| www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t | 142.250.74.67 | 302 Found | 287 B |
URL www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t IP142.250.74.67:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash858d53ac67ee9e919ab73c51e2101eae 965d7e9b9f439f3ddad28c18666071e8e284abe8 8cb1b4deb269c18d365de3b76338c7611908535bcebafea66a5468c25ca62d3a
GET /url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://www.google.it/amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-7wzEnNWfj-_5T9NSDGZGog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Wed, 06 Nov 2024 16:36:35 GMT
server: gws
content-length: 287
x-xss-protection: 0
set-cookie: __Secure-ENID=23.SE=Qh9fJIm9mKJaNs8xiBoDIRwAjXmz92S7QaxtgCGu_pOLdVpyDBclIThP506xSNDq04Om2pMYWHRylkJ4x96aSDdsGZvUEAyBn5szSa-cPuwoi6SC9i57CUPtRocMxN-N7rBp3wUs3UdsZG6gjjx0Tj1Sl7TOiOKiSA01uhy0lqdWQl2C_WTGTlMYhM-20bdlV4gEk2dLW5gK3SIaGw8VYWvXjBswLsWxyrq1k9Y; expires=Sun, 07-Dec-2025 08:54:53 GMT; path=/; domain=.google.it; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| www.google.it/amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t | 142.250.74.67 | 302 Found | 268 B |
URL www.google.it/amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t IP142.250.74.67:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash220e89f70afd1f708b3f4e94e11cc4bd 5e065ac067783cc2eaea66a1628e31bfa8684d77 162585a8482164482e2860d1715931a62bb70da5a789d835b0a6323459256f16
GET /amp/newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=23.SE=Qh9fJIm9mKJaNs8xiBoDIRwAjXmz92S7QaxtgCGu_pOLdVpyDBclIThP506xSNDq04Om2pMYWHRylkJ4x96aSDdsGZvUEAyBn5szSa-cPuwoi6SC9i57CUPtRocMxN-N7rBp3wUs3UdsZG6gjjx0Tj1Sl7TOiOKiSA01uhy0lqdWQl2C_WTGTlMYhM-20bdlV4gEk2dLW5gK3SIaGw8VYWvXjBswLsWxyrq1k9Y
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
location: http://newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-hZCNUyJd43dw9HaxOIqazQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Wed, 06 Nov 2024 16:36:35 GMT
server: gws
content-length: 268
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t | 103.28.36.108 | 200 OK | 20 B |
URL newhomesvn.com/cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t IP103.28.36.108:0 ASN#131353 NhanHoa Software company
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /cgi//39a/amVmZkBsYW1iZXJ0Y29uc3RydWN0aW9uY28uY29t HTTP/1.1
Host: newhomesvn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
refresh: 0;url=https://dba.conitystabc.com/6J4Z/#Djeff@lambertconstructionco.com
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-length: 20
content-encoding: gzip
date: Wed, 06 Nov 2024 16:36:36 GMT
server: LiteSpeed
x-content-type-options: nosniff
|
| dba.conitystabc.com/6J4Z/ | 0.0.0.0 | | 0 B |
URL User Request GET dba.conitystabc.com/6J4Z/ IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /6J4Z/ HTTP/1.1
Host: dba.conitystabc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|