Report - 104.248.145.214/

Report Overview

Visited public
2023-11-28 05:39:26
Tags
URL
104.248.145.214/
Finishing URL
104.248.145.214/
IP / ASN
104.248.145.214
#14061 DIGITALOCEAN-ASN
Title
ALEXISTOGEL Bandar Totomacau Hari Ini Gampang Menang

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2023-11-27 05:10:54	348 B	1.2 kB	104.18.38.233
104.248.145.214	unknown	unknown	2019-07-06 20:18:21	2023-08-20 05:51:50	482 B	61 kB	104.248.145.214
cdn.ampproject.org	329	2015-08-31	2015-10-09 06:27:01	2023-11-27 18:12:06	3.3 kB	109 kB	216.58.207.193
iili.io	205542	2018-10-09	2018-10-12 12:50:17	2023-11-28 00:24:09	1.7 kB	3.1 MB	104.21.235.69

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	104.248.145.214	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs	ScriptElement	6.6 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen21 Hash 92c65cb7280c548cdb1d579dcf83bb6a fa3a52035ef800854d0fa6ef3e45221172b0240a a680d5747fedecc5b1ce102c89a72a7f4a25afcbe276b8e3d33a71b8573d3b0f Loading...

	cdn.ampproject.org/rtv/012310301456000/v0/amp-loader-0.1.mjs	ScriptElement	12 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/rtv/012310301456000/v0/amp-loader-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen26 Hash 603d56482815a27c1d8fd603c6ac7824 5abc1f14238661dbe519d3fc1f5a11ec60645a46 601aac2906728ec7bfd904caa2b451cfa24f68e3e07910ae22a13e0b5f86b15e Loading...

	cdn.ampproject.org/rtv/012310301456000/v0/amp-auto-lightbox-0.1.mjs	ScriptElement	7.1 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/rtv/012310301456000/v0/amp-auto-lightbox-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen23 Hash f45f4178ba2802a81c02ee2e2b5f5fc6 719c23183511055c6ea59271494498556b0cfd48 53d1e1aacf0e8663bf5994704d2eb7c7cb5aa44a2cd24a584ffc68891c14cffb Loading...

	cdn.ampproject.org/v0/amp-accordion-0.1.mjs	ScriptElement	14 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/v0/amp-accordion-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen21 Hash a91af64fdc1d547b64b21116e06c3788 a81085de35de5a58da4ca6c76f1fb86cc4c623f1 c82ab7c05c6e2cc10bc48bb3e06272ff7eff8800587c0c2afed584811b97244d Loading...

	cdn.ampproject.org/v0.mjs	ScriptElement	228 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/v0.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen32 Hash 16d309dcefab221e11669d5395a8ce3d 86bef336752031ddbc7457cfcb725e51138ecacf 5370c8c49c1209855468b96dfba0e5aa596a90ca82cbeacbc303fba9b8c7eb18 Loading...

	cdn.ampproject.org/v0/amp-carousel-0.1.mjs	ScriptElement	34 kB	2023-11-15	2023-11-28
Pretty URL cdn.ampproject.org/v0/amp-carousel-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 20:11 Last Seen2023-11-28 20:22 Times Seen22 Hash 713d82c421c14d0afc4796186a366dc9 741b98932df7644ae631e36c261a3827b5d99ce7 4dee2e5aa10555026f205dabff8ca2785b77646b0b744bd633a4dec2cd10bb35 Loading...

	cdn.ampproject.org/v0/amp-youtube-0.1.mjs	ScriptElement	32 kB	2023-11-16	2023-11-28
Pretty URL cdn.ampproject.org/v0/amp-youtube-0.1.mjs IP 216.58.207.193 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:13 Last Seen2023-11-28 20:22 Times Seen20 Hash b374e7d9f7f54524e9e9d17f6a721ef3 3d859d327aa2a9b3de8d8d4f9ee1bde773274670 dd03f1d97d83631179e50cf829254ccd4a0ca3ce0703a5adaa857c764a0ab7d6 Loading...

HTTP Transactions (13)

URL IP Response Size

zerossl.ocsp.sectigo.com/

104.18.38.233

727 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
a76e8beee5b3f23580b8e289742871a5
f62771ee0524d528304c5c72939bd22004ccca1a
8efad6181db02537ee0837346013d794f52fee5e0063ad824e8fbec51fc8082a

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 05:39:08 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 19:57:41 GMT
Expires: Mon, 04 Dec 2023 19:57:40 GMT
Etag: "f62771ee0524d528304c5c72939bd22004ccca1a"
Cache-Control: max-age=569311,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82d044c7c850b4f4-OSL

104.248.145.214/

104.248.145.214

200 OK

60 kB

URL User Request GET HTTP/1.1
104.248.145.214/
IP
104.248.145.214:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerZeroSSL
Subject104.248.145.214
Fingerprint8A:A2:35:3C:A4:0B:F4:69:86:44:D3:43:58:95:00:09:CB:44:5F:9C
ValidityFri, 17 Nov 2023 00:00:00 GMT - Thu, 15 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
60 kB (60541 bytes)
Hash
b63ca19b9495ea67e1491a255497462e
55dea3363b4d61fbd5ab141d798d9377ab739ad5
0b9fb17a182269fcd0264ee79508fb3b889cb5fd964c7f3a9ba710d4a4ef6d3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 104.248.145.214
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 05:39:08 GMT
Server: Apache/2.4.57 (Ubuntu)
Last-Modified: Fri, 24 Nov 2023 13:22:07 GMT
ETag: "ec7d-60ae5d6c55bc0"
Accept-Ranges: bytes
Content-Length: 60541
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

cdn.ampproject.org/v0/amp-accordion-0.1.mjs

216.58.207.193

200 OK

4.9 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-accordion-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
ASCII text, with very long lines (14003)
Size
4.9 kB (4856 bytes)
Hash
a91af64fdc1d547b64b21116e06c3788
a81085de35de5a58da4ca6c76f1fb86cc4c623f1
c82ab7c05c6e2cc10bc48bb3e06272ff7eff8800587c0c2afed584811b97244d

HTTP Headers

GET /v0/amp-accordion-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 4856
date: Tue, 28 Nov 2023 05:39:08 GMT
expires: Tue, 28 Nov 2023 05:39:08 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "6569e84ac87b3e48"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-carousel-0.1.mjs

216.58.207.193

200 OK

10 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-carousel-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (33395)
Size
10 kB (10085 bytes)
Hash
713d82c421c14d0afc4796186a366dc9
741b98932df7644ae631e36c261a3827b5d99ce7
4dee2e5aa10555026f205dabff8ca2785b77646b0b744bd633a4dec2cd10bb35

HTTP Headers

GET /v0/amp-carousel-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 10085
date: Tue, 28 Nov 2023 05:39:08 GMT
expires: Tue, 28 Nov 2023 05:39:08 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "9c1e4e7f5d08c603"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-youtube-0.1.mjs

216.58.207.193

200 OK

10 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-youtube-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
ASCII text, with very long lines (31498)
Size
10 kB (10319 bytes)
Hash
b374e7d9f7f54524e9e9d17f6a721ef3
3d859d327aa2a9b3de8d8d4f9ee1bde773274670
dd03f1d97d83631179e50cf829254ccd4a0ca3ce0703a5adaa857c764a0ab7d6

HTTP Headers

GET /v0/amp-youtube-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 10319
date: Tue, 28 Nov 2023 05:39:08 GMT
expires: Tue, 28 Nov 2023 05:39:08 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "9f56a693ff90028c"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs

216.58.207.193

200 OK

2.4 kB

URL GET HTTP/2
cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
ASCII text, with very long lines (6424)
Size
2.4 kB (2375 bytes)
Hash
92c65cb7280c548cdb1d579dcf83bb6a
fa3a52035ef800854d0fa6ef3e45221172b0240a
a680d5747fedecc5b1ce102c89a72a7f4a25afcbe276b8e3d33a71b8573d3b0f

HTTP Headers

GET /v0/amp-install-serviceworker-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2375
date: Tue, 28 Nov 2023 05:39:08 GMT
expires: Tue, 28 Nov 2023 05:39:08 GMT
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "5a3409af75db7a68"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/v0.mjs

216.58.207.193

200 OK

64 kB

URL GET HTTP/2
cdn.ampproject.org/v0.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (64678)
Size
64 kB (63601 bytes)
Hash
16d309dcefab221e11669d5395a8ce3d
86bef336752031ddbc7457cfcb725e51138ecacf
5370c8c49c1209855468b96dfba0e5aa596a90ca82cbeacbc303fba9b8c7eb18

HTTP Headers

GET /v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 63601
date: Tue, 28 Nov 2023 05:39:08 GMT
expires: Tue, 28 Nov 2023 05:39:08 GMT
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "363418149fafb183"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

iili.io/JFpMAKv.png

104.21.235.69

200 OK

50 kB

URL GET HTTP/2
iili.io/JFpMAKv.png
IP
104.21.235.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://104.248.145.214/
Certificate
IssuerLet's Encrypt
Subjectiili.io
FingerprintAE:84:80:B6:C0:17:87:BE:88:A5:59:04:5D:9F:99:A3:AD:75:1C:A0
ValiditySun, 08 Oct 2023 14:56:20 GMT - Sat, 06 Jan 2024 14:56:19 GMT

File type
PNG image data, 800 x 187, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (50429 bytes)
Hash
dba93fd5efb6c52c4ae1456ff8a966a1
865bb718157d23b43291efaed52559d4a3ab319a
3a1c6d09ea48f3c0792e49c6527b8c7ef1414df62e8191104310c949e68fce92

HTTP Headers

GET /JFpMAKv.png HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 05:39:09 GMT
content-type: image/png
content-length: 50429
last-modified: Fri, 20 Oct 2023 09:16:23 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFJqqWopzDBixAb3wINLMSu%2B9X8utUQllZ%2B%2FmYUsNX0sgoMtujrYL7UyLx9Ks4lDRSS9DBHYYWX2Z1r6TpNwoETqt2qF2H2%2FKCxSsZlN3nNtKJdmdegWTN8T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d044cd8e344c7e-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

iili.io/JnKXdoF.png

104.21.235.69

200 OK

542 kB

URL GET HTTP/2
iili.io/JnKXdoF.png
IP
104.21.235.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://104.248.145.214/
Certificate
IssuerLet's Encrypt
Subjectiili.io
FingerprintAE:84:80:B6:C0:17:87:BE:88:A5:59:04:5D:9F:99:A3:AD:75:1C:A0
ValiditySun, 08 Oct 2023 14:56:20 GMT - Sat, 06 Jan 2024 14:56:19 GMT

File type
PNG image data, 840 x 473, 8-bit/color RGBA, non-interlaced\012- data
Size
542 kB (541615 bytes)
Hash
165c84264506509bf1a0f67f08782138
93643dde80aa4376b8c60a0391967b6cd2916d0d
aaaad629d8cd2687b625794879de3e2ac7736cfc1ea63c40dae56192fca7300a

HTTP Headers

GET /JnKXdoF.png HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 05:39:09 GMT
content-type: image/png
content-length: 541615
last-modified: Fri, 17 Nov 2023 03:48:08 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=latgRVFP45R1mSww0tbr9F%2FVgFWcMJ9LlnaGEdIxS1Lz%2Ftkcx9XHtqcJtjEpbJdzj0fvDzhCmSrsyhtEn6ITOf6bFwqSXRyUruzEUGKOUOLtavA6rZWHDonA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d044cd8e334c7e-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012310301456000/v0/amp-loader-0.1.mjs

216.58.207.193

200 OK

3.9 kB

URL GET HTTP/2
cdn.ampproject.org/rtv/012310301456000/v0/amp-loader-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
ASCII text, with very long lines (12246)
Size
3.9 kB (3911 bytes)
Hash
603d56482815a27c1d8fd603c6ac7824
5abc1f14238661dbe519d3fc1f5a11ec60645a46
601aac2906728ec7bfd904caa2b451cfa24f68e3e07910ae22a13e0b5f86b15e

HTTP Headers

GET /rtv/012310301456000/v0/amp-loader-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 3911
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 21:51:09 GMT
expires: Thu, 21 Nov 2024 21:51:09 GMT
cache-control: public, max-age=31536000
age: 460081
etag: "e252ee9bb85aa31b"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.ampproject.org/rtv/012310301456000/v0/amp-auto-lightbox-0.1.mjs

216.58.207.193

200 OK

2.8 kB

URL GET HTTP/2
cdn.ampproject.org/rtv/012310301456000/v0/amp-auto-lightbox-0.1.mjs
IP
216.58.207.193:443
ASN
#15169 GOOGLE

Requested by
https://104.248.145.214/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE
ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT

File type
ASCII text, with very long lines (6972)
Size
2.8 kB (2819 bytes)
Hash
f45f4178ba2802a81c02ee2e2b5f5fc6
719c23183511055c6ea59271494498556b0cfd48
53d1e1aacf0e8663bf5994704d2eb7c7cb5aa44a2cd24a584ffc68891c14cffb

HTTP Headers

GET /rtv/012310301456000/v0/amp-auto-lightbox-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://104.248.145.214
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 2819
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 07:25:32 GMT
expires: Fri, 22 Nov 2024 07:25:32 GMT
cache-control: public, max-age=31536000
etag: "636e6eff575c1759"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 425618
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

iili.io/JFuqn0N.png

104.21.235.69

200 OK

28 kB

URL GET HTTP/3
iili.io/JFuqn0N.png
IP
104.21.235.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://104.248.145.214/
Certificate
IssuerLet's Encrypt
Subjectiili.io
FingerprintAE:84:80:B6:C0:17:87:BE:88:A5:59:04:5D:9F:99:A3:AD:75:1C:A0
ValiditySun, 08 Oct 2023 14:56:20 GMT - Sat, 06 Jan 2024 14:56:19 GMT

File type
PNG image data, 195 x 195, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28393 bytes)
Hash
73c52051d843008620933721f870d818
e7dc7b83acf355548e40ccee499f74166c1b95ec
8ddb455c088244464519bad137e4f03f1d3a4767e125aeeca0a6c3c1c7730d97

HTTP Headers

GET /JFuqn0N.png HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 05:39:10 GMT
content-type: image/png
content-length: 28393
last-modified: Mon, 16 Oct 2023 08:56:32 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: HIT
age: 162695
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BwiWREcjYFlQU95qKFRutr6vTBtklvy%2Fb1vpx26YFW8QaStjKg0613xPECu8gWVri%2FhUfwHHx2VpmsO9Y3JpAvpseSd4Tmm4J26U3wnLyOvs6aZEotlmpCH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d044d48fd84c7b-HEL
alt-svc: h3=":443"; ma=86400

iili.io/JJC8ecb.gif

104.21.235.69

200 OK

2.5 MB

URL GET HTTP/3
iili.io/JJC8ecb.gif
IP
104.21.235.69:443
ASN
#13335 CLOUDFLARENET

Requested by
https://104.248.145.214/
Certificate
IssuerLet's Encrypt
Subjectiili.io
FingerprintAE:84:80:B6:C0:17:87:BE:88:A5:59:04:5D:9F:99:A3:AD:75:1C:A0
ValiditySun, 08 Oct 2023 14:56:20 GMT - Sat, 06 Jan 2024 14:56:19 GMT

File type
GIF image data, version 89a, 768 x 95\012- data
Size
2.5 MB (2495504 bytes)
Hash
1759995ea889170933063f0d40fb28e7
e3b8525e2e8d30e79824fde11743ec32dd062da1
8b3daae880818bfeb54db9295c4c373db23b08336c9f7496ed749fed9ae79f8d

HTTP Headers

GET /JJC8ecb.gif HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://104.248.145.214/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 05:39:10 GMT
content-type: image/gif
content-length: 2495504
last-modified: Thu, 21 Sep 2023 06:16:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GhvzR1Gc7Ys63HgwCK5ZbRX4EKdipXeU%2FwiDxKrZ9M3%2BoFVf7i74jV2gzu%2BgfHn%2FMvRiTf%2FRXpoSpF0VugCVEgV9pfp%2B8p3cbl2vo4HdOC4cIIPr%2BhQ2Lkc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d044d3de504c7b-HEL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2