Report - priz2mail.blogspot.com/

Report Overview

Visited public
2023-12-06 02:53:54
Tags
URL
priz2mail.blogspot.com/
Finishing URL
get-bitminer-pro.top/
IP / ASN
172.217.21.161
#15169 GOOGLE
Title
Bitcoin Bonus

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
priz2mail.blogspot.com	unknown	unknown	No data	No data	938 B	12 kB	172.217.21.161
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-12-05 08:22:33	1.8 kB	137 kB	216.58.207.233
resources.blogblog.com	13274	2000-09-15	2017-01-30 05:47:40	2023-12-05 08:22:33	2.0 kB	3.5 kB	216.58.207.233
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-05 08:15:49	441 B	31 kB	142.250.74.138
get-bitminer-pro.top	unknown	2023-11-30	2023-11-30 23:39:06	2023-12-01 00:01:56	6.9 kB	620 kB	91.215.85.242
apis.google.com	105	1997-09-15	2013-05-06 22:20:21	2023-12-05 05:34:08	2.4 kB	170 kB	172.217.21.174
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-12-05 15:04:04	902 B	1.4 kB	142.250.74.130
vampismegor.blogspot.com	unknown	unknown	No data	No data	986 B	12 kB	172.217.21.161
newsgosite.top	unknown	2023-11-30	2023-11-30 23:07:21	2023-12-04 05:16:05	1.6 kB	4.0 kB	91.215.85.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-06 02:53:45	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-06	medium	newsgosite.top	Sinkholed
2023-12-06	medium	newsgosite.top	Sinkholed
2023-12-06	medium	newsgosite.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed
2023-12-06	medium	get-bitminer-pro.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	get-bitminer-pro.top/static/js/main.c8f78143.js	ScriptElement	840 kB	2023-10-25	2024-08-21
Pretty URL get-bitminer-pro.top/static/js/main.c8f78143.js IP 91.215.85.242 ASN #34665 Petersburg Internet Network ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 05:00 Last Seen2024-08-21 03:31 Times Seen5 Hash 2395919236949121f49758673a8d22c6 cbb31b4093d1754ed3a41837eb6bd643bf6013e2 4e8c9a177c0effb216daef87c908927df7a175101c850062c01506686bcac248 Loading...

HTTP Transactions (37)

URL IP Response Size

priz2mail.blogspot.com/

172.217.21.161

8.6 kB

URL
priz2mail.blogspot.com/
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3887)
Size
8.6 kB (8556 bytes)
Hash
3a0271f3fc0d0a848a92f56fed436325
a644b32238596ee90f501ffb68884294ff985be4
a8c5b08d86c6e8dc7f40d478bb2a8545d2b8628364d0225d7b1138db1a3dbb6a

HTTP Headers

GET / HTTP/1.1
Host: priz2mail.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Wed, 06 Dec 2023 02:53:37 GMT
date: Wed, 06 Dec 2023 02:53:37 GMT
cache-control: private, max-age=0
last-modified: Mon, 04 Dec 2023 18:22:05 GMT
etag: W/"e4b6a33fac255695a69d5a53e208bb6929caf2bd72bc075d40d33519c4f394e1"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 8556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

priz2mail.blogspot.com/js/cookienotice.js

172.217.21.161

2.0 kB

URL
priz2mail.blogspot.com/js/cookienotice.js
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: priz2mail.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Wed, 06 Dec 2023 02:53:38 GMT
expires: Wed, 13 Dec 2023 02:53:38 GMT
cache-control: public, max-age=604800
last-modified: Tue, 05 Dec 2023 19:42:42 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.blogger.com/static/v1/widgets/3754116945-widgets.js

216.58.207.233

59 kB

URL
www.blogger.com/static/v1/widgets/3754116945-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2258)
Size
59 kB (59286 bytes)
Hash
0f3580b0033bbd151cdb647634be7404
4d8508ef28b0e50fa8c28ccaeb1f2a6855a75bdc
38d944d88c98612f76ed693afb143f1c032ca27ba56ec46a6714ab3dc511f974

HTTP Headers

GET /static/v1/widgets/3754116945-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:26:52 GMT
expires: Wed, 04 Dec 2024 07:26:52 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 23:28:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 70006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/js/platform.js

172.217.21.174

22 kB

URL
apis.google.com/js/platform.js
IP
172.217.21.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2664)
Size
22 kB (21930 bytes)
Hash
fd67324a3d81895bdf76b073089663b1
5abb1b0a36c645085e31830e6647faa790ad4e91
8eaa06f95fa0ac44c2c186f200874f2f3ebc3aaa92412f0d0c096f517d3581d1

HTTP Headers

GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21930
date: Wed, 06 Dec 2023 02:53:38 GMT
expires: Wed, 06 Dec 2023 02:53:38 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "bccfddc1dce4fb76"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=LudaXG2I9c9jAV-NF4I54KZvsVoidgK62qXqAk3euTDrS9QIG2kzhTawWYHCLLkVxRlbp_sFXKkuBVSBlaOGAYopHf6CBwtXU-0_79yC1NEEJRwT4wDR5eN7AbUACrZnvPo5lZ8syZiYIVxvvRpkk8hlHrLsch0aik-WiXj7Cbs; expires=Thu, 06-Jun-2024 02:53:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

216.58.207.233

7.8 kB

URL
www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (35959)
Size
7.8 kB (7756 bytes)
Hash
1e32420a7b6ddbdcb7def8b3141c4d1e
a1be54d42ff1f95244c9653539f90318f5bc0580
a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2

HTTP Headers

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 14:57:21 GMT
expires: Wed, 04 Dec 2024 14:57:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 16:56:43 GMT
content-type: text/css
vary: Accept-Encoding
age: 42977
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs

172.217.21.174

61 kB

URL
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs
IP
172.217.21.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1505)
Size
61 kB (60962 bytes)
Hash
71aaa92f748ba3c48d6edfb40204d614
ad1ca8c338494256d564ee7857707f758e03948b
215f3b01f5decd286eb88ac2dc56b997e6cd2ce8f47998dfa9e2917f8b890982

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Cookie: NID=511=LudaXG2I9c9jAV-NF4I54KZvsVoidgK62qXqAk3euTDrS9QIG2kzhTawWYHCLLkVxRlbp_sFXKkuBVSBlaOGAYopHf6CBwtXU-0_79yC1NEEJRwT4wDR5eN7AbUACrZnvPo5lZ8syZiYIVxvvRpkk8hlHrLsch0aik-WiXj7Cbs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 60962
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 16:07:21 GMT
expires: Wed, 04 Dec 2024 16:07:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Nov 2023 22:37:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 38777
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pagead2.googlesyndication.com/pagead/js/google_top_exp.js

142.250.74.130

42 B

URL
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
42 B (42 bytes)
Hash
7f5f2be159837d73b72a4b37616bce44
c93d7f25b530b05c26440d3352213b683d03dcc3
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2

HTTP Headers

GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 42
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:32:03 GMT
expires: Tue, 19 Dec 2023 11:32:03 GMT
cache-control: public, max-age=1209600
age: 55295
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

216.58.207.233

95 B

URL
resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
PNG image data, 10 x 10, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
3b2a20d5b0ba4ca0c5dd90865ad6b9c4
a90928a16d11d21e112b45b60990a9d7d19cc1d5
0fdcb4746995f0d5240e5ec11370cb950722a894f3cff4118aa68ccc92010edd

HTTP Headers

GET /blogblog/data/1kt/simple/body_gradient_tile_light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 95
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:31:27 GMT
expires: Tue, 12 Dec 2023 07:31:27 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 13:04:18 GMT
content-type: image/png
age: 69731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

216.58.207.233

403 B

URL
resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced\012- data
Size
403 B (403 bytes)
Hash
4f7de2e6afefb125b1f14fa5cda610ee
57a145f234b504a73f9d55cf39f2231a04719456
ecb30886406e3f776ff7bc3834de849944471e626ff148bed2fa389d02866044

HTTP Headers

GET /blogblog/data/1kt/simple/gradients_light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 403
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 21:59:39 GMT
expires: Mon, 11 Dec 2023 21:59:39 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 17:58:01 GMT
content-type: image/png
age: 104039
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

vampismegor.blogspot.com/

172.217.21.161

8.6 kB

URL
vampismegor.blogspot.com/
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3935)
Size
8.6 kB (8572 bytes)
Hash
f96bb5cc67cfbcdda06506d0a24714ba
7e29c1a629ed0b41dd62f77b92aaa65949f651a6
884fe9e12af470d4e28a50485ed29e6d07566060a17944073d05d3d874c1f065

HTTP Headers

GET / HTTP/1.1
Host: vampismegor.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://priz2mail.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Wed, 06 Dec 2023 02:53:39 GMT
date: Wed, 06 Dec 2023 02:53:39 GMT
cache-control: private, max-age=0
last-modified: Tue, 05 Dec 2023 07:23:32 GMT
etag: W/"3626aed0034361be73d43fa2b552c597ed82a822a95e581331207c88568f2fb6"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 8572
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

vampismegor.blogspot.com/js/cookienotice.js

172.217.21.161

2.0 kB

URL
vampismegor.blogspot.com/js/cookienotice.js
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: vampismegor.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:42:31 GMT
expires: Mon, 11 Dec 2023 23:42:31 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 20:05:01 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 97868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

216.58.207.233

7.8 kB

URL
www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (35959)
Size
7.8 kB (7756 bytes)
Hash
1e32420a7b6ddbdcb7def8b3141c4d1e
a1be54d42ff1f95244c9653539f90318f5bc0580
a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2

HTTP Headers

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 14:57:21 GMT
expires: Wed, 04 Dec 2024 14:57:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 16:56:43 GMT
content-type: text/css
vary: Accept-Encoding
age: 42978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/3754116945-widgets.js

216.58.207.233

59 kB

URL
www.blogger.com/static/v1/widgets/3754116945-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2258)
Size
59 kB (59286 bytes)
Hash
0f3580b0033bbd151cdb647634be7404
4d8508ef28b0e50fa8c28ccaeb1f2a6855a75bdc
38d944d88c98612f76ed693afb143f1c032ca27ba56ec46a6714ab3dc511f974

HTTP Headers

GET /static/v1/widgets/3754116945-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:26:52 GMT
expires: Wed, 04 Dec 2024 07:26:52 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 23:28:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 70007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/js/platform.js

172.217.21.174

22 kB

URL
apis.google.com/js/platform.js
IP
172.217.21.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2664)
Size
22 kB (21930 bytes)
Hash
fd67324a3d81895bdf76b073089663b1
5abb1b0a36c645085e31830e6647faa790ad4e91
8eaa06f95fa0ac44c2c186f200874f2f3ebc3aaa92412f0d0c096f517d3581d1

HTTP Headers

GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 21930
date: Wed, 06 Dec 2023 02:53:39 GMT
expires: Wed, 06 Dec 2023 02:53:39 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "bccfddc1dce4fb76"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
set-cookie: NID=511=HiMIhHA0cC1rWl9C6DpLOGMtu5k3wQ7weWPfUU9pLYJdB-SaId0lG70b77Bn7GG4NxLHRY7cRPrKrGEzllexBfLwCbHGMpXewyAhTSP79FsPGYwAna2vDsfl1TdXpGBkqsZLvQJ6LmN0sO-O1o_XA7jxs6V8lK-ufYkYrVV6lJE; expires=Thu, 06-Jun-2024 02:53:39 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

216.58.207.233

403 B

URL
resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced\012- data
Size
403 B (403 bytes)
Hash
4f7de2e6afefb125b1f14fa5cda610ee
57a145f234b504a73f9d55cf39f2231a04719456
ecb30886406e3f776ff7bc3834de849944471e626ff148bed2fa389d02866044

HTTP Headers

GET /blogblog/data/1kt/simple/gradients_light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 403
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 21:59:39 GMT
expires: Mon, 11 Dec 2023 21:59:39 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 17:58:01 GMT
content-type: image/png
age: 104040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

216.58.207.233

95 B

URL
resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
PNG image data, 10 x 10, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
3b2a20d5b0ba4ca0c5dd90865ad6b9c4
a90928a16d11d21e112b45b60990a9d7d19cc1d5
0fdcb4746995f0d5240e5ec11370cb950722a894f3cff4118aa68ccc92010edd

HTTP Headers

GET /blogblog/data/1kt/simple/body_gradient_tile_light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 95
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:31:27 GMT
expires: Tue, 12 Dec 2023 07:31:27 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 13:04:18 GMT
content-type: image/png
age: 69732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs

172.217.21.174

61 kB

URL
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs
IP
172.217.21.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1505)
Size
61 kB (60962 bytes)
Hash
71aaa92f748ba3c48d6edfb40204d614
ad1ca8c338494256d564ee7857707f758e03948b
215f3b01f5decd286eb88ac2dc56b997e6cd2ce8f47998dfa9e2917f8b890982

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.coKrc9A11Ng.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_J8xjByIzBlcB6zLaAkxsUwdPdIw/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Cookie: NID=511=HiMIhHA0cC1rWl9C6DpLOGMtu5k3wQ7weWPfUU9pLYJdB-SaId0lG70b77Bn7GG4NxLHRY7cRPrKrGEzllexBfLwCbHGMpXewyAhTSP79FsPGYwAna2vDsfl1TdXpGBkqsZLvQJ6LmN0sO-O1o_XA7jxs6V8lK-ufYkYrVV6lJE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 60962
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 16:07:21 GMT
expires: Wed, 04 Dec 2024 16:07:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Nov 2023 22:37:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 38778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pagead2.googlesyndication.com/pagead/js/google_top_exp.js

142.250.74.130

42 B

URL
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
42 B (42 bytes)
Hash
7f5f2be159837d73b72a4b37616bce44
c93d7f25b530b05c26440d3352213b683d03dcc3
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2

HTTP Headers

GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 42
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:32:03 GMT
expires: Tue, 19 Dec 2023 11:32:03 GMT
cache-control: public, max-age=1209600
age: 55296
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

newsgosite.top/go/a4x2/74y2

91.215.85.138

706 B

URL
newsgosite.top/go/a4x2/74y2
IP
91.215.85.138:0
ASN
#34665 Petersburg Internet Network ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1415), with no line terminators
Size
706 B (706 bytes)
Hash
e92832c6785d0d596ded8afe34e53b58
f0424d3a61d7edfd9d3ec43ef7dfc598fcec17bd
f514ff8050000db645c33177b557d6d33aa6e68a334a8d7edfdbbbfb79999e39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go/a4x2/74y2 HTTP/1.1
Host: newsgosite.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vampismegor.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: WUSID=spbrsk7ud00rjsv1atvnpqt1d6; expires=Wed, 04-Feb-2043 02:53:39 GMT; Max-Age=604800000; path=/; domain=newsgosite.top
u=a4x2; expires=Sat, 06-Jan-2024 02:53:39 GMT; Max-Age=2678400; path=/; domain=newsgosite.top
o=74y2.php%2Fa4x2%2F74y2; expires=Sat, 06-Jan-2024 02:53:39 GMT; Max-Age=2678400; path=/; domain=newsgosite.top
Vary: Accept-Encoding
Content-Encoding: gzip

ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js

142.250.74.138

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
30 kB (30433 bytes)
Hash
e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

HTTP Headers

GET /ajax/libs/jquery/3.7.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newsgosite.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30433
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 15:04:46 GMT
expires: Thu, 28 Nov 2024 15:04:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 560933
last-modified: Wed, 17 May 2023 18:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

newsgosite.top/favicon.ico

91.215.85.138

2.1 kB

URL
newsgosite.top/favicon.ico
IP
91.215.85.138:0
ASN
#34665 Petersburg Internet Network ltd.

File type
PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2090 bytes)
Hash
92665d8fd193095894714e6486df967a
8b3aef0a6f7ade9f3f6546a0fab06d3d9842416b
b560710f26db8637a5e5f85c36a4518b1c872ceb82d791b5d2cb4efb5ea3854e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: newsgosite.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newsgosite.top/go/a4x2/74y2
Cookie: WUSID=spbrsk7ud00rjsv1atvnpqt1d6; u=a4x2; o=74y2.php%2Fa4x2%2F74y2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:40 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 2090
Connection: keep-alive
Last-Modified: Tue, 28 Nov 2023 19:15:46 GMT
ETag: "82a-60b3b3ede5c80"
Accept-Ranges: bytes
Cache-Control: max-age=2592000

newsgosite.top/click_stat.php?usr=a4x2&offer=74y2&ip=91.90.42.154

91.215.85.138

49 B

URL
newsgosite.top/click_stat.php?usr=a4x2&offer=74y2&ip=91.90.42.154
IP
91.215.85.138:0
ASN
#34665 Petersburg Internet Network ltd.

File type
ASCII text, with no line terminators
Size
49 B (49 bytes)
Hash
4c8f1921a5dc1cf96726d95008c638c4
6004b7a637c958364320691cd8a9b1090283895e
acca73d7caa845265ca128047ac2300521613bcda779a582a2c61d0aff5b8dc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click_stat.php?usr=a4x2&offer=74y2&ip=91.90.42.154 HTTP/1.1
Host: newsgosite.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://newsgosite.top/go/a4x2/74y2
Cookie: WUSID=spbrsk7ud00rjsv1atvnpqt1d6; u=a4x2; o=74y2.php%2Fa4x2%2F74y2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Encoding: gzip

get-bitminer-pro.top/

91.215.85.242

200 OK

331 B

URL User Request GET HTTP/1.1
get-bitminer-pro.top/
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (562), with no line terminators
Size
331 B (331 bytes)
Hash
0244040b29633bd575d26c0e75e5e28b
8950ff63b4fd05e09a69cfccaf2fe85f50bab84a
6429b9d880a113f5debfbb105d5ea765e8b5a21ce6b9482e0dcf948369cd1870

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newsgosite.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

get-bitminer-pro.top/static/js/main.c8f78143.js

91.215.85.242

200 OK

255 kB

URL GET HTTP/1.1
get-bitminer-pro.top/static/js/main.c8f78143.js
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
ASCII text, with very long lines (65398)
Size
255 kB (255350 bytes)
Hash
2395919236949121f49758673a8d22c6
cbb31b4093d1754ed3a41837eb6bd643bf6013e2
4e8c9a177c0effb216daef87c908927df7a175101c850062c01506686bcac248

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/main.c8f78143.js HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Tue, 17 Oct 2023 09:26:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652e534d-cd023"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/icons/indicator-online.svg

91.215.85.242

200 OK

391 B

URL GET HTTP/1.1
get-bitminer-pro.top/img/icons/indicator-online.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
391 B (391 bytes)
Hash
698b15e272cfa6f36187dbcc45201d04
3ad2dfbff9e4dec0ea64535b3cc1f237bfa1540b
096fc8c2175c67621feae26443fd99217b4df45b84d71d3c923a9fd0660007a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/indicator-online.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-2f8"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/icons/indicator-balance.svg

91.215.85.242

200 OK

1.3 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/icons/indicator-balance.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2507)
Size
1.3 kB (1349 bytes)
Hash
a8fa06b8c8b6282340ede8f0cc2135ec
1318224beb0660bc3a391372b457c04c62cf77ce
d8e37267583645534c00721499237d497ca8191d8627792e2fe45a7699b3454b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/indicator-balance.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-b07"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/balance-chart.svg

91.215.85.242

200 OK

652 B

URL GET HTTP/1.1
get-bitminer-pro.top/img/balance-chart.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (374)
Size
652 B (652 bytes)
Hash
b402d9ff28ec5b1b8b9d4caad28af833
ed6a898754ceebfcd952f427a56c97f32ac9b4b6
7a804c612d051cbec2a41b9fe1665f10f05b339602757a1c2c71877d180e118d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/balance-chart.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-5d1"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/icons/indicator-balance.svg

91.215.85.242

200 OK

1.3 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/icons/indicator-balance.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2507)
Size
1.3 kB (1349 bytes)
Hash
a8fa06b8c8b6282340ede8f0cc2135ec
1318224beb0660bc3a391372b457c04c62cf77ce
d8e37267583645534c00721499237d497ca8191d8627792e2fe45a7699b3454b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/indicator-balance.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-b07"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/icons/indicator-online.svg

91.215.85.242

200 OK

391 B

URL GET HTTP/1.1
get-bitminer-pro.top/img/icons/indicator-online.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
391 B (391 bytes)
Hash
698b15e272cfa6f36187dbcc45201d04
3ad2dfbff9e4dec0ea64535b3cc1f237bfa1540b
096fc8c2175c67621feae26443fd99217b4df45b84d71d3c923a9fd0660007a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/indicator-online.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:41 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-2f8"
Expires: Thu, 07 Dec 2023 02:53:41 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/img/balance-chart.svg

91.215.85.242

200 OK

652 B

URL GET HTTP/1.1
get-bitminer-pro.top/img/balance-chart.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (374)
Size
652 B (652 bytes)
Hash
b402d9ff28ec5b1b8b9d4caad28af833
ed6a898754ceebfcd952f427a56c97f32ac9b4b6
7a804c612d051cbec2a41b9fe1665f10f05b339602757a1c2c71877d180e118d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/balance-chart.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-5d1"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

get-bitminer-pro.top/favicon.ico

91.215.85.242

200 OK

1.7 kB

URL GET HTTP/1.1
get-bitminer-pro.top/favicon.ico
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1660 bytes)
Hash
27dc8cd9d7a68795505054364672ea92
6c601bce41c122662d21ce49b9402344a0875d77
9dbca48dedae21bf66aa4ec1899d590280b359170c50d19bccfa4f0b15baa157

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1660
Connection: keep-alive
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
ETag: "67c-607c432c4b2c0"
Accept-Ranges: bytes

get-bitminer-pro.top/logo192.png

91.215.85.242

200 OK

5.3 kB

URL GET HTTP/1.1
get-bitminer-pro.top/logo192.png
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
5.3 kB (5347 bytes)
Hash
33dbdd0177549353eeeb785d02c294af
7f4f2d68782a7fafceda84554ecab9b489877500
c386396ec70db3608075b5fbfaac4ab1ccaa86ba05a68ab393ec551eb66c3e00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo192.png HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/png
Content-Length: 5347
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Connection: keep-alive
ETag: "652c1a33-14e3"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

get-bitminer-pro.top/img/avatars/avatar_2.jpeg

91.215.85.242

200 OK

23 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/avatars/avatar_2.jpeg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x150, components 3\012- data
Size
23 kB (23109 bytes)
Hash
790616dde9d698dab7ca4a41738bcbb8
efec30de8689bde94be283bc51474d58fb86a1a7
dff370994a20638b3ac1683884e5fe0fd221c1dc3b9a77915698f6445ab9ffca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatars/avatar_2.jpeg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/jpeg
Content-Length: 23109
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Connection: keep-alive
ETag: "652c1a33-5a45"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

get-bitminer-pro.top/img/avatars/avatar_1.jpeg

91.215.85.242

200 OK

73 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/avatars/avatar_1.jpeg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 728x546, components 3\012- data
Size
73 kB (72677 bytes)
Hash
d024916c59c2af6655c94055cfafa4ed
fe5e779798723bb33e59e8a2b9ad36a144884c5a
8afc807ee62426707edcdde90448b88211577a7ea547e8aae37edd3191e58934

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatars/avatar_1.jpeg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/jpeg
Content-Length: 72677
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Connection: keep-alive
ETag: "652c1a33-11be5"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

get-bitminer-pro.top/img/avatars/avatar_3.jpeg

91.215.85.242

200 OK

94 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/avatars/avatar_3.jpeg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 798x498, components 3\012- data
Size
94 kB (93776 bytes)
Hash
18b0a585961427cb2f414696b82f84fe
6750cf96e07ba5ec8571bf5e23f1077190a6b385
076d16c24ab63459efa32ec80c12806b85809132513d4cdca59d7d035d74425d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatars/avatar_3.jpeg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/jpeg
Content-Length: 93776
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Connection: keep-alive
ETag: "652c1a33-16e50"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

get-bitminer-pro.top/img/avatars/avatar_4.jpeg

91.215.85.242

200 OK

158 kB

URL GET HTTP/1.1
get-bitminer-pro.top/img/avatars/avatar_4.jpeg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x1200, components 3\012- data
Size
158 kB (157556 bytes)
Hash
22bad10b09ad3d7749fcb724e2c8ea67
53603724913dd3f9bb4851de252e763c525cb7c7
fa9751fbba56a475f061f4258745d8668a89f00c5a8f1f5730e4d45d56796bb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatars/avatar_4.jpeg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:42 GMT
Content-Type: image/jpeg
Content-Length: 157556
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Connection: keep-alive
ETag: "652c1a33-26774"
Expires: Thu, 07 Dec 2023 02:53:42 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

get-bitminer-pro.top/img/icons/warning-1.svg

91.215.85.242

200 OK

768 B

URL GET HTTP/1.1
get-bitminer-pro.top/img/icons/warning-1.svg
IP
91.215.85.242:443
ASN
#34665 Petersburg Internet Network ltd.

Requested by
https://get-bitminer-pro.top/
Certificate
IssuerLet's Encrypt
Subjectget-bitminer-pro.top
Fingerprint16:E9:B7:D0:1C:94:DE:8E:D1:85:A4:4B:FE:9B:C0:2C:1B:93:E3:09
ValidityThu, 30 Nov 2023 22:00:18 GMT - Wed, 28 Feb 2024 22:00:17 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (982)
Size
768 B (768 bytes)
Hash
d9fc6b409839e1f2100c78728ee37988
8351d426197334b118f0a4fd709898c7b8e57f31
c518cbcea5b53cc48cd77d1ab85655dbf63767a9a713f36bbb61babf1874ce64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/warning-1.svg HTTP/1.1
Host: get-bitminer-pro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://get-bitminer-pro.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 06 Dec 2023 02:53:43 GMT
Content-Type: image/svg+xml
Last-Modified: Sun, 15 Oct 2023 16:58:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"652c1a33-5e4"
Expires: Thu, 07 Dec 2023 02:53:43 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (37)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN