Report - ccsbr.marketingsignup.com/routes/ccsbr/?ofid=1754&tbc=ff2f87&a_aid=ccsbr&a_bid=affcdc35&x_agent=GREEN48&chan=GREEN48&x

Report Overview

Visited public
2023-11-12 17:19:31
Tags
URL
ccsbr.marketingsignup.com/routes/ccsbr/?ofid=1754&tbc=ff2f87&a_aid=ccsbr&a_bid=affcdc35&x_agent=GREEN48&chan=GREEN48&x_clickid=88264105
Finishing URL
wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
IP / ASN
163.171.131.207
#54994 QUANTILNETWORKS
Title
wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wkvspsb.com	unknown	2023-09-08	2023-09-12 20:09:25	2023-11-09 04:31:03	6.3 kB	106 kB	104.21.81.146
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-11-12 05:11:53	897 B	86 kB	172.64.147.188
ka-p.fontawesome.com	4489	2012-10-18	2019-12-16 21:35:53	2023-11-12 05:11:53	1.4 kB	356 kB	172.64.147.188
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-12 10:08:36	520 B	19 kB	216.58.207.227
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-11-12 05:17:46	901 B	30 kB	152.199.19.160
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-12 16:46:06	454 B	32 kB	142.250.74.42
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-12 16:45:37	1.3 kB	344 kB	142.250.74.168
static.cdn.co.no	470003	unknown	2021-10-25 15:51:53	2023-11-10 17:01:27	1.0 kB	124 kB	163.171.131.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-12 16:49:45	435 B	1.2 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed
2023-11-12	medium	wkvspsb.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	kit.fontawesome.com/b314bdf1b3.js	ScriptElement	12 kB	2023-06-20	2023-11-22
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 172.64.147.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-20 05:08 Last Seen2023-11-22 21:59 Times Seen16 Hash 4fc6cefe553c0690d16534ebf9d89181 aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f 8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	127 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen16 Hash f92940178528cff899349c6b3bc8f6b5 71946185435cc4ee489eed6d3b8cb89c9e482857 1c176f72b1e82fdcc2b59f3161850788a57e77e4e9df64f1147a6d8a5228552b Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	391 B	2023-11-12	2024-08-20
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen6 Hash 6ad29f62c91623b91b6ee31ae79351f0 4df1603346f9519e3506f625d1695e5778e7a095 dcdeb8a1a35452c114257a3c7b98df47e3a83c3779dcc1ebadf908999b703b76 Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	264 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen22 Hash 50b8d257c149e4c89eb8fcd42cbb90bd ec36a40fb37b6fcca17ac892e3b274ecff9c5164 04b5d8be7fc682489a5060b6832c7a14ebe5480a284f3f9d55f0a0407aeff7b0 Loading...

	www.googletagmanager.com/gtag/js?id=UA-208173773-2	ScriptElement	190 kB	2023-11-12	2023-11-12
Pretty URL www.googletagmanager.com/gtag/js?id=UA-208173773-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2023-11-12 18:19 Times Seen1 Hash ed6b32481683d56205f7f8d1e12771c8 d1ad962ade71081ce69ddce5bfc9b86654999cc6 26a24dd10c679caf191702b35139a4c0603f69ca7518dd46733e6e09dad20a92 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL	ScriptElement	115 kB	2023-11-12	2023-11-12
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2023-11-12 18:19 Times Seen1 Hash e8f000c918de8e1b9db0832a815a6a99 ab765de2e449a7cfd529a794df4711211b9a0a97 352ff1f93fb96adc8199a5b65d72a308c4ec5daaec1f0fded87eb22eaa08727d Loading...

	wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35	ScriptElement	26 kB	2023-11-12	2024-08-20
Pretty URL wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen24 Hash 44bf7e2fb58e77a3ab76bb6191b1a862 f6516881e1c2b17e923ca1a651de92a22c4ccaa7 b3f9ad8a6b5ee12a78a32d898be23898f6d340765e340873e0253feb3b0e8825 Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	166 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 08:25 Times Seen35 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	528 B	2023-03-07	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:11 Times Seen24 Hash 10dd1b2ab36045f6dd30390708c046c8 5ea106d1b689de5bda25b576ae36d26160ed6795 6d5167f39f1f849ab2050bb2429f122ed1e62a41d7bdcf18a9ec09438f087e88 Loading...

	wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js	ScriptElement	13 kB	2023-03-07	2025-04-17
Pretty URL wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 05:46 Times Seen84 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	500 B	2023-06-20	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-20 05:08 Last Seen2024-08-21 08:25 Times Seen30 Hash b3a1b315d6288a561818ce4d5253d7f6 2ce9c680b598f3cc1e3962a44ef82ae5fa4494fd 91fd13dbb2b63dbb6392347bd6b26447b1e7aa12711de8bd71979cd981ff1cb4 Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	2.5 kB	2023-03-12	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 21:04 Last Seen2024-08-21 07:54 Times Seen14 Hash ac428da6c58b59908e1e32ae534c701f 6762e6723215e67f3bc59d70921dff1c31cf340f 99f03e720b2056ee9fe812f4e55e01df1e9ff78e25b193457cfea0e9bf452cce Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	154 B	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash dc4c63848f107674326b8a0a96341bc9 5d248cb3bf93f521d169b6bad32476850a605b12 07efc655541b0925fd8e283a50d37b7eb16785091a5e304f2e6485eaaf93538d Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:36 Times Seen68113 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-09
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:31 Times Seen27457 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	wkvspsb.com/common_tpls/js/form_support.js?v=1101202201	ScriptElement	3.8 kB	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/common_tpls/js/form_support.js?v=1101202201 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25 Last Seen2024-08-21 08:25 Times Seen40 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	341 B	2023-03-08	2024-08-21
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash 1a58b34370509f63981cc45d340f1d57 075e95758b3f8f503e2a73afea9dd289368622df e173425383a257827382039e598338898d2206eeb509092c25bec541d8efd01b Loading...

	wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464	ScriptElement	60 B	2024-08-20	2024-08-20
Pretty URL wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464 IP 104.21.81.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 19:51 Last Seen2024-08-20 19:51 Times Seen1 Hash a0ade8490d59f6779b676b3a1c898d13 744eae94a708025c8dadd10ed5103ad5362c5250 593ccb13c3151d31d2d3a38b72f4f8de47841e9b712779632c2b39ae866e91ff Loading...

	wkvspsb.com/user/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL wkvspsb.com/user/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:56 Times Seen341420 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:56 Times Seen340619 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c	ScriptElement	229 kB	2023-11-12	2023-11-12
Pretty URL www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2023-11-12 18:19 Times Seen1 Hash 220da5c40aab7bde084b2c9d0a8cb916 f8c0a4341cce8679ee7bc253c847647b1d329b0f 27a0d4ab3b21fe62c88fa87eea97f3418eeaa2b54714d3bae80897abeae0a138 Loading...

HTTP Transactions (26)

URL IP Response Size

wkvspsb.com/common_tpls/images/ajax-loader.gif

104.21.81.146

200 OK

3.2 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/ajax-loader.gif
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4jRul0Hn6L0ilR2qIcJ%2FKV5R8RRl0c5AsgZnS6syawgcdCR3rmHVupHwEfzBa1fjDD32p37wxU%2F6jf9W7agRGsUykCQ8zgyTVgvLYtcLXBWGdr2cxuosyT72d6Vmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825070577ffb1bfe-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/icons/email.png

104.21.81.146

200 OK

1.3 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/email.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1254 bytes)
Hash
a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/email.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SvPfz5ltGlu%2Fdi9mQ6u3mpoLSGON7aeLDA%2FxazH4K1vxPhZpVAuBeh6BQI6ra9IOjNtbdngATiYNUORryaQK6wPs3N1TCN2GQ7TpeO7PDQK5oNu5J7YLjW%2FI%2BsyDDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8250705778001bfe-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/icons/password.png

104.21.81.146

200 OK

1.5 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/password.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1452 bytes)
Hash
6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/password.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYCKqIYKD6ONhMJYMdpdOiOss1ZeSVzBn05JfcoUjqBbo0OPdO6Fvo%2FYKxpjEnfal6WvbX24GprVzbHdXwd%2FIFUa4sD%2F2hzkiy6LVamASDagig7jCF2jB6V0AZtt1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8250705778091bfe-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/images/icons/user.png

104.21.81.146

200 OK

1.5 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/images/icons/user.png
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1491 bytes)
Hash
d2ace1024969666b8ecfd48b0091a0fd
fb2988bb4203176476469b8ad12abc3cf8ce2113
a28165011050b8c217837b2ce4692f49413e27b7b259144cd128d0a9db9f63dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/user.png HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: image/png
content-length: 1491
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-5d3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 732
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eYR6hYGrzSvUCHDZIp%2FLbMlJrGEFzOcNJy21M6WvSpUhv%2B3wfYvtlaxjOe8%2B3H1T3NJMPM2DLN2pZTmGtxUzA6pgZBrfnL170E0cZnsBeozrpUj0Oi1Ld%2BKyZu39w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8250705778071bfe-OSL
alt-svc: h3=":443"; ma=86400

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

20 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
20 kB (19629 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 18996236
cache-control: public,max-age=31536000
content-type: text/css
date: Sun, 12 Nov 2023 17:19:15 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 9906088
cache-control: public,max-age=31536000
content-type: application/javascript
date: Sun, 12 Nov 2023 17:19:15 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.42

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Nov 2023 21:30:55 GMT
expires: Fri, 08 Nov 2024 21:30:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 244100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-208173773-2

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-208173773-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68664 bytes)
Hash
ed6b32481683d56205f7f8d1e12771c8
d1ad962ade71081ce69ddce5bfc9b86654999cc6
26a24dd10c679caf191702b35139a4c0603f69ca7518dd46733e6e09dad20a92

HTTP Headers

GET /gtag/js?id=UA-208173773-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 12 Nov 2023 17:19:15 GMT
expires: Sun, 12 Nov 2023 17:19:15 GMT
cache-control: private, max-age=900
last-modified: Sun, 12 Nov 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68664
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css

172.64.147.188

200 OK

0 B

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5OgcseEWDn6S7kqi5gj
cf-cache-status: HIT
age: 447227
accept-ranges: bytes
server: cloudflare
cf-ray: 8250705a285f5693-OSL
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js

104.21.81.146

200 OK

59 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text, with very long lines (12990)
Size
59 kB (59303 bytes)
Hash
2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: application/javascript
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohKHW6ZqVmh5EQbVnJ2jJz2AKgu026xVVxdktFCw7WKmteejQUMdd8o%2Fqg8zxTgWXoGD%2B%2FPqVQIKnHbvac3NoS9LtWG3e%2Bb5UXjxZICkIzlG13maNtD5EIM7jI9mwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82507057880e1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/compactML/css/hotcha2.css

104.21.81.146

200 OK

6.7 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/compactML/css/hotcha2.css
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text
Size
6.7 kB (6721 bytes)
Hash
77227f928f8335fc447ed17d5f179196
612af8f82ed3ead5e096fec43c28ed9936fd18fc
b91ae958a6bb42230926e511539bfd79203c97209fe9a62ffe063eed2e7cc2d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/compactML/css/hotcha2.css HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/css
last-modified: Mon, 24 Apr 2023 18:01:30 GMT
etag: W/"6446c3fa-71df"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6549
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzOXi7Tg%2FbAU7F%2BDlPkf8r5zGt7jNNEbsp5xQDTlsfW0LwkNAX74%2FdQyRJi8Fbu5VvSy2w8KXvQLXNuivOq4Yz1GNPYOKfIGCv6j7RpdfvFcNpiSgtU%2FjzoF0JqDhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825070576ff41bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

172.64.147.188

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1351344
accept-ranges: bytes
server: cloudflare
cf-ray: 8250705a58a85693-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL

142.250.74.168

200 OK

44 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
44 kB (44354 bytes)
Hash
e8f000c918de8e1b9db0832a815a6a99
ab765de2e449a7cfd529a794df4711211b9a0a97
352ff1f93fb96adc8199a5b65d72a308c4ec5daaec1f0fded87eb22eaa08727d

HTTP Headers

GET /gtm.js?id=GTM-TZX6ZCL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 12 Nov 2023 17:19:15 GMT
expires: Sun, 12 Nov 2023 17:19:15 GMT
cache-control: private, max-age=900
last-modified: Sun, 12 Nov 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44354
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0e.ttf

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0e.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R\012- data
Size
18 kB (18276 bytes)
Hash
049a929c5d81988b3ae6d2f985ca7aa5
1116611d79f1b71936b8987bc1ca3d6de5e99f14
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e

HTTP Headers

GET /s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0e.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 12 Nov 2023 06:45:56 GMT
expires: Mon, 11 Nov 2024 06:45:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Jul 2019 19:30:44 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 37999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kit.fontawesome.com/b314bdf1b3.js

172.64.147.188

200 OK

85 kB

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
85 kB (85268 bytes)
Hash
861dce5835eb8f5cd2707aad8a1f6b9e
34426f26c2e493f17424861e3d883daf857dbf49
0a76613ca6926183e0d01eb67961e9dcbb27ae2fd744bdcb9af37dd62d83959e

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F4rzVOEZUQ-WlBJ1TBmB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 825070578d4e5693-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35

104.21.81.146

200 OK

6.9 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/validate_form_v2.js?jsv=35
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text
Size
6.9 kB (6884 bytes)
Hash
44bf7e2fb58e77a3ab76bb6191b1a862
f6516881e1c2b17e923ca1a651de92a22c4ccaa7
b3f9ad8a6b5ee12a78a32d898be23898f6d340765e340873e0253feb3b0e8825

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=35 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 00:24:58 GMT
etag: W/"6530775a-6590"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWjFX5JRBBMr7H1GyHIxfw78eHQI6tPoOU4UivPXFHFA8dliMrMx1%2F36G5veT8mn0y1LAVqqvbEX9DOQwD3xLXj6IGGWwXb8YOm1fgv3bTNc%2BXkKA1YENAIOBBvH6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825070577ffa1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cdn.co.no/static/729/fonts/JosefinSans-Bold.ttf

163.171.131.207

200 OK

59 kB

URL GET HTTP/1.1
static.cdn.co.no/static/729/fonts/JosefinSans-Bold.ttf
IP
163.171.131.207:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerLet's Encrypt
Subjectstatic.cdn.co.no
FingerprintB3:2F:EE:A9:5D:87:31:BE:CB:03:48:0F:C9:AC:C5:E4:55:08:83:C8
ValidityTue, 31 Oct 2023 15:05:28 GMT - Mon, 29 Jan 2024 15:05:27 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 19 names, Microsoft, language 0x409, Copyright 2010 The Josefin Sans Project Authors (https://github.com/ThomasJockin/JosefinSansFont\012- data
Size
59 kB (59160 bytes)
Hash
75d240293f611020f2885e035a705f4e
91223716019d9ff839f9bac0637106f63f133d60
185b89504e8994b12f7a53886cb7853c5e3f0af418480c07b6fd2e85d70beeb7

HTTP Headers

GET /static/729/fonts/JosefinSans-Bold.ttf HTTP/1.1
Host: static.cdn.co.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 12 Nov 2023 17:19:15 GMT
Content-Type: application/x-font-ttf;charset=UTF-8
Content-Length: 59160
Connection: keep-alive
Server: PWS/8.3.1.0.8
Accept-Ranges: bytes
ETag: "FpEiNxYBnZ_4Ofm6wGNxBvY_Ez1g"
Last-Modified: Tue, 01 Mar 2022 01:05:59 GMT
X-Reqid: 2050249224272156202308242033238H8eLFWO
Age: 35155
Via: 1.1 PSfgblPAR2ff185:6 (W), 1.1 PSfgblPAR1ai68:8 (W)
X-Px: ht PSfgblPAR1ai68CDG
X-Ws-Request-Id: 65510913_PSfgblPAR1nw230_21379-60123

static.cdn.co.no/static/729/fonts/Oswald-Medium.ttf

163.171.131.207

200 OK

64 kB

URL GET HTTP/1.1
static.cdn.co.no/static/729/fonts/Oswald-Medium.ttf
IP
163.171.131.207:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerLet's Encrypt
Subjectstatic.cdn.co.no
FingerprintB3:2F:EE:A9:5D:87:31:BE:CB:03:48:0F:C9:AC:C5:E4:55:08:83:C8
ValidityTue, 31 Oct 2023 15:05:28 GMT - Mon, 29 Jan 2024 15:05:27 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2016 The Oswald Project Authors (https://github.com/googlefonts/OswaldFont)Oswald Medi\012- data
Size
64 kB (64184 bytes)
Hash
cac18285be0f21659601259d7a879432
43bd6b779df9839d2fc93cb1ea1efbc5593f9c95
1afd6f8284d1671fde324c0ca9f80ee82a09734d5f3937a9e87e5f5fd703c6bc

HTTP Headers

GET /static/729/fonts/Oswald-Medium.ttf HTTP/1.1
Host: static.cdn.co.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 12 Nov 2023 17:19:15 GMT
Content-Type: application/x-font-ttf;charset=UTF-8
Content-Length: 64184
Connection: keep-alive
Server: PWS/8.3.1.0.8
Accept-Ranges: bytes
ETag: "FkO9a3ed-YOdL8k8seoe-8VZP5yV"
Last-Modified: Tue, 01 Mar 2022 01:06:16 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, POST, PUT, GET, DELETE
X-Reqid: 205024922427218520230816061009VmfQ5fGy
Age: 35155
Via: 1.1 PSfgblPAR2rt183:5 (W), 1.1 PSfgblPAR1ai68:7 (W)
X-Px: ht PSfgblPAR1ai68CDG
X-Ws-Request-Id: 65510913_PSfgblPAR1nw230_24047-35496

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

172.64.147.188

200 OK

323 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
323 kB (322695 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1337254
accept-ranges: bytes
server: cloudflare
cf-ray: 8250705a58a95693-OSL
X-Firefox-Spdy: h2

wkvspsb.com/user/trk/?rtid=786892185

104.21.81.146

200 OK

21 B

URL GET HTTP/3
wkvspsb.com/user/trk/?rtid=786892185
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
ff722ef66dcd6b274293ee7f1c7588d6
3f9d07a4a12f490479d2e169e5f011ca2c807703
92241b72061050ef07a88d76e3e91f290548ef21960f13d9c5df6119a9355ade

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/trk/?rtid=786892185 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464; _ga_MZ8S35MRED=GS1.1.1699809555.1.0.1699809555.0.0.0; _ga=GA1.1.2118035677.1699809556
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:16 GMT
content-type: text/json;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOQ2zj4B75UsDoHx7lyaPyO5%2B5J%2BLvDh2cKqTcyrNy1o0TZDYqiXO1WMRxSj3S1fgSc0VXpsMkUtWf9cRWTsgvodNi6UpRflBspe9YnVahXmDy4Lfl3XgUft1hHErA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8250705d3d531bfe-OSL
alt-svc: h3=":443"; ma=86400

wkvspsb.com/common_tpls/js/form_support.js?v=1101202201

104.21.81.146

200 OK

3.8 kB

URL GET HTTP/3
wkvspsb.com/common_tpls/js/form_support.js?v=1101202201
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
ASCII text, with very long lines (4261), with no line terminators
Size
3.8 kB (3799 bytes)
Hash
bd72340aa5a6ac08cf9a0fdbd650579c
c0550503cbb35b4abcc5618fc78a0cb18c26c89c
783abe18fe8132421d19b383088f95e95a9ee6ac64b85bd2e2b178b481ab2ca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 21:23:37 GMT
etag: W/"6377f7d9-ed7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 733
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=no%2Bi4QQNI7kGFcIHT8v0WCDrxZ3%2Frqu02xTlXtJSv9MLenGBv5ew2exeZX3uy2amJZcoiA%2BSXnmb%2Br4AYqJrOPD6g%2BZ6HyqeKZYoBMGgF8GCCAfmtGm0xplzIFEtYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 825070577ff81bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c

142.250.74.168

200 OK

229 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (5955)
Size
229 kB (228877 bytes)
Hash
220da5c40aab7bde084b2c9d0a8cb916
f8c0a4341cce8679ee7bc253c847647b1d329b0f
27a0d4ab3b21fe62c88fa87eea97f3418eeaa2b54714d3bae80897abeae0a138

HTTP Headers

GET /gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 12 Nov 2023 17:19:15 GMT
expires: Sun, 12 Nov 2023 17:19:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

wkvspsb.com/favicon.ico

104.21.81.146

404 Not Found

564 B

URL GET HTTP/3
wkvspsb.com/favicon.ico
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Size
564 B (564 bytes)
Hash
fdcc3670b5749c79b9fd2506176af388
1095fe0f01313e6da2c11cf5dbce11702601910a
3186816c26c71c47fa28220ea83b02b93fa62389d22d3d77e8eeefcc573f2b69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464; _ga_MZ8S35MRED=GS1.1.1699809555.1.0.1699809555.0.0.0; _ga=GA1.1.2118035677.1699809556
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 12 Nov 2023 17:19:16 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMWelF5u2gpicOkx7nutJ2nnAPphLRCVleVsYntahdVjzWZ3FUdE8sEOQW9JKi6yhdLebQ7uniFxp2rrIl4AWL8zYUrnL0irEgUTNFMM8BdtDESLPHkIPwm3YOb3sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8250705d3d521bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464

104.21.81.146

200 OK

14 kB

URL User Request GET HTTP/3
wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
IP
104.21.81.146:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwkvspsb.com
Fingerprint36:A0:27:99:37:F6:5F:7C:50:AE:02:3C:67:79:D6:DF:B9:A9:6E:AF
ValidityFri, 10 Nov 2023 18:10:51 GMT - Thu, 08 Feb 2024 18:10:50 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (536)
Size
14 kB (13555 bytes)
Hash
57276c29be689d918dec33306d0517a0
9b1254da4832aa9b89857293d5fbb1dca01991cb
b9e194eb6d8ab79f9dca61b29306dabc92b3cded665c14ec19dcf36377840603

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/?SID=92c22b2be616882f2b3a68f232f8c464 HTTP/1.1
Host: wkvspsb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/user/?ofid=1754&tbc=ff2f87&a_aid=ccsbr&a_bid=affcdc35&x_agent=GREEN48&chan=GREEN48&x_clickid=88264105&sitekey=d4affd5f3fc2a2a4&rtr=1&rtid=786892185
Cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=92c22b2be616882f2b3a68f232f8c464; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g05ot09tKhPAsFgL5n4%2F1YHle4aUvfpefxIuSj933e9wsu0Xp4oPbYlgXWiglm56U33zRVpXQiE8kq2b7B0GyVzSICk95VDmPeWv%2BTVDEOZWr6OMxZ%2B7dJS62vQc3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82507053bc0b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wkvspsb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 12 Nov 2023 17:19:15 GMT
date: Sun, 12 Nov 2023 17:19:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

172.64.147.188

200 OK

28 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wkvspsb.com/user/?SID=92c22b2be616882f2b3a68f232f8c464
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
28 kB (27971 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wkvspsb.com/
Origin: https://wkvspsb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 12 Nov 2023 17:19:15 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 1351344
accept-ranges: bytes
server: cloudflare
cf-ray: 8250705a58a65693-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by