| assodomtogo.org/wp-content/plugins/wats/openfl.php?id=2IVauuzvXBxWTqv7AV1s |  185.98.131.232 | 302 Found | 0 B |
URL User Request GET HTTP/2assodomtogo.org/wp-content/plugins/wats/openfl.php?id=2IVauuzvXBxWTqv7AV1s IP185.98.131.232:443 ASN#210403 Groupe LWS SARL
CertificateIssuerLet's Encrypt Subjectassodomtogo.org Fingerprint64:67:AB:2E:68:5C:9D:5D:50:49:2A:C4:34:BA:29:6F:FF:E3:8F:07 ValidityFri, 06 Dec 2024 04:02:04 GMT - Thu, 06 Mar 2025 04:02:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wp-content/plugins/wats/openfl.php?id=2IVauuzvXBxWTqv7AV1s HTTP/1.1
Host: assodomtogo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 09 Dec 2024 10:20:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://auredigital.sbs/?id=2IVauuzvXBxWTqv7AV1s
x-request-id: d0839ccca297a08ec397a1154786ec7e
x-cache-status: BYPASS
x-cache-key: https://assodomtogo.org/wp-content/plugins/wats/openfl.php?id=2IVauuzvXBxWTqv7AV1s
X-Firefox-Spdy: h2
|
|
| auredigital.sbs/?id=2IVauuzvXBxWTqv7AV1s |  172.67.199.212 | 302 Found | 106 kB |
URL User Request GET HTTP/2auredigital.sbs/?id=2IVauuzvXBxWTqv7AV1s IP172.67.199.212:443
CertificateIssuerGoogle Trust Services Subjectauredigital.sbs Fingerprint30:64:8B:27:03:C5:66:2A:AE:B8:86:4A:94:18:F7:7B:B4:66:FC:CA ValidityThu, 05 Dec 2024 13:55:06 GMT - Wed, 05 Mar 2025 13:55:05 GMT
File typePDF document, version 1.6 (zip deflate encoded) Size106 kB (105477 bytes) Hash64363c59db56dc006e8037a4edc645ea d527ff1607e29d9485bb31766dbe472ca49e4ce0 f11420b37e0a466e8987b9b7ea3be37d9d05276c37af51b910bf181214063ca9
GET /?id=2IVauuzvXBxWTqv7AV1s HTTP/1.1
Host: auredigital.sbs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 09 Dec 2024 10:20:33 GMT
content-type: text/html; charset=UTF-8
location: https://quickbooks.intuit.com/cas/dam/DOCUMENT/A2uOwjFt5/PDF-Invoice.pdf?id=2IVauuzvXBxWTqv7AV1s
x-powered-by: PHP/8.1.29
cache-control: no-store
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpfJy5SKtpztTgynw7QUXD9b%2BZlrMFXhOFVFaDhAtigeJxqNao%2F%2FoS04bWWfSdFo%2BrJLYX9McpWlMLmsyYInZPKTi87XCOSSNkYmc17meUafE2sIPcy7jmT1MhyU8b4Px%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ef4435f0ab7b50c-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=8609&min_rtt=2169&rtt_var=12441&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3283&recv_bytes=1265&delivery_rate=1249712&cwnd=254&unsent_bytes=0&cid=8dbf201a36f3c682&ts=1014&x=0"
X-Firefox-Spdy: h2
|
|
| quickbooks.intuit.com/favicon.ico |  95.101.96.186 | 301 Moved Permanently | 0 B |
URL GET HTTP/2quickbooks.intuit.com/favicon.ico IP95.101.96.186:443
Requested byresource://pdf.js/web/viewer.html CertificateIssuerDigiCert Inc Subjectmktg.intuit.com Fingerprint03:CF:0A:14:89:6F:20:20:24:50:E0:40:3B:19:F6:B1:B7:4D:22:9E ValidityWed, 10 Jan 2024 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: quickbooks.intuit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quickbooks.intuit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: /etc/designs/quickbooks/images/favicon.ico
cache-control: max-age=2592000
expires: Wed, 08 Jan 2025 10:20:34 GMT
date: Mon, 09 Dec 2024 10:20:34 GMT
set-cookie: akid=gip95.101.96.186_gsip95.100.106.80_clip91.90.42.154_rclip91.90.42.154; path=/; domain=.intuit.com
ivid=null; expires=Mon, 01-May-2023 13:41:05 GMT; path=/; domain=.quickbooks.intuit.com; secure; HttpOnly
AKES_GEO=NO~; path=/; domain=.intuit.com; secure
x-rl: Trail
x-org: DEFAULT_SBSEG_ORCH_US
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.intuit.com
akamai-grn: 0.506a645f.1733739634.9c59afc6
x-content-type-options: nosniff
server-timing: ak_p; desc="1733739634378_1600416336_2623123398_16_12487_27_0_21";dur=1
X-Firefox-Spdy: h2
|
|
| quickbooks.intuit.com/etc/designs/quickbooks/images/favicon.ico | 95.101.96.186 | 200 OK | 1.2 kB |
URL GET HTTP/2quickbooks.intuit.com/etc/designs/quickbooks/images/favicon.ico IP95.101.96.186:443
Requested byresource://pdf.js/web/viewer.html CertificateIssuerDigiCert Inc Subjectmktg.intuit.com Fingerprint03:CF:0A:14:89:6F:20:20:24:50:E0:40:3B:19:F6:B1:B7:4D:22:9E ValidityWed, 10 Jan 2024 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashc968b2187e413af3a68849a52a72c23b 994c32c11cf22c693deccfe570d2e03a7b52cadb 601eb2cc33bc4d1ae720edbd675857d945b8caa4a54187b54342b2752564ccce
GET /etc/designs/quickbooks/images/favicon.ico HTTP/1.1
Host: quickbooks.intuit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://quickbooks.intuit.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 1150
last-modified: Thu, 05 Dec 2024 20:36:04 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: YqFbSb10tQWJKX1m8eJt75BfJ2.udmzk
accept-ranges: bytes
server: AmazonS3
etag: "c968b2187e413af3a68849a52a72c23b"
x-amz-cf-pop: FRA60-P9
x-amz-cf-id: GGOIHvVoSP4db3YQZ7xUNddj3j5-5gJpX26G1B9--ZSDO6-pWuUd1w==
cache-control: max-age=2592000
expires: Wed, 08 Jan 2025 10:20:34 GMT
date: Mon, 09 Dec 2024 10:20:34 GMT
set-cookie: akid=gip95.101.96.186_gsip95.100.106.80_clip91.90.42.154_rclip91.90.42.154; path=/; domain=.intuit.com
ivid=null; expires=Mon, 01-May-2023 13:41:05 GMT; path=/; domain=.quickbooks.intuit.com; secure; HttpOnly
AKES_GEO=NO~; path=/; domain=.intuit.com; secure
x-rl: Trail
x-frame-options: SAMEORIGIN
x-org: WP-RT-AEM-Asset
content-security-policy: frame-ancestors 'self' *.intuit.com
akamai-grn: 0.506a645f.1733739634.9c59b03c
x-content-type-options: nosniff
server-timing: ak_p; desc="1733739634456_1600416336_2623123516_27_13412_25_0_21";dur=1
X-Firefox-Spdy: h2
|
|
| quickbooks.intuit.com/cas/dam/DOCUMENT/A2uOwjFt5/PDF-Invoice.pdf?id=2IVauuzvXBxWTqv7AV1s | 95.101.96.186 | 200 OK | 106 kB |
URL User Request GET HTTP/2quickbooks.intuit.com/cas/dam/DOCUMENT/A2uOwjFt5/PDF-Invoice.pdf?id=2IVauuzvXBxWTqv7AV1s IP95.101.96.186:443
CertificateIssuerDigiCert Inc Subjectmktg.intuit.com Fingerprint03:CF:0A:14:89:6F:20:20:24:50:E0:40:3B:19:F6:B1:B7:4D:22:9E ValidityWed, 10 Jan 2024 00:00:00 GMT - Thu, 09 Jan 2025 23:59:59 GMT
File typePDF document, version 1.6 (zip deflate encoded) Size106 kB (105477 bytes) Hash64363c59db56dc006e8037a4edc645ea d527ff1607e29d9485bb31766dbe472ca49e4ce0 f11420b37e0a466e8987b9b7ea3be37d9d05276c37af51b910bf181214063ca9
GET /cas/dam/DOCUMENT/A2uOwjFt5/PDF-Invoice.pdf?id=2IVauuzvXBxWTqv7AV1s HTTP/1.1
Host: quickbooks.intuit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/pdf
x-spanid: d422a449-d7b9-0583-8336-3f7727c95cee
x-amzn-trace-id: Root=1-6756c46a-274fec33042f70382069d7fb
server: istio-envoy
x-envoy-upstream-service-time: 118
strict-transport-security: max-age=31536000
intuit_tid: 1-6756c46a-274fec33042f70382069d7fb
x-request-id: 1-6756c46a-274fec33042f70382069d7fb
content-length: 105477
cache-control: max-age=2592000
expires: Wed, 08 Jan 2025 10:20:33 GMT
date: Mon, 09 Dec 2024 10:20:33 GMT
set-cookie: akid=gip95.101.96.186_gsip95.100.106.80_clip91.90.42.154_rclip91.90.42.154; path=/; domain=.intuit.com
ivid=null; expires=Mon, 01-May-2023 13:41:05 GMT; path=/; domain=.quickbooks.intuit.com; secure; HttpOnly
AKES_GEO=NO~; path=/; domain=.intuit.com; secure
x-rl: Trail
x-frame-options: SAMEORIGIN
x-org: WP_DAM
content-security-policy: frame-ancestors 'self' *.intuit.com
akamai-grn: 0.506a645f.1733739633.9c59ab08
x-content-type-options: nosniff, nosniff
server-timing: ak_p; desc="1733739633569_1600416336_2623122184_13999_36241_23_51_41";dur=1
X-Firefox-Spdy: h2
|
|