icvpartners.com/gkonf/rentfree.zip
192.124.249.104200 OK 1 B URL User Request GET HTTP/2 icvpartners.com/gkonf/rentfree.zip
IP 192.124.249.104:443
Certificate IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
threatfox QakBot
GET /gkonf/rentfree.zip HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 23 May 2023 05:07:09 GMT
content-type: text/html; charset=UTF-8
content-length: 1
x-sucuri-id: 19004
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
IP 192.124.249.24:0
Hash 062e98cf60ad1a4b9a8f699993c67f1a
fb1f975532cc5ba7073c5a68b622807a35a23d8b
9d81006d11f66e34d7af13c89b79d367f232007a6eb7381007d3abea942d01aa
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 23 May 2023 05:07:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 23 May 2023 02:20:05 GMT
Expires: Wed, 24 May 2023 02:20:05 GMT
ETag: "fb1f975532cc5ba7073c5a68b622807a35a23d8b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
icvpartners.com/favicon.ico
192.124.249.104302 Found 1 B URL GET HTTP/2 icvpartners.com/favicon.ico
IP 192.124.249.104:443
Requested by https://icvpartners.com/gkonf/rentfree.zip
Certificate IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
GET /favicon.ico HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/gkonf/rentfree.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 23 May 2023 05:07:10 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
x-sucuri-id: 19004
link: <https://www.icvpartners.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
104.21.36.106200 OK 3.2 kB URL GET HTTP/2 www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
IP 104.21.36.106:443
Requested by https://icvpartners.com/gkonf/rentfree.zip
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:C1:21:29:CF:3C:61:2D:1C:2C:73:6D:56:B5:99:88:4F:A2:0B:30
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 7a13861c03da303dfd81b09b9b88c966
8bec9a78448b122c042bc2247e9ef4a4864af696
f026991a98dcd89c66d04eda096c44b9b4abad132cc21dd7aeacad96bb8920f7
GET /wp-content/uploads/2017/10/favicon.png HTTP/1.1
Host: www.icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 05:07:11 GMT
content-type: image/png
content-length: 3237
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
last-modified: Mon, 30 Oct 2017 20:58:00 GMT
etag: "8817e3-ca5-55cc9e4c74600"
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ola6hXtOv%2FhyR1bd2V6UL7Ei3r8Sor4fB%2BdB%2B%2BVp6T2OPcJO3Cqu9mTPv1goN04TsnTp%2Bv6xi1mL%2FZ2qlhKdBkoq8DN4RCedvgsG%2Fq6bGo4Or3%2FSCOqzRBBb5A0u%2Bgv45QNFKlcy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbac61a2b3cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2