Report - track.mbstrk.com/4da31d2a-6444-4912-b039-92c1b44fdd52?feed=[feed]&hash=[hash]&creative=[creative]&ip=[ip]&campaign=Hong_Kong-NORTON_YEP(2422527)_10.23_1&tsource=clickstar_Kate2&subday=[subday]&price=[price]&clickid=[clickid]

Report Overview

Visited public
2023-10-22 07:31:57
Tags
URL
track.mbstrk.com/4da31d2a-6444-4912-b039-92c1b44fdd52?feed=[feed]&hash=[hash]&creative=[creative]&ip=[ip]&campaign=Hong_Kong-NORTON_YEP(2422527)_10.23_1&tsource=clickstar_Kate2&subday=[subday]&price=[price]&clickid=[clickid]
Finishing URL
rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
IP / ASN
18.193.146.82
#16509 AMAZON-02
Title
Norton AntiVirus

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rodeks.xyz	unknown	2023-09-07	2023-09-12 17:33:18	2023-10-17 17:03:38	30 kB	162 kB	157.230.4.182
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-22 00:29:59	2.6 kB	71 kB	216.58.207.227
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04 07:37:42	2023-10-21 20:34:52	526 B	2.3 kB	142.250.74.42
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-22 02:02:08	509 B	24 kB	142.250.74.106
track.mbstrk.com	425561	2022-01-19	2022-01-19 13:15:43	2023-10-08 13:27:27	680 B	2.0 kB	18.193.146.82
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-21 18:12:10	2.3 kB	4.9 kB	142.250.74.131
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-10-22 01:42:59	427 B	32 kB	142.250.74.42
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-10-22 01:03:09	1.1 kB	7.3 kB	142.250.74.35
translate.googleapis.com	1005	2005-01-25	2012-05-31 09:21:21	2023-10-22 00:54:57	1.7 kB	81 kB	142.250.74.106
translate.google.com	1156	1997-09-15	2012-05-30 03:30:32	2023-10-21 18:25:27	446 B	88 kB	216.58.211.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed
2023-10-22	medium	rodeks.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_main	ScriptElement	223 kB	2023-10-17	2025-03-11
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_main IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-17 21:37 Last Seen2025-03-11 08:47 Times Seen268 Hash a23375d63966f66112d8ee47f88dae06 25f6df714f83bb7404f9933b0c69a4198691960f b6990ddef25b866a204fcc398444b7e9e5b741c2004c44d6809ed1333172892f Loading...

	rodeks.xyz/1Ai/folder/js/custom.js	ScriptElement	6.5 kB	2023-10-22	2024-08-21
Pretty URL rodeks.xyz/1Ai/folder/js/custom.js IP 157.230.4.182 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 09:31 Last Seen2024-08-21 03:51 Times Seen5 Hash 31d6eb5eadfd1b275f0f1db009096f9d 60506926f16bb2824957b73bc9365b60b60c1ce7 b86a0319389fbd489793484e6550fe86dca42ac261f44d0aeb8784279104df95 Loading...

	rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D IP 157.230.4.182 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 11:47 Times Seen4643424 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rodeks.xyz/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_conf	ScriptElement	87 kB	2023-10-22	2023-10-22
Pretty URL rodeks.xyz/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 09:22 Last Seen2023-10-22 09:31 Times Seen2 Hash 00d868d4ba0663653801b20e21eee416 681abcebabca893ceab06b003cf812a65df63ede 5bbb4d3d23a62ef9b3528e2406d0ae32f152b3749853751e8a698cef6e9638d0 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 11:33 Times Seen108708 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	rodeks.xyz/1Ai/folder/js/cookie.js	ScriptElement	2.2 kB	2023-03-07	2025-05-09
Pretty URL rodeks.xyz/1Ai/folder/js/cookie.js IP 157.230.4.182 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 14:46 Times Seen589 Hash c9e9a54501fc6f6e8918b2c0f2a53981 3d530e6c830ccba6284e79c7245bb45d6f4f2197 491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454 Loading...

	rodeks.xyz/1Ai/folder/js/langs.js	ScriptElement	1.2 kB	2023-03-07	2025-05-09
Pretty URL rodeks.xyz/1Ai/folder/js/langs.js IP 157.230.4.182 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 14:46 Times Seen624 Hash fcd546809170dd574eb37b989529f69a 2e227e144e3b4bd68064354d8a7fbc61125f624c 350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920 Loading...

HTTP Transactions (46)

URL IP Response Size

track.mbstrk.com/4da31d2a-6444-4912-b039-92c1b44fdd52?feed=[feed]&hash=[hash]&creative=[creative]&ip=[ip]&campaign=Hong_Kong-NORTON_YEP(2422527)_10.23_1&tsource=clickstar_Kate2&subday=[subday]&price=[price]&clickid=[clickid]

18.193.146.82

302 Found

0 B

URL User Request GET HTTP/2
track.mbstrk.com/4da31d2a-6444-4912-b039-92c1b44fdd52?feed=[feed]&hash=[hash]&creative=[creative]&ip=[ip]&campaign=Hong_Kong-NORTON_YEP(2422527)_10.23_1&tsource=clickstar_Kate2&subday=[subday]&price=[price]&clickid=[clickid]
IP
18.193.146.82:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttrack.mbstrk.com
Fingerprint1B:96:93:53:BF:9F:F6:7B:83:73:DD:52:90:9B:25:73:17:DE:DE:9B
ValidityTue, 12 Sep 2023 06:10:36 GMT - Mon, 11 Dec 2023 06:10:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /4da31d2a-6444-4912-b039-92c1b44fdd52?feed=[feed]&hash=[hash]&creative=[creative]&ip=[ip]&campaign=Hong_Kong-NORTON_YEP(2422527)_10.23_1&tsource=clickstar_Kate2&subday=[subday]&price=[price]&clickid=[clickid] HTTP/1.1
Host: track.mbstrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 22 Oct 2023 07:31:39 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
pragma: no-cache
set-cookie: 4da31d2a-6444-4912-b039-92c1b44fdd52-v4=nrQi07rUglKGqMwlBTLFIJMqCCohTh8rNLvSG3pqYRg; Max-Age=86400; Expires=Mon, 23-Oct-2023 07:31:39 GMT; Domain=track.mbstrk.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=BmbSchA8qMGwmzDI7KbIGVJ2knjoiOdabGLfISZZCAZREv_BHmrRfTdU_hqmj6qY2f0VJixRN2asges3B6Fn31NzJyx2t7cZaWIHwZwhIagF9xRITxRIZjxqhAbq4mGoO5uD_s9vKNcoVBsPU1O_XLBSJUmV8FBwDis6hmeb0ZCe309E3tf5v_ekXj8yFkmgll6GbFhbkzdP2EbeQysBov4YSPN8lhKunCd7cZbbaOxCUNifSaHZ717Ea2F3lCWyHkJZUJAulfH4tm-cpo6RxjgI45qMsC2Cfe7rTplB1fjjIT8uxii047SopmGgz2Jw22A0q2hpjsYdJOYFuHb7mhHKWGyEWlPTn__STZ84mNOQt5-fR45SvjBxG-OGXaF-vZzqe2lrNqawVILWkxssEioGEqRdNbFoYKtHt-g2ugMCNeZmGHE-j-JVBSv-RYyflK3RyUa58Ayk3GrnvU9BV-6XntF3yhwnAs14p6GI2UmdcBrJDhzDTVooz6KF50aNdWXxsxq4nihoiGgJ6s_-_RMpFyRVd7bhO-i17PmksgoVhL0BjUbsZFtVtZyVoJmfLkrgRjh48GbsSi0Ge80CaA; Max-Age=86400; Expires=Mon, 23-Oct-2023 07:31:39 GMT; Domain=track.mbstrk.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a5abb7a6040af803a9b487938327dc4a
90e85cbc3ca255d971b4749d729a76a44a5bcc70
5633d9bcf063dce9ca3b5a4da9015ed27df655a9427898474e5383a303b5c732

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a5abb7a6040af803a9b487938327dc4a
90e85cbc3ca255d971b4749d729a76a44a5bcc70
5633d9bcf063dce9ca3b5a4da9015ed27df655a9427898474e5383a303b5c732

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.42

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Oct 2023 10:57:55 GMT
expires: Tue, 15 Oct 2024 10:57:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 506025
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/css/custom.css

157.230.4.182

200 OK

2.4 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/css/custom.css
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
gzip compressed data, from Unix\012- data
Size
2.4 kB (2386 bytes)
Hash
417f6de3833634af2e309b442feace12
b659a77afac13d041ab730b610da8e9534da54d1
6317265dfefcc3e14080b0175d4e3ca8ce0005b8befceffbb04def42f662ab62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/css/custom.css HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: text/css
last-modified: Tue, 12 Sep 2023 09:51:27 GMT
vary: Accept-Encoding
etag: W/"6500349f-1dc9"
content-encoding: gzip
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/js/custom.js

157.230.4.182

200 OK

2.4 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/js/custom.js
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
gzip compressed data, from Unix\012- data
Size
2.4 kB (2357 bytes)
Hash
119aa170bcf1060c59af6232ba722c40
698a099d14c592d9d6e90aae1f32fc69e25b0053
89239ff78b7c4544ced7d346e820293a234adcb3c6abca1e115f66b11ed438a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/js/custom.js HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: application/javascript
last-modified: Tue, 12 Sep 2023 15:38:31 GMT
vary: Accept-Encoding
etag: W/"650085f7-196a"
content-encoding: gzip
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/logo.png

157.230.4.182

200 OK

9.8 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/logo.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 728 x 247, 8-bit/color RGBA, non-interlaced\012- data
Size
9.8 kB (9764 bytes)
Hash
45538e02148ee3e663b970e280b8c98f
c92a6df34ce6fffea5799291910d8d1a4c342381
161819f5e87a6f49762e527b4766224915fe4f5556fe0b1fafbe7e9ce8527581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/logo.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 9764
last-modified: Mon, 11 Sep 2023 15:18:08 GMT
etag: "64ff2fb0-2624"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/favicon.png

157.230.4.182

200 OK

4.8 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/favicon.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 173 x 173, 8-bit/color RGBA, non-interlaced\012- data
Size
4.8 kB (4768 bytes)
Hash
0630fa87188d254a5cbf83f179353bd8
e3c07dcc1cd67a7b85db2412f4afa588aae5310a
bfe9b8be99014adf8c12bd59c0c4eab2707d507327accfac6ba7f9776a0523f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/favicon.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 4768
last-modified: Mon, 11 Sep 2023 15:16:21 GMT
etag: "64ff2f45-12a0"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/settings.png

157.230.4.182

200 OK

1.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/settings.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 124 x 22, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1932 bytes)
Hash
32fded5a952e60a48a879e414c590f24
834e44460475c20ce9f4c801a4ccf53130749af3
d712d6bf38edf55c605c2a568ce2de1caae95d26b00c02c4f9a1eed6f370d76e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/settings.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1932
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-78c"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/left_1.png

157.230.4.182

200 OK

1.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/left_1.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1920 bytes)
Hash
b2b98941a9fe6bbcb6745989b3289b1e
5fb8fce5934af6d3426a37eb58b9846fa80ead39
d9efcb7b0f632cb3d2650c0c676b3c758f00c52f5d1cc5e7963dd456aaa03833

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/left_1.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1920
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-780"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/left_2.png

157.230.4.182

200 OK

1.7 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/left_2.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.7 kB (1665 bytes)
Hash
bc32798c28d2145f979848809ba5f858
7bc0276cd56bf6463113a9c5d33ea9aacbdb5f51
7319ffc0fdb40740b07f1a286348fa0f29676127996481b6310f3dd7f322d4ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/left_2.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1665
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-681"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/left_3.png

157.230.4.182

200 OK

1.5 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/left_3.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1483 bytes)
Hash
860d945f4bba4b150b4c6300bdd87527
4c3f11a2902bf437bb578871f7e27625f0ae6504
bdca8ddc4aaf7200e8c215c5eedeae489626d9df23313578ac0cfe45854ea0c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/left_3.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1483
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-5cb"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/left_4.png

157.230.4.182

200 OK

1.8 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/left_4.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Size
1.8 kB (1812 bytes)
Hash
7af58322b67083908a8519d74471f47d
256a9119feb235759cf98f211bc6398f58c4ee43
bfab83c5a6c9c62450668ba960527fc9b17ed316a52436f0f63fd1eedcd45a3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/left_4.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1812
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-714"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/green-icon.png

157.230.4.182

200 OK

1.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/green-icon.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 35 x 34, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1946 bytes)
Hash
1eab4e4fb7a147352b0027c0e4df1fe6
99e621180265541383f5c081cd6f7c77b7d21e0d
a66a5ce08b112086075a336e9f18d5cea683143b552a50641971ef00d3895207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/green-icon.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1946
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-79a"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/op_1.png

157.230.4.182

200 OK

5.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/op_1.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 139 x 130, 8-bit/color RGB, non-interlaced\012- data
Size
5.9 kB (5928 bytes)
Hash
fa6582524d715994e9d9036eca9b034b
06cce1b23faba93959df12a9eccaa3d6f51341ce
cf05a371ab1261c3e1f2785e26c95cc5869b37de15c9d48206e78a58894a0cdc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/op_1.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 5928
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-1728"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/blue-icon.png

157.230.4.182

200 OK

1.5 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/blue-icon.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 23 x 20, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1545 bytes)
Hash
7f7b44979afb15dfdc18e7d754c6d0f5
7426889578a3a6f20f620611f7ea8d4dadaf3b87
cb2eff4a1cf5f187eda87e71d6039f24af63844617a7f890070b9afd5c965a33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/blue-icon.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 1545
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-609"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
af18517e389f52e705309f80ad7eed93
7d699d3c5f94e06728491495833e523ac591e446
a0e19e2db76b997e503001660a6753ba10accaf7c9fd346e3a469459a01dcdf9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
af18517e389f52e705309f80ad7eed93
7d699d3c5f94e06728491495833e523ac591e446
a0e19e2db76b997e503001660a6753ba10accaf7c9fd346e3a469459a01dcdf9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 02:00:44 GMT
expires: Sat, 19 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 192656
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/op_2.png

157.230.4.182

200 OK

4.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/op_2.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 152 x 121, 8-bit/color RGB, non-interlaced\012- data
Size
4.9 kB (4856 bytes)
Hash
a0f86853c68b824dd5c15b0fae66fdfe
0c8ba75f1370ba3c10a309be4c1c96a5067c6098
f58fdb3b3ba6dc0943458179df29efb7201b84ff2edbf03d9ad5cb26c4e52917

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/op_2.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 4856
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-12f8"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/op_3.png

157.230.4.182

200 OK

5.9 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/op_3.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 137 x 131, 8-bit/color RGB, non-interlaced\012- data
Size
5.9 kB (5904 bytes)
Hash
8a07f71c9d0642e8b94bd2b9687c768f
fb2f6f1a6a421101a4b10c315f340d0565709abf
e77edd6c132664f48fb66468de2e1b5068d61e9f04e03d6a51668b14d00af0ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/op_3.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 5904
last-modified: Wed, 16 Nov 2022 15:40:42 GMT
etag: "6375047a-1710"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/minus.png

157.230.4.182

200 OK

128 B

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/minus.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
128 B (128 bytes)
Hash
0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/minus.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 128
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-80"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/close.png

157.230.4.182

200 OK

293 B

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/close.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size
293 B (293 bytes)
Hash
9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/close.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 293
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
etag: "6375047c-125"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/action_1.gif

157.230.4.182

200 OK

69 B

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/action_1.gif
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
69 B (69 bytes)
Hash
3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/action_1.gif HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/gif
content-length: 69
last-modified: Thu, 04 May 2023 15:59:08 GMT
etag: "6453d64c-45"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/action_2.gif

157.230.4.182

200 OK

377 B

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/action_2.gif
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
377 B (377 bytes)
Hash
c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/action_2.gif HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/gif
content-length: 377
last-modified: Thu, 04 May 2023 15:59:20 GMT
etag: "6453d658-179"
accept-ranges: bytes
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/action_3.gif

157.230.4.182

200 OK

234 B

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/action_3.gif
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
GIF image data, version 89a, 16 x 16\012- data
Size
234 B (234 bytes)
Hash
9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/action_3.gif HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/gif
content-length: 234
last-modified: Thu, 04 May 2023 15:59:32 GMT
etag: "6453d664-ea"
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 10:05:24 GMT
expires: Sat, 19 Oct 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 163576
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/img/body-bg.png

157.230.4.182

200 OK

91 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/body-bg.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, progressive, precision 8, 1780x690, components 3\012- data
Size
91 kB (91216 bytes)
Hash
e7ad308a98c003cb84c7ac3a769f9e9a
c0851e9e4cdedc357c96861186035464a16786b3
fa0e74e1ef205c885b7f5e9a7f33acfa11a062f73a50bb44514a2cfab8af8742

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/body-bg.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/folder/css/custom.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 91216
last-modified: Mon, 11 Sep 2023 15:15:08 GMT
etag: "64ff2efc-16450"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
af18517e389f52e705309f80ad7eed93
7d699d3c5f94e06728491495833e523ac591e446
a0e19e2db76b997e503001660a6753ba10accaf7c9fd346e3a469459a01dcdf9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
12c07edcf53fb49353ce2c848271642e
d228a499bfa9834ef943073af8b51bc635b77c33
ffb4c59382b09e454f1196963fb42189ba55d2f30dd894d212b80dcc63e5147a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rodeks.xyz/1Ai/folder/img/favicon.png

157.230.4.182

200 OK

4.8 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/img/favicon.png
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
PNG image data, 173 x 173, 8-bit/color RGBA, non-interlaced\012- data
Size
4.8 kB (4768 bytes)
Hash
0630fa87188d254a5cbf83f179353bd8
e3c07dcc1cd67a7b85db2412f4afa588aae5310a
bfe9b8be99014adf8c12bd59c0c4eab2707d507327accfac6ba7f9776a0523f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/img/favicon.png HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: image/png
content-length: 4768
last-modified: Mon, 11 Sep 2023 15:16:21 GMT
etag: "64ff2f45-12a0"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
12c07edcf53fb49353ce2c848271642e
d228a499bfa9834ef943073af8b51bc635b77c33
ffb4c59382b09e454f1196963fb42189ba55d2f30dd894d212b80dcc63e5147a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 07:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css

142.250.74.35

200 OK

4.0 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Oct 2023 03:58:11 GMT
expires: Sun, 20 Oct 2024 03:58:11 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 99209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_main

142.250.74.106

200 OK

79 kB

URL GET HTTP/3
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_main
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (1822)
Size
79 kB (78662 bytes)
Hash
a23375d63966f66112d8ee47f88dae06
25f6df714f83bb7404f9933b0c69a4198691960f
b6990ddef25b866a204fcc398444b7e9e5b741c2004c44d6809ed1333172892f

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.lvVRgpcS49c.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpq4Xr-qzYbTBslb0UZZE_s6JLEhg/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 78662
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Oct 2023 18:10:56 GMT
expires: Wed, 16 Oct 2024 18:10:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 21:42:28 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 393644
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.207.227

200 OK

3.3 kB

URL GET HTTP/3
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6225), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Oct 2023 04:23:55 GMT
expires: Tue, 15 Oct 2024 04:23:55 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 529666
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.35

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/d=0/rs=AN8SPfrtPftKEg7PtUwWauRCo_c976LPSg/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 19:35:00 GMT
expires: Sat, 19 Oct 2024 19:35:00 GMT
cache-control: public, max-age=31536000
age: 129401
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.42

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 22 Oct 2023 07:31:41 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=W1ffbG8-sRCOF9QDhi2fuTcIBWmKbeZOOfT-Clhm5FJ4l3nYbXGuflBPpLYV8UHq5eM30kMxNrxsLRL7ccRmTmNQ0oAkNKRQiPMhedPhY0s94o8P2Lk5fXI1aYprwIY0gU6YFceoUIwFYZYqNXPA3nE4a_DoSmLt0oNWBZExuso; expires=Mon, 22-Apr-2024 07:31:41 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
CONSENT=PENDING+060; expires=Tue, 21-Oct-2025 07:31:41 GMT; path=/; domain=.googleapis.com; Secure
expires: Sun, 22 Oct 2023 07:31:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.106

200 OK

0 B

URL POST HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Referer: https://rodeks.xyz/
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://rodeks.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
content-type: text/plain; charset=UTF-8
date: Sun, 22 Oct 2023 07:31:51 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+562; expires=Tue, 21-Oct-2025 07:31:51 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 22 Oct 2023 07:31:51 GMT
cache-control: private

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.106

200 OK

131 B

URL POST HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Encoding: gzip
Content-Type: application/binary
Content-Length: 305
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://rodeks.xyz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sun, 22 Oct 2023 07:31:51 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+197; expires=Tue, 21-Oct-2025 07:31:51 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 22 Oct 2023 07:31:51 GMT

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Oct 2023 15:25:53 GMT
expires: Fri, 18 Oct 2024 15:25:53 GMT
cache-control: public, max-age=31536000
age: 230760
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rodeks.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Oct 2023 11:13:54 GMT
expires: Sun, 20 Oct 2024 11:13:54 GMT
cache-control: public, max-age=31536000
age: 73079
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

rodeks.xyz/1Ai/folder/js/cookie.js

157.230.4.182

200 OK

2.2 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/js/cookie.js
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
ASCII text, with very long lines (2304), with no line terminators
Size
2.2 kB (2198 bytes)
Hash
79218c8e4d6b9589da61b4daddd1d721
c8bdf2b44db9327ac24f0d02e2aa0bfc69097ab5
db4e31aaf6f2022d9cd8c052537ee237b0b69cd49ab27d6d29913bf401b1ea5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/js/cookie.js HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 15:40:44 GMT
vary: Accept-Encoding
etag: W/"6375047c-896"
content-encoding: gzip
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

216.58.211.14

200 OK

87 kB

URL GET HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type
ASCII text, with very long lines (2450)
Size
87 kB (87443 bytes)
Hash
00d868d4ba0663653801b20e21eee416
681abcebabca893ceab06b003cf812a65df63ede
5bbb4d3d23a62ef9b3528e2406d0ae32f152b3749853751e8a698cef6e9638d0

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 22 Oct 2023 07:31:40 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+976; expires=Tue, 21-Oct-2025 07:31:40 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/folder/js/langs.js

157.230.4.182

200 OK

1.2 kB

URL GET HTTP/2
rodeks.xyz/1Ai/folder/js/langs.js
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
ASCII text, with very long lines (1223), with no line terminators
Size
1.2 kB (1157 bytes)
Hash
00d68d5fcbe959205761ae2eb92bda5a
e70670eba70fd9428d8ee7d8acacea623bd72d4f
994454fb2f960994c4f0721e63734138eb06498b18f1236e39d4c66de579b054

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/folder/js/langs.js HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:40 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 15:40:46 GMT
vary: Accept-Encoding
etag: W/"6375047e-485"
content-encoding: gzip
X-Firefox-Spdy: h2

rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D

157.230.4.182

200 OK

8.1 kB

URL User Request GET HTTP/2
rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
IP
157.230.4.182:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectrodeks.xyz
Fingerprint42:5E:88:E0:B4:7F:D8:3F:CC:D6:BC:91:E3:BA:27:B9:F4:7F:84:C6
ValidityMon, 11 Sep 2023 07:35:18 GMT - Sun, 10 Dec 2023 07:35:17 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9787), with no line terminators
Size
8.1 kB (8064 bytes)
Hash
f1ae5cfed301609b5954f2482c26bbbd
3cdace3146fb05d718c728596b15f7db77d70dad
b8d67426ba69981f2aae29477894b20768e135ad6dd1c2c35efbe0937822f946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D HTTP/1.1
Host: rodeks.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Oct 2023 07:31:39 GMT
content-type: text/html
last-modified: Thu, 12 Oct 2023 09:13:25 GMT
vary: Accept-Encoding
etag: W/"6527b8b5-1f80"
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500&display=swap

142.250.74.106

200 OK

23 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rodeks.xyz/1Ai/7.html?cep=eF8N0S1aQUUX9Frygsdt4FaE0oUpbO27pB0-IazcfpVEZz7ugmwo1iCoz7tTu0Dgy-hDwbCHhA9vZnpuKT6OILP7GLm1OJ88p5sxAicgN9CuLAx2WTvJkhn-gPi4gGMDAIFQJqgHf7gJDCOA7s1G04YdCvLPTcBc8LX4k8rn7hxc55iIkD8eag0-Molf6E-GZAqf1LrFrf0qlOCuytrighAS-OXDyB8T-NStbfY2cufhw0t4nXqZVV6WrpwASIFmU_AsLPt5m8CY14bc8lRzKkIINmI7-MqaY-CMo4Itae8kg-Jl81PfJDPURjVWH2d34QUS6ZOF2cGxc2bQop-JV3napNdtW1dCmrCb6oIVGWLjDO6mBtQ-gm5GZP38a19dkYPOkE6eZ731cr0bospRwhUjRKEWXf-X4tdoxB6RDSFFx0YJbqm4PSzZnZvhqF2UeYYpgCLlvWgb7hRouPCmMVJnjXfSvJI3TnL93n1-PS0G3wrOlWEbZLduNh1AMnQNkgUf0Fkc4stxkO7lL0E728qBQNTEleHkULvOVRIccbUA9Y30Mkg3X1TpkTBSIA5qm6D1xTLJQkHgEGGYW490JA&lptoken=160197c5961516979976&feed=%5Bfeed%5D&hash=%5Bhash%5D&creative=%5Bcreative%5D&ip=%5Bip%5D&campaign=Hong_Kong-NORTON_YEP%282422527%29_10.23_1&tsource=clickstar_Kate2&subday=%5Bsubday%5D&price=%5Bprice%5D&clickid=%5Bclickid%5D
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text
Size
23 kB (22848 bytes)
Hash
475fdcefe43148c8cc1d41058c3811db
ef377d6d46b7ba726341fbc3f7d6213a05fa9d80
fde3368365ff80618dade0f5e409f3bb483aba6d3e769a302e9dba3d246dd1b3

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rodeks.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Oct 2023 07:31:40 GMT
date: Sun, 22 Oct 2023 07:31:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (46)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP