| r11.o.lencr.org/ |  23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash219f59137337a0ee601729cab5ec83f6 85f2e3496820405559fd526b44b9a915e0009a4f f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18841
Expires: Sat, 17 Aug 2024 18:56:07 GMT
Date: Sat, 17 Aug 2024 13:42:06 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2df91286f49e58e16a376311a3bd4a11 f91a1585d976cf80ae4702b607130dc84e095e81 b6aa8b353b34cd929b75a9baf0f9953435f07d0118004f1e0bf72e5e15498fe4
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6AA8B353B34CD929B75A9BAF0F9953435F07D0118004F1E0BF72E5E15498FE4"
Last-Modified: Fri, 16 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3332
Expires: Sat, 17 Aug 2024 14:37:38 GMT
Date: Sat, 17 Aug 2024 13:42:06 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash4d209e16679910b467c26590a0073236 ddd59fa6902b498e9c0cfb22e342757f954789d0 9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5"
Last-Modified: Wed, 14 Aug 2024 21:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7434
Expires: Sat, 17 Aug 2024 15:46:00 GMT
Date: Sat, 17 Aug 2024 13:42:06 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash75f615f839dbf8cd2f4a3d58e44455f2 362b7a7d5cbe41d8a42cecec4ee755af0e07ddaf 2c4833330979b96ed12b3480367f00be397e9f9ccb35a088e7c79e92eb26cae4
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2C4833330979B96ED12B3480367F00BE397E9F9CCB35A088E7C79E92EB26CAE4"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2943
Expires: Sat, 17 Aug 2024 14:31:09 GMT
Date: Sat, 17 Aug 2024 13:42:06 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash153b32abf5410c18b8039b1be38de159 233bc88ef0b48068d107aaa8d527e4e5aaef5be7 4dbe0e110aca5e5e193569f7b725f4f91364bfa550828c84a9d4be2e3ed66c71
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4DBE0E110ACA5E5E193569F7B725F4F91364BFA550828C84A9D4BE2E3ED66C71"
Last-Modified: Sat, 17 Aug 2024 13:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Sat, 17 Aug 2024 19:41:36 GMT
Date: Sat, 17 Aug 2024 13:42:06 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c14cfb85dc9ceb923d7d3c3648719d2 10ea83f83398870f50ca771216ad77bd95aa66cc bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5802
Expires: Sat, 17 Aug 2024 15:18:50 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c14cfb85dc9ceb923d7d3c3648719d2 10ea83f83398870f50ca771216ad77bd95aa66cc bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5802
Expires: Sat, 17 Aug 2024 15:18:50 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c14cfb85dc9ceb923d7d3c3648719d2 10ea83f83398870f50ca771216ad77bd95aa66cc bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5802
Expires: Sat, 17 Aug 2024 15:18:50 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c14cfb85dc9ceb923d7d3c3648719d2 10ea83f83398870f50ca771216ad77bd95aa66cc bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5802
Expires: Sat, 17 Aug 2024 15:18:50 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c14cfb85dc9ceb923d7d3c3648719d2 10ea83f83398870f50ca771216ad77bd95aa66cc bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5802
Expires: Sat, 17 Aug 2024 15:18:50 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash06842188d9c8231a876e1b0f5e4263c6 f19e6548e9759a5f39c077817d2a410a0715928e 87f2be5eddd6fd24b0ea7fbd0394cc22b24be47151a5b10e65ec673954944476
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "87F2BE5EDDD6FD24B0EA7FBD0394CC22B24BE47151A5B10E65EC673954944476"
Last-Modified: Thu, 15 Aug 2024 17:40:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4539
Expires: Sat, 17 Aug 2024 14:57:47 GMT
Date: Sat, 17 Aug 2024 13:42:08 GMT
Connection: keep-alive
|
|
| cache.cloudswiftcdn.com/ |  101.99.75.138 | | 1.1 kB |
IP101.99.75.138:0 ASN#45839 Shinjiru Technology Sdn Bhd
File typeJavaScript source, ASCII text, with very long lines (1139) Hashb005688932b77f5ee836d7e5e30fc5a0 b200a41adc3e9c5300180237f860059d73302c2c aab06f07d645295baa4c503c0b7f40972b3e4678b27aae74171b6177ce4f1c33
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Unknown malware | | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: cache.cloudswiftcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://foroshonlin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 17 Aug 2024 13:42:08 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
|
|
| foroshonlin.com/favicon.ico |  178.239.158.49 | | 1.2 kB |
URL foroshonlin.com/favicon.ico IP178.239.158.49:0 ASN#60631 Pars Parva System LLC
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash0bde7d4b3da67537eaf9188e6f8049cf 64300fc482d01d38b40ab20e15960b6509665e5a 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /favicon.ico HTTP/1.1
Host: foroshonlin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://foroshonlin.com/product-category/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B7%D8%B1%D8%A7%D8%AD%DB%8C-%D8%B3%D8%A7%DB%8C%D8%AA-%D9%88-%D8%B3%D8%A6%D9%88
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 17 Aug 2024 13:42:08 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
|
|
| GET blueselectorpage.com/favicon.ico |  172.67.148.10 | 204 No Content | 0 B |
URL GET HTTP/3blueselectorpage.com/favicon.ico IP172.67.148.10:443
Requested byhttps://blueselectorpage.com/go/gi2dqodfme5dcojuga2q?sub1=carlos&sub3=reppy3 CertificateIssuerGoogle Trust Services Subjectblueselectorpage.com FingerprintB9:AE:30:69:9D:77:FE:AA:54:18:3D:CE:21:4F:3A:CD:EC:84:DF:EA ValidityThu, 08 Aug 2024 11:35:45 GMT - Wed, 06 Nov 2024 11:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: blueselectorpage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blueselectorpage.com/go/gi2dqodfme5dcojuga2q?sub1=carlos&sub3=reppy3
Cookie: uuid=be5dcb89-fb6a-4d47-a50e-bb2c5d146e05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Sat, 17 Aug 2024 13:42:10 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXlD79TYqwuVsVHC4cxJEzyEZiPBmdvsLhSnciIqoOdPuFTHTKFjuIxd%2FleyzrWk3nhtMS5NeXbZVYoVvIDSOwPWhR%2FLvmwSb%2BwpkQNMd8TUnx%2FHvGjYvkKHnfhay6JxHZRbpYBAkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b4a15fb4c19569b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| GET blueselectorpage.com/go/gi2dqodfme5dcojuga2q?sub1=carlos&sub3=reppy3 | 172.67.148.10 | 200 OK | 53 kB |
URL User Request GET HTTP/2blueselectorpage.com/go/gi2dqodfme5dcojuga2q?sub1=carlos&sub3=reppy3 IP172.67.148.10:443
CertificateIssuerGoogle Trust Services Subjectblueselectorpage.com FingerprintB9:AE:30:69:9D:77:FE:AA:54:18:3D:CE:21:4F:3A:CD:EC:84:DF:EA ValidityThu, 08 Aug 2024 11:35:45 GMT - Wed, 06 Nov 2024 11:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /go/gi2dqodfme5dcojuga2q?sub1=carlos&sub3=reppy3 HTTP/1.1
Host: blueselectorpage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Aug 2024 13:42:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=be5dcb89-fb6a-4d47-a50e-bb2c5d146e05; expires=Mon, 16-Sep-2024 13:42:10 GMT; Max-Age=2592000; path=/; domain=blueselectorpage.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2e1Zqb5mn5msgqbiALecQAhrv17BnkrERX3xTGT%2BaNSvtIcm03Xn1UJrQyD2DDW7TsDV40VUE4fNguVV3OGjnE%2BxWJWh9ofILlwkRzOu37LxCff8fryXldV4Mn1RPIHE0R6iWnIcCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b4a15f9ff77569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|