified: Fri, 23 Jun 2023 12:42:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BflipKNBpgx3UFCn6AM%2B25snU4%2FMlLDXgZPEDC%2FdotK0qM4zrqyQvhMBE4%2BlToWp1g%2FeJ1GDgTmt24%2FDd8rW6oNKh6E4cp2g1zgYnNQHz9HT2sSzzte3AyydT9rL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ec128177130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Roboto:400,500 | 142.250.74.106 | | 687 B |
URL fonts.googleapis.com/css?family=Roboto:400,500 IP142.250.74.106:0
File typegzip compressed data, max compression Hash068da4fed147b62410d2227a9ceb5891 fd1b3c8e229b9fed7c33f93ec6efb6d4c7679469 87fd151a4ef8e15ca11cea64c9f77433c0b1ac7172c26fa2e7b2d4083c4bc0e0
GET /css?family=Roboto:400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 14:44:24 GMT
date: Thu, 18 Apr 2024 14:44:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.segmage.dev/template.html | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3cdn.segmage.dev/template.html IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeHTML document, ASCII text Hash81727346cbe5d580c7bd4b64ca3bbd0f 7bf5bfa802ee5d2d94ab8889f525018ec4392a12 da685f9f6a3eb673d577be18066a003000d56335c4629fddd29e40e6a87a6b1e
GET /template.html HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.l24.im/
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:24 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-origin: https://app.l24.im
last-modified: Thu, 04 Apr 2024 10:55:30 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bs4oIt%2FY2b6rEmdC1tZkdMIyIPhAFoDyF6V8vdxNxYIn1lGK2XA6pfOisjsbQNXxeDXt2yOckiVpbkAOSTp1d1y4iPWJ%2BTlZcGwRoQMYDrKJE4uBc9QGUmPcOTcMvcJniY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ec43b41b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| app.l24.im/assets/js/owl.carousel.min.js | 188.114.96.1 | | 12 kB |
URL app.l24.im/assets/js/owl.carousel.min.js IP188.114.96.1:0
File typeJavaScript source, ASCII text, with very long lines (31997), with CRLF line terminators Hash47c357c05cb99cedbac2874840319818 d8b05365de4b760618328fdeef7672e8374978e4 4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/owl.carousel.min.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: application/javascript
last-modified: Thu, 14 Jul 2022 07:46:28 GMT
etag: W/"1d89755d3450f3c"
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
age: 3277
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y3EXO8m5MAXtTqwvMZNstLD2IZ2abYTvKjL2%2FJkROZj7Pr7368hCrSMjPEWegHlbhrMoeJEILjCYUBH5xX1SIRsE22QHFm4PgTbVas%2BzP1uyxE7QLSyHGl2nVm5H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ec118077130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html | 188.114.97.1 | | 0 B |
URL collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html IP188.114.97.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,e,sg,source,u
Referer: https://l24.im/
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:25 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,e,sg,source,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2Rb83Azeq%2FsXgwPt7H4PxzVYSJQu3DmleMol6ZGJRjAmpVqHth5OBzK%2FlUJlpcffSatmEBKdN8fxrzzjO0D20xKFFQyf4RSh1TgzuLkKeYic3igdJ8sRJiW4%2BjJM7JfFGnQR81J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ec8ac39b4fd-OSL
alt-svc: h3=":443"; ma=86400
|
|
| collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html | 188.114.97.1 | | 36 B |
URL collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html IP188.114.97.1:0
File typeASCII text, with no line terminators Hashcbeaee26d7f6bcdd965eb9740aa11149 b9b9909d836e2f9c8702984ed7b87545a312c658 864a463a9131a9e2e781232857a516689239c9d642a818a34a0f491dc2a0a82e
GET /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=404+Sayfas%C4%B1+-+Link+24&url=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
source: 0745484d-e935-41b7-aa35-08db89e90583
sg: 1b17db48-e6ed-4072-b8e1-c5894dd1fc60
u: null
e: PAGE_VIEW
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:25 GMT
content-type: text/plain; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-origin: https://l24.im
vary: Origin, Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZVn1FO3hrG1g8rHmeGVZyTy2wgWmVuLwRHOch8Ir8zNgYpKmEXLBdITpgqbOQCzUF%2FC2dKZAkLjVFfVCbnhnn6cgZSXkWT5RcWh4HgUQWfY6MxVv7htqK%2FgpeFxesSqBs8NleG%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ec94d5db4fd-OSL
alt-svc: h3=":443"; ma=86400
|
|
| app.l24.im/styles.2df49dd6389696495d00.css | 188.114.96.1 | | 413 kB |
URL app.l24.im/styles.2df49dd6389696495d00.css IP188.114.96.1:0
File typeASCII text, with very long lines (65536), with no line terminators Size413 kB (413172 bytes) Hashdba84f0276c594624d3d5c77fc978db5 a3fef693e646a2a62173cac3cdd123752496e821 4ca871830c95ec135ffd8dfbbe055590d500424b15b5b7225ef982962cc50d2b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /styles.2df49dd6389696495d00.css HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2677481
etag: W/"1d9c6e4b2f73be9"
last-modified: Fri, 04 Aug 2023 15:02:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUGDUYMYkI6G4bvcHJzQgenb1LcxZ%2BTgdSZuBAKRsOvQ73GBJOnWchnPCd0tMkoCTwtNH%2FZ1EXEY72eeGaRx6olMgffqianPvTxSqzJoDqwskjb%2Flke%2BmrYz49rq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ec11ffb7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js | 188.114.96.1 | | 157 kB |
URL app.l24.im/runtime-es2015.a915d801e419b0c43a7e.js IP188.114.96.1:0
File typeJavaScript source, ASCII text, with very long lines (2314), with no line terminators Size157 kB (156716 bytes) Hash700f9d3d990a2d2a1cdc1a1987e91447 6c661b53616087e92d40936119ba3b84d4fc6540 b2ca35427b769c3756cb28b82cf02d0d760089ced14cb633bb95b4991c18de9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /runtime-es2015.a915d801e419b0c43a7e.js HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1d9a5d024018d0a"
last-modified: Fri, 23 Jun 2023 12:42:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=345600
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UcEMusWkFJuwbPsUNW3v2J8Y3VA5jTru96Pq53cJowoS%2BLviOuQR44uL%2B%2FVFKuAiw0UPPhbddnK5IWSnSUeqQF4H3wkAaNzJF0YfutmhrYvq%2BJeJdgKnPxC%2BOMss"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ec128137130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| app.l24.im/assets/i18n/en.json | 188.114.96.1 | | 11 kB |
URL app.l24.im/assets/i18n/en.json IP188.114.96.1:0
Hash44c6bf5d8204cdd32beb1b9ce5d3c03b f6bbac6f477fff3a84c6a01bcfc795e9fa623789 9c85212731987f72f2dd4c2f9cf9325d8140217ae4c1a904c67147bf722ea2bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/i18n/en.json HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451461.60.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:25 GMT
content-type: application/json
last-modified: Thu, 22 Jun 2023 08:38:56 GMT
etag: W/"1d9a4e4fb50ece2"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HG3qZ8hjY5nnt%2F4R91cQoqyntNGIj8cs1JjweUZsS7upHxPxo%2B8OTI2y8AbMSd3ciPPB9SJF8zIAd8e68q7PI9q%2Bd9LFuJGhwkz68AtT5ntgzF%2FeMxOPyuFpQvv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ec72a2d7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451460942&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=page_view&tfd=6220 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451460942&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=page_view&tfd=6220 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451460942&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2Fl24.im%2FHome%2FMain%2F404.html&dt=404%20Sayfas%C4%B1%20-%20Link%2024&en=page_view&tfd=6220 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l24.im
DNT: 1
Connection: keep-alive
Referer: https://l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://l24.im
date: Thu, 18 Apr 2024 14:44:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 | 104.16.79.73 | 200 OK | 6.6 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP104.16.79.73:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typeJavaScript source, ASCII text, with very long lines (19261), with no line terminators Hash3be93fd15d2f7dee2fc0c8981c6fa5c6 8cd88c36fad3e96641dbc4d781f5ddbe5123312f 17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee
GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:23 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Mon, 15 Apr 2024 22:09:58 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87656ec128f1712e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| app.l24.im/cdn-cgi/rum? | 188.114.96.1 | | 0 B |
IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: app.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 430
Origin: https://app.l24.im
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/GetCurrentUser
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:28 GMT
access-control-allow-origin: https://app.l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87656ede58ed7130-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| 4u.l24.im/wp-content/uploads/2023/10/4ul24.png | 188.114.96.1 | 200 OK | 3.5 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/4ul24.png IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typePNG image data, 136 x 59, 8-bit/color RGBA, non-interlaced Hash48d8481b0b88e78303a11368cbb85229 ef57d3f839d6a1149949c4acc7450cedeebcb54e b0319acf4660a8ca09a7aec987f4ca51f9f87c44ea4cc704d533d5a5e645f533
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/4ul24.png HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/png
content-length: 3518
cache-control: public, max-age=604800
expires: Thu, 18 Apr 2024 10:45:02 GMT
last-modified: Wed, 04 Oct 2023 07:19:42 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nQ7HHuNd5TFssQsV4iK0R4RI8AGsI4BykNgKeJY%2FsIYUrYGzKEKrbPubmTrvHE8rMxcc7m1gjdPisSxseBe9%2FTY%2BNnDKB8HjGokbmYB4ECX5LPCC1tmKS%2BC4IPg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edea99a7130-OSL
|
|
| 4u.l24.im/wp-content/uploads/2023/10/arac-ruhsati-nedir-1-1.jpg | 188.114.96.1 | 200 OK | 91 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/arac-ruhsati-nedir-1-1.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 730x457, components 3 Hashb14f4430c03138f337c370fa026e209a 3cd1def61e83b3c812e42b9ea2c2fcce9dfb74cb 6c56b5fcae56793e27f4957d8c52a2e88c049c1c6d27930ceb4c696b5e19e15c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/arac-ruhsati-nedir-1-1.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 90992
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 21:14:58 GMT
last-modified: Tue, 24 Oct 2023 10:48:26 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FljF%2BBT83sisbjP1h1ixx2ydnNtyFz4TavAB6t1B%2FSMeBsZzL6VEkzuTOcuab%2BXmRgzeNiv1UMU9MZNc06KrHynA%2BX1xBV4ck3zs%2ByprTBLDHIAHJH5wnnoDNCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edeb9ac7130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2023/10/Motosiklet-Sigortasi-1.jpg | 188.114.96.1 | 200 OK | 81 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/Motosiklet-Sigortasi-1.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 738x461, components 3 Hash285d205e2f65dc09880d7239c211eeb1 54ff19f7e61522f967368d814b1eb88c46ca24df ce15c6039f6ab640b4f8a70d92d3aa34b839ac2c6b1c6b9b2a31366c436e576b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/Motosiklet-Sigortasi-1.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 81286
cache-control: public, max-age=604800
expires: Fri, 19 Apr 2024 12:39:51 GMT
last-modified: Mon, 16 Oct 2023 11:23:28 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 253313
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8DJzNKs7P3v8SuefTQZhn9%2Fv%2BCq64d%2FKDMwnu8Q8p8Cb2qDjoD89rrVNi0oy8ZjCdqS9htXvnHkYpcILurFnr67ogblOvNjE%2FSBhHip7p6or%2BPoQP0dSaCMiIIc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edec9c27130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2023/10/414-1-arac-kiralamak-icin-gerekli-belgeler-1.jpg | 188.114.96.1 | 200 OK | 73 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/414-1-arac-kiralamak-icin-gerekli-belgeler-1.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1050x600, components 3 Hash3dee46742a8c98b3224a321768ba6003 e95ee97403c1a19cf593f5905a251e003259db0f ac25d99a7aba5218ade0ac7d4c29f462645422857d4eb4f12c5414b9ebb39eac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/414-1-arac-kiralamak-icin-gerekli-belgeler-1.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 72642
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 08:57:39 GMT
last-modified: Mon, 30 Oct 2023 12:26:19 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 253314
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCzPQb%2BfIlWpVHnhPrErl1BH6bjwxx5rP9WKF7MBpo%2BXOt8F%2BKbSFNZE%2BkJOIKZT6JPsaY63abogRLJak7Va6gXRKfGd3U4hwL8lp8dWouLweg4OaFZlpz%2FG2JM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edeb9aa7130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2023/10/yurt-disindan-araba-getirme-1.jpg | 188.114.96.1 | 200 OK | 103 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/yurt-disindan-araba-getirme-1.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x900, components 3 Size103 kB (102579 bytes) Hash8212146f49556afc87ad02ece7fb4a8b ac4a768461e77bd6647eec6542f4fe748c7b4188 bc8887469029d375c87822dff782934d8f6018799046a20bd217cb93c02fea31
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/yurt-disindan-araba-getirme-1.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 102579
cache-control: public, max-age=604800
expires: Fri, 19 Apr 2024 10:07:52 GMT
last-modified: Fri, 20 Oct 2023 14:12:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 69597
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJ82UN7CqHte5gipTaZwbGsLSC7a%2BbO0OJLjtt9kZKuM27ikW92yOIWOXRtugMor6l%2Bqkw9CnVQ9UGISsI8OM3DKl3BbuQLmca5%2FMoyb%2BCjrKj%2F9TjLu%2Bxp1eqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edeb9bc7130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2023/10/ehliyer-1.jpg | 188.114.96.1 | 200 OK | 85 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/ehliyer-1.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x562, components 3 Hash9508ce68c8b2a4a95d1f6b701c04cf3b 5fc8f84252cb56c1e38a0fd696172713061264e2 28932cf9c3e01748522fa248c3ac7c6555432571ccb4f07f931ec16a74d61ef8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/ehliyer-1.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 85297
cache-control: public, max-age=604800
expires: Thu, 18 Apr 2024 15:05:30 GMT
last-modified: Wed, 11 Oct 2023 10:08:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 253313
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M3PCeUnKJNVxkgbl7vpVFiRnLEqhXovmhJzOxJ6KR2Qz6V6D9k3o9Qb5N5vLQlmtePVSFm12DWuKVJ%2FnW5l0j%2FhrJ6JQGQvOQSc26TUttYy9aycPq4SrgTJma%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edec9c37130-OSL
|
|
| 4u.l24.im/wp-content/uploads/2023/10/hgs-2.jpg | 188.114.96.1 | 200 OK | 91 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/hgs-2.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1385x717, components 3 Hash3433bcdb5afa23423fd0c8cdf114194f 59b240e79c1aac1427767aabc3e8dfc4760c6bbf 1c44f9dabf9a7cb2ec0dc66e892db9dbf116f372a963327bdb74bacd9b7c775a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/hgs-2.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 91417
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 11:18:39 GMT
last-modified: Wed, 11 Oct 2023 07:30:40 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lgyJn6lZKYqrXW8%2F1a0h5DbEOtdGrZEp7nQHXPhLWJQLoUx6VbS72ATbPC34HiAwYSZ92vP8jHI7OSUJHniUKtzez5iiYqK6pSIbpobd3pWmX1tEMWT17QmKQE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edec9c97130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J | 142.250.74.72 | 200 OK | 87 kB |
URL GET HTTP/3www.googletagmanager.com/gtm.js?id=GTM-MF73SG9J IP142.250.74.72:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3041) Hash71718d08dbacd40e9757106181f9bfe5 02e372c80def05e82798f87e56d0a6b85da815dd 76dc252148215f14c2b2a0a91f0854d2b020e837e2500a569f2d29ad3a4e0cff
GET /gtm.js?id=GTM-MF73SG9J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 14:44:28 GMT
expires: Thu, 18 Apr 2024 14:44:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86604
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 | 104.16.79.73 | 200 OK | 26 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP104.16.79.73:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typegzip compressed data, from Unix Hash33da9bc9a3d7a1f8d0eea5b48d54bc70 e5e9d8f8c85a9406713179ac3f9cdb158c4ce906 32fc078f99a519722e3bda396ef2b1e432c9c39d47fc9122162cd853888f6966
GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Mon, 15 Apr 2024 22:09:58 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87656edf2def712e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@200;300;400;500;600;700&family=Playfair+Display:wght@400;500;600;700;800;900&display=swap | 142.250.74.106 | 200 OK | 17 kB |
URL GET HTTP/3fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@200;300;400;500;600;700&family=Playfair+Display:wght@400;500;600;700;800;900&display=swap IP142.250.74.106:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hash778816889e35543ba58be209bd1682b0 d54b88429847f7507d1553f576b97660797cfa5e fb20abfc0047e53622d6cd46fa903f154b23fdab33b0101b2effd56aa045f807
GET /css2?family=IBM+Plex+Sans:wght@200;300;400;500;600;700&family=Playfair+Display:wght@400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 14:44:28 GMT
date: Thu, 18 Apr 2024 14:44:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ssp-service.admatic.com.tr/check | 172.67.73.96 | 204 No Content | 0 B |
URL OPTIONS HTTP/3ssp-service.admatic.com.tr/check IP172.67.73.96:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectssp-service.admatic.com.tr FingerprintF5:F5:FA:6E:3F:8D:6C:89:82:A7:49:3C:1C:96:94:06:8B:80:07:C9 ValidityMon, 18 Mar 2024 07:06:56 GMT - Sun, 16 Jun 2024 07:06:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /check HTTP/1.1
Host: ssp-service.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://4u.l24.im/
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:28 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
working-on: admatic-k8s
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=prgL2B%2FE022a8lABkulrY718ZGhVa4FvVi%2FWlrziB%2BXpEqnb3or%2BFGpmFoqO2mCHTj55cX15vkkVvJV%2FISORI5vtAdZLhND6i2cAamjbYdqgpR%2FlkvIqDc2OVbVFdyhnppdQHgZMjzEX78jy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656edfddf07127-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c | 142.250.74.72 | 200 OK | 100 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c IP142.250.74.72:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size100 kB (100065 bytes) Hash06becf12b2a22057ea478b08833c6744 0d2fa41e224ffa5c4a8bd5c481399f4d10ca9bb9 9295ea3f8192e6f7ebb33cc113add0a7f8f1735534e0a6a856222590c9d07e99
GET /gtag/js?id=G-7N67D0CRJL&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 14:44:28 GMT
expires: Thu, 18 Apr 2024 14:44:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100065
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.serve.admatic.com.tr/showad/showad.js | 104.26.4.92 | 200 OK | 18 kB |
URL GET HTTP/3cdn.serve.admatic.com.tr/showad/showad.js IP104.26.4.92:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectcdn.serve.admatic.com.tr FingerprintA1:FC:42:5D:E6:3A:2F:85:AF:0D:01:19:4E:83:DE:40:9F:18:E2:A6 ValiditySat, 30 Mar 2024 20:44:19 GMT - Fri, 28 Jun 2024 20:44:18 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash13d519b35b83871a5a69f445acf527f7 be44982d8113569b49aeba35d9ce340841e273aa bf77cf0ca47e8538faba0fb6ee028bbd3cbfc8bbf0bfb50891180b694f6d8466
GET /showad/showad.js HTTP/1.1
Host: cdn.serve.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
cdn-pullzone: 1905149
cdn-uid: e7d0f040-08f3-443e-a640-656beb6c8b3b
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=3600
etag: W/"661e9321-11349"
last-modified: Tue, 16 Apr 2024 15:02:57 GMT
cdn-storageserver: DE-664
cdn-fileserver: 658
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/16/2024 15:03:15
cdn-edgestorageid: 1048
cdn-status: 200
cdn-requestid: 6b683e49469b2f630bd81dcd0170d3db
cdn-cache: HIT
cf-cache-status: HIT
age: 948
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tm%2FQJOHQRJ0yMHDwrr2rpvZJ1YcYF%2BchVkI98KMMUbMm6spYOhN5IhJ0HTPuK1MpZrT4PKNA1WHhGXV%2FZfmbSFaBCM1n6MmEhCfoafpy6ViN3nSuvuXYaj9IzMXpvTSHMtZIx8HDiwMLTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656edfe935b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/03/trafik-cezasi-2-262x145.jpg | 188.114.96.1 | 200 OK | 9.9 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/03/trafik-cezasi-2-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hashfb5a854b7becbd63df93ac1768422007 1fa0bcaf8b058ddabe5866c509f7b8dd4a0b14a6 cde318cab11fb6a9d537333ed068a9345197ffeebda735bfda834aafa5016056
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/03/trafik-cezasi-2-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 9881
cache-control: public, max-age=604800
expires: Mon, 22 Apr 2024 12:40:30 GMT
last-modified: Mon, 04 Mar 2024 12:04:47 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 192667
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmrgE6v3%2BcQRiPexowM5BO4CC2rtIeyafm0pVX2Yb4q4E%2BCmuM3tX26yld7uhO1kTKoT4DZ%2FXKiYQOuelxSjSW%2FJRic0fwlfhmeLu7DUeBlhsaRViGdUCkHtSm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10de97130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.serve.admatic.com.tr/showad/showad.js | 104.26.4.92 | 200 OK | 26 kB |
URL GET HTTP/3cdn.serve.admatic.com.tr/showad/showad.js IP104.26.4.92:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectcdn.serve.admatic.com.tr FingerprintA1:FC:42:5D:E6:3A:2F:85:AF:0D:01:19:4E:83:DE:40:9F:18:E2:A6 ValiditySat, 30 Mar 2024 20:44:19 GMT - Fri, 28 Jun 2024 20:44:18 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash13d519b35b83871a5a69f445acf527f7 be44982d8113569b49aeba35d9ce340841e273aa bf77cf0ca47e8538faba0fb6ee028bbd3cbfc8bbf0bfb50891180b694f6d8466
GET /showad/showad.js HTTP/1.1
Host: cdn.serve.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
cdn-pullzone: 1905149
cdn-uid: e7d0f040-08f3-443e-a640-656beb6c8b3b
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=3600
etag: W/"661e9321-11349"
last-modified: Tue, 16 Apr 2024 15:02:57 GMT
cdn-storageserver: DE-664
cdn-fileserver: 658
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/16/2024 15:03:15
cdn-edgestorageid: 1048
cdn-status: 200
cdn-requestid: 6b683e49469b2f630bd81dcd0170d3db
cdn-cache: HIT
cf-cache-status: HIT
age: 948
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2B%2B6Tnr%2BJM8%2Bd56v0qTfb%2BMX2w6xfzX2o3xr9Yc9y68IKnJMSj%2Fzu9I6wbvqYOazsk6pYWo4BhpKTNxGqYjaL8%2BvA79m3FTnu0HML02nhQVbJEv7D%2FjYRRAdU2NnVq5jbtrBbLPa3lV3WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee05a0ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/02/stepne-262x145.jpg | 188.114.96.1 | 200 OK | 8.7 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/stepne-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hashcedb3c1abe98ef9bf374825a2a377d09 267a5937d5546459611e4fec13f6210cfbd40bcf 8829c3470ff6bf37984e6f143c8b624a21edf3d63055ba45ec00fcb9119840bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/stepne-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 8653
cache-control: public, max-age=604800
expires: Wed, 17 Apr 2024 08:11:01 GMT
last-modified: Mon, 26 Feb 2024 13:08:30 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 192667
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYWPtpFGdYP4Vkcn8GcHE6Mn2OkQPkycill0aRMkxuZ4WtJAfBcR1%2BKtsh59IHVd6mM0CMtGDHapkV8XZDfXRLkvhWLPR7QUEfnWlW9Sg3w73rylWbCMhOYZzPs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10ded7130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/02/Engelli-arac-1-262x145.jpg | 188.114.96.1 | 200 OK | 12 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/Engelli-arac-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash58892d70527c05704e68f92ce376add6 43206c93f76e0f2f8b4a2fcb83da420a34dc9f7a cbd7dcc18f00ef620c42a02b3fdf43459d23572fcef58a2f43ecfdd559f736d4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/Engelli-arac-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 12101
cache-control: public, max-age=604800
expires: Thu, 18 Apr 2024 10:45:04 GMT
last-modified: Thu, 29 Feb 2024 08:16:30 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 192667
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHL2Th%2FBs0WvrTwDqdffQpvKRqIvvG2hyAfakNQeVDXDZybkX9fNYGwv3sIC2hskYp9cV6da7P7c7Da1JP%2FGqPyFwKWoitMWB0YFGyh7%2FzdPiAGq%2Bms%2FSI8v8%2Fg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10dec7130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/themes/l24v2/l24/assets/script/core.js?ver=1713451467 | 188.114.96.1 | 200 OK | 28 kB |
URL GET HTTP/34u.l24.im/wp-content/themes/l24v2/l24/assets/script/core.js?ver=1713451467 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJavaScript source, ASCII text, with very long lines (59649), with CRLF line terminators Hash31d284a72d208bd384d198b120310d02 5032aeafc791685b84f0ebc6b79bc39009f1ed16 8ce0d7bc873eabd04cdbf344e8b6389fc9bb0fa3c8d98bac7aab598737f55913
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/l24v2/l24/assets/script/core.js?ver=1713451467 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 14:44:27 GMT
last-modified: Mon, 18 Sep 2023 14:09:54 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2FaJnH%2Bx1S3jGQOcqijSf0ZJ0lZ%2FtRgs2Er4cKX0n12JnKqnhgpi45w4RawZca3dW7hzWRgO3P7g%2Btu0zyLBXOBBxlgMn7XZPPd554f3sPeFFkQi6ojCuQeb7yQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edf4ab17130-OSL
content-encoding: br
|
|
| fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2 | 216.58.207.227 | 200 OK | 20 kB |
URL GET HTTP/3fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2 IP216.58.207.227:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 20316, version 1.0 Hashbce058a328ad456f163f650233154951 d997ba5ecfd9b19fe5384c5bd97f34c4c1577aa0 849b78a43f2bcd65db0f10b8475ae8cbe44e63100f09e5a6d764edc56551dc90
GET /s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:28:49 GMT
expires: Fri, 11 Apr 2025 17:28:49 GMT
cache-control: public, max-age=31536000
age: 594939
last-modified: Wed, 31 Jan 2024 23:12:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 | 216.58.207.227 | 200 OK | 38 kB |
URL GET HTTP/3fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 IP216.58.207.227:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 38372, version 1.0 Hash16ecec131289ca4925d35c0515b28d9f e2cbe7ec2bb494226ea423c7a7353b0e18b304c2 cb8cac32d5cef83e7674916378c2f47bdbba7e6e6bd936f8026a58ac4e71fa53
GET /s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 38372
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:47:26 GMT
expires: Fri, 18 Apr 2025 02:47:26 GMT
cache-control: public, max-age=31536000
age: 43022
last-modified: Wed, 31 Jan 2024 23:15:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 4u.l24.im/wp-content/uploads/2024/02/rotbalans-262x145.jpg | 188.114.96.1 | 200 OK | 9.5 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/rotbalans-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 262x145, components 3 Hash321720f50c3508c7bdc618e59a3822ca 4bb5f1fb881fe4832a16d7597e1fd93a1c093575 873979a82d95fbe1a0c9763088dc4461c2ac8c49170ab92104c2924bf07ce170
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/rotbalans-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 9454
cache-control: public, max-age=604800
expires: Mon, 15 Apr 2024 13:26:03 GMT
last-modified: Mon, 19 Feb 2024 12:28:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 384137
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cp84VfbW80OM7d%2BzApGqaDZtsHRai6i8%2BapHzRkA1ZeGXLUsuJ%2BHC2t%2F%2BCZ3%2FvX%2FxESDqJ%2BCT67l5cErej6FLCdO%2FcmoUddgSz8C9zFFbic3EJAhXJWLNDpgrKE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10df17130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/01/Ozel-plaka-1-262x145.jpg | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/01/Ozel-plaka-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash7de37a8ba9df0e5aa247945f07e1483b 081c187120c2f3c2b3b8873a815d500955a2dcfb 01cd047736905de5a8ee0f247d456b207300f4f501629816aa0076b712a62665
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/01/Ozel-plaka-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 11219
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 08:33:01 GMT
last-modified: Tue, 30 Jan 2024 07:54:51 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g1l%2BD%2FLn7%2FBNuyrM5%2BgDfDGHBtwb8PHvloBF0BYk4bPrLkHPs0wfvArQNK1PCs5BX9N1WQXdwtv0g7kLcwrFN%2BwCnzRYCNrRj%2BoL6niXL6PCtaDDndXevWROXHU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10df97130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap | 142.250.74.106 | | 12 kB |
URL fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap IP142.250.74.106:0
File typegzip compressed data, max compression Hashe152d3e714a55ce9b4ee7157352ebdb7 ba0496ed2ff658624c809d53f4e4b33237701e9b cd4dd7307147858abe5d086799b8a3784d3b86376f8a2680cc3ba213f3a99eb8
GET /css2?family=IBM+Plex+Sans:wght@300;400;500;600;700&family=Playfair+Display&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 14:44:24 GMT
date: Thu, 18 Apr 2024 14:44:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 4u.l24.im/wp-content/themes/l24v2/l24/assets/script/script.js?ver=1713451467 | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/34u.l24.im/wp-content/themes/l24v2/l24/assets/script/script.js?ver=1713451467 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeASCII text, with CRLF line terminators Hasha9f5aa90f2777413594fc2bb85cf498c a4ff4f6416972d83862640aec70d076c94c72e50 91b6e57e3e1b00be0ee07405ff7a8db63aff1c6df520593a6e64eb1705cc0b0a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/l24v2/l24/assets/script/script.js?ver=1713451467 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 14:44:27 GMT
last-modified: Wed, 01 Nov 2023 09:35:50 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXIAbk1PEkxfH4%2BBQ0P9Kgm3erYaURBu6AI52De5kGKhrBF%2BGno5l9gmrDRUirpgtvoq2B0020VMM1DfedOraE8bxH77MH2QZqudePV3g%2BtsOy%2B7kzOGTiHKmRs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edf4ab67130-OSL
content-encoding: br
|
|
| 4u.l24.im/wp-content/uploads/2024/02/EPC-Isigi-1-262x145.jpg | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/EPC-Isigi-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash9270b89e1b6d0efed8f7126c36a005b9 7977227c557cad9e50eed5d566c85186766f91d6 2cc4c79ae43a106ce7069847a7a553cbee41c090d8ef0c51eb6de7b2263002a0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/EPC-Isigi-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 7452
cache-control: public, max-age=604800
expires: Wed, 17 Apr 2024 15:43:40 GMT
last-modified: Wed, 14 Feb 2024 14:35:04 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 192667
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMKdVi5wLF22q6QyjBMqS2MrR2onoqwJkgLASNrv4RzUD7XmzqvcDTxs9KdUziTT8Hy2SNUKGXZIMknQYDI9246XoN5cmJQM9b9KqmpOqAxuNru0RvpNo1JKneQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10df37130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 | 216.58.207.227 | 200 OK | 38 kB |
URL GET HTTP/3fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 IP216.58.207.227:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 38372, version 1.0 Hash16ecec131289ca4925d35c0515b28d9f e2cbe7ec2bb494226ea423c7a7353b0e18b304c2 cb8cac32d5cef83e7674916378c2f47bdbba7e6e6bd936f8026a58ac4e71fa53
GET /s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 38372
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:47:26 GMT
expires: Fri, 18 Apr 2025 02:47:26 GMT
cache-control: public, max-age=31536000
age: 43023
last-modified: Wed, 31 Jan 2024 23:15:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ssp-service.admatic.com.tr/check | 172.67.73.96 | 204 No Content | 30 kB |
URL OPTIONS HTTP/3ssp-service.admatic.com.tr/check IP172.67.73.96:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectssp-service.admatic.com.tr FingerprintF5:F5:FA:6E:3F:8D:6C:89:82:A7:49:3C:1C:96:94:06:8B:80:07:C9 ValidityMon, 18 Mar 2024 07:06:56 GMT - Sun, 16 Jun 2024 07:06:55 GMT
Hash11a2699c40ae01f41dd463987fc2b409 8feea10ca5156840f859e6bed0afd637ac2a8a48 fda914dd9e1c6a53248e7584955ee48bc2cd2e133b3689ef9e347b895d9b8a61
POST /check HTTP/1.1
Host: ssp-service.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4u.l24.im/
content-type: application/json
Content-Length: 452
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-powered-by: AdMatic
etag: W/"23002-j+6hDKUVaED4Wea+0K/WN6wqikg"
vary: Accept-Encoding
working-on: admatic-k8s
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NW30mXLSvjqIv5UNa7BkWr0t3eJJ3jjiiw8APn5r7nAEAzg6CMS3coekz7Fxi2lM5yHJ3LJBOITYTTT5BInBSu8MURTCUZoDFxv4i1Oph8nYhrB3Y6X1WC6tZHjm4WM3trYPNj4s5MC79PLP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee11fbb7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/themes/l24v2/l24/assets/script/swiper.js?ver=1713451467 | 188.114.96.1 | 200 OK | 40 kB |
URL GET HTTP/34u.l24.im/wp-content/themes/l24v2/l24/assets/script/swiper.js?ver=1713451467 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash970ab70d69f2e5fe175ed7aa1d8a8a97 3a83bffd4e7c6ecca13319ed319c2578291f392c d4793dd49bc34e0dcf2f3db3af2feda8d5a77208abccbd9343c2f131466663e7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/l24v2/l24/assets/script/swiper.js?ver=1713451467 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 14:44:27 GMT
last-modified: Fri, 22 Sep 2023 07:49:12 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WegPJZNEPEdb2aOYkJt6mpCOUDwdYYRip%2BPQQldMOgN3V4Hj10ee5PPucv%2BNZRAML%2FaZ%2B7G3nUTLKQHOK0z83nO0ULljXDDCK4%2BXGXOKFffZCVhBu4iCG04PbiA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edf4ab47130-OSL
content-encoding: br
|
|
| 4u.l24.im/wp-content/uploads/2023/10/cropped-l24-logo-32x32.png | 188.114.96.1 | 200 OK | 1.3 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/cropped-l24-logo-32x32.png IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashe2cb534e787c3658e28d4be332e14cba 97e08e22ed7b7ef543eb5951275139c27be32827 7502bbbd2a1b15dd54ea863f7ea78780055ac89a68e86c685c9ae5e7f3da6226
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/cropped-l24-logo-32x32.png HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451469.52.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: image/png
content-length: 1288
cache-control: public, max-age=604800
expires: Thu, 18 Apr 2024 11:35:27 GMT
last-modified: Wed, 04 Oct 2023 07:22:43 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZPSOpe7jo94RZ2GMXStI3skXuTJCxVC%2B5S9J%2FPMq1cJFdpM0OJaAcmBEKFJwiDR2%2FctEhDTaSO5BJGRomjA30UsTo5mSxOUugAvytYszeFpjGiyooBzA0PLFp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee24fc97130-OSL
|
|
| 4u.l24.im/wp-content/uploads/2023/10/cropped-l24-logo-192x192.png | 188.114.96.1 | 200 OK | 12 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2023/10/cropped-l24-logo-192x192.png IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hashf7d0bf7497e8660776ab681b49a56390 eefd2483bd10b38c6789cc4f5801be4401502b74 d5784f639c8a675dfb8be9d86641c42c83c4e3bab420d4575100c0f57c5afa1b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2023/10/cropped-l24-logo-192x192.png HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451469.52.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: image/png
content-length: 11673
cache-control: public, max-age=604800
expires: Fri, 19 Apr 2024 02:32:53 GMT
last-modified: Wed, 04 Oct 2023 07:22:43 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5EYK%2FFL4k%2F21KcAMC8GTJdNPCbEl5unNLR5Zx9cDJZ9k7GOHUNvTLKTaQcZo1tu9ZeRN00jYEqWUtbjpCGiM5766DUoHOJlQaTdwbrHyY2jTeejC58%2B6l%2FqZV00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee24fc67130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/cdn-cgi/rum? | 188.114.96.1 | 204 No Content | 0 B |
IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1095
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451469.52.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:29 GMT
access-control-allow-origin: https://4u.l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87656ee278207130-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| cdn.segmage.dev/segmage.min.js | 188.114.97.1 | 200 OK | 23 kB |
URL GET HTTP/3cdn.segmage.dev/segmage.min.js IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash7be0e3ff82027518c342e362e8609c5a e00524c6f06ed4d30ebed607f347bd0cfc72c479 f60b0e6d0bd6c5d921ed03561848edfee90d78c751a068ab639e57cf951e78d5
GET /segmage.min.js HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: text/javascript
etag: W/"1da867e9a173cf3"
last-modified: Thu, 04 Apr 2024 10:55:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNkjd0x6g9SS8n8yqGVbVX8BJiQPT%2BisTgBUA2Zjh%2FBFPvDzfcy73jR2jvD6wLw3W6vjlOEj4M3v0OTbsOCwe9bnYBv6QhbUVZ0OrND5redF9RIsvX%2B2cD7U%2BxdVKFXIQA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87656ee26f1fb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.serve.admatic.com.tr/showad/showad.js | 104.26.4.92 | 200 OK | 18 kB |
URL GET HTTP/3cdn.serve.admatic.com.tr/showad/showad.js IP104.26.4.92:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerLet's Encrypt Subjectcdn.serve.admatic.com.tr FingerprintA1:FC:42:5D:E6:3A:2F:85:AF:0D:01:19:4E:83:DE:40:9F:18:E2:A6 ValiditySat, 30 Mar 2024 20:44:19 GMT - Fri, 28 Jun 2024 20:44:18 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash13d519b35b83871a5a69f445acf527f7 be44982d8113569b49aeba35d9ce340841e273aa bf77cf0ca47e8538faba0fb6ee028bbd3cbfc8bbf0bfb50891180b694f6d8466
GET /showad/showad.js HTTP/1.1
Host: cdn.serve.admatic.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
cdn-pullzone: 1905149
cdn-uid: e7d0f040-08f3-443e-a640-656beb6c8b3b
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=3600
etag: W/"661e9321-11349"
last-modified: Tue, 16 Apr 2024 15:02:57 GMT
cdn-storageserver: DE-664
cdn-fileserver: 658
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/16/2024 15:03:15
cdn-edgestorageid: 1048
cdn-status: 200
cdn-requestid: 6b683e49469b2f630bd81dcd0170d3db
cdn-cache: HIT
cf-cache-status: HIT
age: 948
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gw%2Bbq83i97qHqDMs%2BeTTvh1RV8V8SfNPEuUNkNsvacjkVZjNR7nEyp8orfWvb4AAB9pPpBYFSGHypyRsFAeb38wsXDaLw%2B%2BJPhIJC9%2BxU4TdSqDwhWyLefCQOuntNLgphtQOOiKm53P0FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee10b62b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.segmage.dev/template.html | 188.114.97.1 | 200 OK | 9.3 kB |
URL GET HTTP/3cdn.segmage.dev/template.html IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeHTML document, ASCII text Hash81727346cbe5d580c7bd4b64ca3bbd0f 7bf5bfa802ee5d2d94ab8889f525018ec4392a12 da685f9f6a3eb673d577be18066a003000d56335c4629fddd29e40e6a87a6b1e
GET /template.html HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4u.l24.im/
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-origin: https://4u.l24.im
last-modified: Thu, 04 Apr 2024 10:55:30 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kMscX%2FT%2F7e3X5pOs8231g26iC6QYuSuS53O865sbUwdZjtXe9frHNth8ce1BdAOh7wK6tUkNrJlnl1lOyVCeouIQMqnoi9IrHBrOEmP5cfWz3Ghe5ATkenbXq5EG6UjNITs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee2ba34b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451468555&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404&dt=Otomotiv%20Haberleri%20%E2%80%93%204u&en=page_view&tfd=6004 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451468555&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404&dt=Otomotiv%20Haberleri%20%E2%80%93%204u&en=page_view&tfd=6004 IP216.239.32.36:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7N67D0CRJL>m=45je44f0v876472101z89137687946za200&_p=1713451468555&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1441489458.1713451461&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713451461&sct=1&seg=1&dl=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404&dt=Otomotiv%20Haberleri%20%E2%80%93%204u&en=page_view&tfd=6004 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://4u.l24.im
date: Thu, 18 Apr 2024 14:44:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 4u.l24.im/cdn-cgi/rum? | 188.114.96.1 | 204 No Content | 0 B |
IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 484
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:46 GMT
access-control-allow-origin: https://4u.l24.im
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87656f4f3bb67130-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 | 188.114.97.1 | 204 No Content | 0 B |
URL OPTIONS HTTP/3collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,e,sg,source,u
Referer: https://4u.l24.im/
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 14:44:29 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,e,sg,source,u
access-control-allow-methods: POST,GET
access-control-allow-origin: https://4u.l24.im
access-control-max-age: 604800
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6eE4DOCJd8Y1MeUR%2FAol6jhasZ6HBOV5bJcf11H9Y2a%2FRm70S%2F33rzTawynPnf7aNt9jnQr0ZEvvuvCbXnDK%2BZz2SmyGfD6M7XgY7k7i3IQwynS0QRXl1a1I55rbdBXhKsBow%2Bc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee4bb33b4fd-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/03/triger-kayisi-1-262x145.jpg | 188.114.96.1 | 200 OK | 14 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/03/triger-kayisi-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash462fa3ed09c1d393de764ec3c2865566 f28a58ac39f0292c8039ff63099e3056ecae43cf a6217966aa9c3d4a3b205043143accfbe11df8b37940a3a3f3e899a85b15c214
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/03/triger-kayisi-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 14443
cache-control: public, max-age=604800
expires: Wed, 17 Apr 2024 13:17:31 GMT
last-modified: Wed, 20 Mar 2024 13:01:40 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 192667
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tcK7eYVuxn4YmF6KWH2Teu2mhYQNdjCJDJ17%2FrOn4u5nUdNpeOUpo3PMG%2BoaD4RpHv51Am0JEzRu2tHo3%2Bd54LTHKpzipu8Z6VQxJkE1YMwps0%2B%2Fu1IbdZx8TrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10de47130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.segmage.dev/segmage.min.css | 188.114.97.1 | 200 OK | 7.9 kB |
URL GET HTTP/3cdn.segmage.dev/segmage.min.css IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeASCII text, with very long lines (7910), with no line terminators Hash6d1abfc8fa0ad40a3cb1d22147e6135e 8a4e225f31539953ec67488c9038a8bf1d1c8d4f 1d35e409281d2ada3ca5fd915d447340a9e87e19c1c6f69091204b1e4ed8cf2e
GET /segmage.min.css HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: text/css
etag: W/"1da867e9bdfe3e6"
last-modified: Thu, 04 Apr 2024 10:55:30 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mAouHgx0EzQU1n%2B7EFWoSoyPwO6xxwooKxbceel33CMmPq%2FTYOPRQi%2Fl7DCLAdzh7J9sdXnjKEqDw59t%2BTcVHWvmEA12ONJt1usMV50Bk1rqr9WjWnuKj6xQagS92pJ4y50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87656ee3992bb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 | 188.114.96.1 | 200 OK | 113 kB |
URL GET HTTP/34u.l24.im/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
Size113 kB (113381 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Wed, 17 Apr 2024 18:19:26 GMT
last-modified: Tue, 02 Apr 2024 18:42:46 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=terwJR3eS7QtGqzuxsjGPWzQu03o5QAZUCF905%2B5f30aLr6zoXu27f2n6QAFnPVtjBqRWCFFnySNYERmU9vzkiGfEDLkLPAEVm3kNpPEMpU9l6dA0Z%2BVArb%2FdBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ede997f7130-OSL
content-encoding: br
|
|
| 4u.l24.im/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 | 188.114.96.1 | 200 OK | 19 kB |
URL GET HTTP/34u.l24.im/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJavaScript source, ASCII text, with very long lines (15752) Hashb976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451469.52.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 22 Apr 2024 00:18:14 GMT
last-modified: Tue, 02 Apr 2024 18:42:48 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 140970
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P4b3zAvpoo4gbJ7DLP2rtsiSRq8X17db02WzzNv9Pvd5kCIDlipCSYLqZy2HNtyXXNWoaKa6DZ230K179ENk7b1nPBGRvjq86wNDstSBQ%2BUMaeNC%2FrBdlasL8es%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee22f8f7130-OSL
content-encoding: br
|
|
| 4u.l24.im/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 | 188.114.96.1 | 200 OK | 88 kB |
URL GET HTTP/34u.l24.im/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 11:18:38 GMT
last-modified: Wed, 08 Nov 2023 00:29:08 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atgjA7rYhOag6WPgJf7MztVykTxFH7zZAI%2FuKRfnIN6Y20n0M3NrF%2FrPYyG0rLKv9tXIFiNWKivXNtBDLnQ2x3wjGm8ALjRSVQwADAsnH5XCQX4KHMyqLzpOfNg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edea9957130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/03/lastik-basinci-1-1-262x145.jpg | 188.114.96.1 | 200 OK | 8.4 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/03/lastik-basinci-1-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash137a3f04292f8492125a737a8f324510 91959beef5be4d43f85f8f82f549cce9058c5aa3 0b44076e95da514ef22b513c27889715e850dec6546eddf62a4e5e2dfe8a761c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/03/lastik-basinci-1-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 8384
cache-control: public, max-age=604800
expires: Wed, 17 Apr 2024 12:15:09 GMT
last-modified: Wed, 13 Mar 2024 11:40:15 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYg7uv0vYXLPpq4cu5OW7BPzMlARD1tpfOQD%2FhKBkW5RA0Kr1pAS0kzsq%2FUaLwdadD4BVkR5IsPARF7Y7d2pG30RVEEg51Xolb1pq7887eLn2DRq3dAjODFmNmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10de77130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/otomotiv?utm_source=l24&utm_medium=404&utm_campaign=404 | 188.114.96.1 | 301 Moved Permanently | 48 kB |
URL User Request GET HTTP/34u.l24.im/otomotiv?utm_source=l24&utm_medium=404&utm_campaign=404 IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /otomotiv?utm_source=l24&utm_medium=404&utm_campaign=404 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 301 Moved Permanently
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/html; charset=UTF-8
location: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
x-powered-by: PHP/7.4.33
x-redirect-by: WordPress
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=1,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdAfHGjiecsze9Rx6UB04neXzgptourxODrvcy9Qwu7EgtEK4fIn6VwSH4X5MKiwMjJnPeqV6hid5BppTAfRHRfwB%2FbwBJN2QF7RTArfebtCf5uOcPhDMTTz6%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edb6c0e7130-OSL
|
|
| cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json | 188.114.97.1 | 200 OK | 13 kB |
URL GET HTTP/3cdn.segmage.dev/json/0745484d-e935-41b7-aa35-08db89e90583.json IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /json/0745484d-e935-41b7-aa35-08db89e90583.json HTTP/1.1
Host: cdn.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4u.l24.im/
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://4u.l24.im
etag: W/"1da7f08bc82849f"
last-modified: Mon, 25 Mar 2024 23:04:06 GMT
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8PJSShdaKUqjWV69j1%2F9u7XrLtAO6lix18CkbEhwHp6LJthDtrNBfCswHZBHad5rTF6VkpuVfPdg3X9%2Bc1ylOAL%2Bp4v2ayggef0asmBCnmOxFBNNjzk%2BBWZeyWy9qGrclew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee3dc6cb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/uploads/2024/02/Arac-Degerleme-1-262x145.jpg | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/Arac-Degerleme-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash20a59e4ae04036099ab4b1312cb03fd1 24f6aed3fe8ccdc6c24f235d74ef4abe15b54b5f 484a63300a863c2c886bdbcac13a7fc009c2a1213e85db7cd48222739ddd1244
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/Arac-Degerleme-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 11149
cache-control: public, max-age=604800
expires: Tue, 16 Apr 2024 13:45:11 GMT
last-modified: Tue, 06 Feb 2024 13:02:21 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 542709
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Lo%2FkWE67JjKFk5g4VGG%2Bs499I2zPFPv5gnGUiBZ82g1Aj0qbg5uGdQ17UYVSAQ6RXRxCj%2FlVSjoILCUVNr05ruTR%2FfauuzMvb1j3IpfSdeXIo5j5PSHLyoGQqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10df77130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/themes/l24v2/l24/assets/styles/swiper.css?ver=1713451467 | 188.114.96.1 | 200 OK | 18 kB |
URL GET HTTP/34u.l24.im/wp-content/themes/l24v2/l24/assets/styles/swiper.css?ver=1713451467 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeASCII text, with very long lines (18193), with no line terminators Hash70503dee4219bf5434b616a3c82e37fe 49c349111e62d630a7320de00175b63c87efd30c 4f454e47a21270576b0a948b1526c7e236f7f7e364e359b5bd3d7f3a7d7b52ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/l24v2/l24/assets/styles/swiper.css?ver=1713451467 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 14:44:27 GMT
last-modified: Fri, 22 Sep 2023 18:04:26 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmnoberarDvzypfQ9I0t8LyPVASKT9AyGAOvMvD6a26oLJxYQniShgLu51NEgU8uuUtlZr0sQ9aQoeoVlJVMpx3JG6GW1mrRKMINZ%2FRzORAxHl%2BUls4hMb2AoqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edea9917130-OSL
content-encoding: br
|
|
| fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2 | 216.58.207.227 | 200 OK | 19 kB |
URL GET HTTP/3fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2 IP216.58.207.227:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 19440, version 1.0 Hashf9b6356e32a9b93ae0f1c23aa537f2a1 0cc73519d7b7fb4e4268727490205df48bd570f6 fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678
GET /s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19440
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 17:46:22 GMT
expires: Tue, 15 Apr 2025 17:46:22 GMT
cache-control: public, max-age=31536000
age: 248286
last-modified: Tue, 02 May 2023 16:08:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 | 188.114.97.1 | 200 OK | 36 B |
URL GET HTTP/3collect.segmage.dev/js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 IP188.114.97.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectsegmage.dev Fingerprint6C:3B:84:6E:76:05:F9:D3:09:F6:6C:5E:83:77:A0:92:03:30:BB:BC ValiditySun, 14 Apr 2024 03:40:30 GMT - Sat, 13 Jul 2024 03:40:29 GMT
File typeASCII text, with no line terminators Hash494f39021f367f02d86ff708665e955d 7e87dee90f3975860a64965fcc32d5abe4f1cb71 df913410459706b703c4eb38305cd7de58be2d6b8b6b6094cdcd053c2ab54534
GET /js/10d3aa95-1198-4243-85f5-08db896bd4f1?title=Otomotiv+Haberleri+%E2%80%93+4u&url=https%3A%2F%2F4u.l24.im%2Fotomotiv%2F%3Futm_source%3Dl24%26utm_medium%3D404%26utm_campaign%3D404 HTTP/1.1
Host: collect.segmage.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
source: 0745484d-e935-41b7-aa35-08db89e90583
sg: 1b17db48-e6ed-4072-b8e1-c5894dd1fc60
u: null
e: PAGE_VIEW
Origin: https://4u.l24.im
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:29 GMT
content-type: text/plain; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-origin: https://4u.l24.im
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7it0iNm1gO%2FFlJiWgWG53nGHsxWw8%2BTbICe%2FdeBBuQZHe5Um1gMYu%2FEfIuTP6ytFm4EvwszUGp14JmTGZMQY%2FCGPB8koQL2V%2BFkk9ik2Qi%2BZwuVWzhyBneXXltlcMiXtC4EyKYF7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87656ee54c63b4fd-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 4u.l24.im/wp-content/themes/l24v2/l24/assets/styles/main.css?ver=1713451467 | 188.114.96.1 | 200 OK | 44 kB |
URL GET HTTP/34u.l24.im/wp-content/themes/l24v2/l24/assets/styles/main.css?ver=1713451467 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeASCII text, with very long lines (44010) Hash83be34a86a650df3f21d19ac1e2f6a6c 2cb7538216d2bb6621df702d2415492aaad5dbc6 662bc9754f9131cc0a073e13d6e4ff5ed7784cf3c131b2a13233f0adcce75e2d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/themes/l24v2/l24/assets/styles/main.css?ver=1713451467 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 14:44:27 GMT
last-modified: Thu, 16 Nov 2023 06:23:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZNkModxv%2FP99lEXpqqr6f7SkE9oXZmU8PqQlcMVmzpZVYPwmxW6qbEPcOxg9K6%2F8R%2FjDxGq0mWg%2BB97Bce63uo8m6ZyYNPrlelhbSOcmmR8ve5r7o4bP51BeVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ede99867130-OSL
content-encoding: br
|
|
| 4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 | 188.114.96.1 | 200 OK | 48 kB |
URL User Request GET HTTP/34u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
link: <https://4u.l24.im/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=1,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MzE4ar%2FpR2GSnnQtgGRCQBKJjulzEOeS1hTklpP%2BTo9vbh2iUeqo3hFQr2gMgbapr33q5rK5tqR5pBGzOL9mn2eV2FpUMM%2FQVL2iR0pYZo6K1kuPe9N9nhcGjZM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edd4eb57130-OSL
content-encoding: br
|
|
| 4u.l24.im/wp-content/uploads/2024/02/Sifir-Arac-1-262x145.jpg | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/34u.l24.im/wp-content/uploads/2024/02/Sifir-Arac-1-262x145.jpg IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, baseline, precision 8, 262x145, components 3 Hash28115691f81a743c4b020fe619d4d5d9 73d01bca3fd4ad3db3b4e021dd66393e49abe466 4b76f16f0ca930740c6805baa82e03e7913a7b94a05c29f5b0d156adc06f89af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2024/02/Sifir-Arac-1-262x145.jpg HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9; admatic-user-session=25011866496020100101960591024128024
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: image/jpeg
content-length: 8073
cache-control: public, max-age=604800
expires: Mon, 22 Apr 2024 16:22:34 GMT
last-modified: Tue, 20 Feb 2024 07:07:30 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 253313
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFUdM7e9D9hk1q12NAq62slADvPKE11LfwWS8GtIoFLVkFshrA3ahFXt1hU97sDPFt4M76ZssUdGBe32yPMQDtH58H52AsNVLbRGEKixnduIPRf7UaEAlscFtTQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656ee10def7130-OSL
|
|
| 4u.l24.im/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 | 188.114.96.1 | 200 OK | 14 kB |
URL GET HTTP/34u.l24.im/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP188.114.96.1:443
Requested byhttps://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404 CertificateIssuerGoogle Trust Services LLC Subjectl24.im FingerprintA8:C0:26:5A:F1:5E:BC:99:14:92:9F:04:2D:87:E6:60:C5:F3:61:63 ValidityMon, 01 Apr 2024 09:05:27 GMT - Sun, 30 Jun 2024 09:05:26 GMT
File typeJavaScript source, ASCII text, with very long lines (13479) Hash9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: 4u.l24.im
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4u.l24.im/otomotiv/?utm_source=l24&utm_medium=404&utm_campaign=404
Cookie: _ga_7N67D0CRJL=GS1.1.1713451461.1.1.1713451464.57.0.0; _ga=GA1.1.1441489458.1713451461; _gcl_au=1.1.1505206337.1713451462; __sg=eyJkZXZpY2UiOiIyOTUwMzI5ODQzIiwiaWQiOiIxYjE3ZGI0OC1lNmVkLTQwNzItYjhlMS1jNTg5NGRkMWZjNjAiLCJ1c2VySWQiOm51bGx9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 14:44:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 19 Apr 2024 10:27:46 GMT
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 253313
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G8X3PKrFCxqU%2FIpd8y2x36Yj3kV%2BWjxUlukWKYY8Z1pek6nh50nthNbl0tfPZ04xe4kP%2BpzXdVmzxPXTom99RV%2FFk5eXrGRyFb2SV6wMUChjeHawloq%2FYPzORYg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87656edea9977130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|