Submitted URL: http://24.199.98.128/expediente38/8869881268/8594605066.exe
Effective URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Submission: On March 13 via api from IN — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 24.199.98.128, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is 24.199.98.128.
TLS certificate: Issued by packer-65af61e3-b540-fdd3-9671-c0c7ee... on January 23rd 2024. Valid for: 2 years.
This is the only time 24.199.98.128 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 24.199.98.128 14061 (DIGITALOC...)
9 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
14 5
Apex Domain
Subdomains
Transfer
9 freesexnearme.com
freesexnearme.com
84 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2089
252 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
81 KB
14 3
Domain Requested by
9 freesexnearme.com 24.199.98.128
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com 24.199.98.128
14 3
Subject Issuer Validity Valid
packer-65af61e3-b540-fdd3-9671-c0c7eeba5fb3
packer-65af61e3-b540-fdd3-9671-c0c7eeba5fb3
2024-01-23 -
2026-04-22
2 years crt.sh
freesexnearme.com
E1
2024-01-04 -
2024-04-03
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-19 -
2024-05-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Frame ID: 3A068058266FB94D32A8873E21F3D7EC
Requests: 18 HTTP requests in this frame

Screenshot

Page Title

Page not found -

Page URL History Show full URLs

  1. http://24.199.98.128/expediente38/8869881268/8594605066.exe HTTP 301
    https://24.199.98.128/expediente38/8869881268/8594605066.exe Page URL
  2. https://24.199.98.128/expediente38/8869881268/8594605066.exe Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

79 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

5
IPs

2
Countries

186 kB
Transfer

685 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://24.199.98.128/expediente38/8869881268/8594605066.exe HTTP 301
    https://24.199.98.128/expediente38/8869881268/8594605066.exe Page URL
  2. https://24.199.98.128/expediente38/8869881268/8594605066.exe Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://24.199.98.128/expediente38/8869881268/8594605066.exe HTTP 301
  • https://24.199.98.128/expediente38/8869881268/8594605066.exe

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
8594605066.exe
24.199.98.128/expediente38/8869881268/
Redirect Chain
  • http://24.199.98.128/expediente38/8869881268/8594605066.exe
  • https://24.199.98.128/expediente38/8869881268/8594605066.exe
25 KB
8 KB
Document
General
Full URL
https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
24.199.98.128 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b12fee321a4d6ab8f1d77d89f6d1b9b384faee8846fbf8fd9238ca15cca71184

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 13 Mar 2024 11:56:22 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://freesexnearme.com/wp-json/>; rel="https://api.w.org/"
server
LiteSpeed
vary
Accept-Encoding
x-dns-prefetch-control
on
x-litespeed-cache
miss
x-litespeed-cache-control
public,max-age=3600
x-litespeed-tag
fc6_HTTP.404,fc6_404,fc6_URL.f3f6221b5e690468ee98f03d1086b184,fc6_guest,fc6_,fc6_UCSS.7befda9636ba492231eff827c679fbce,fc6_MIN.03097334381226b40fe93dbff8177de3.css,fc6_MIN.70fdf57e795d675932c6d345879842e1.js
x-ua-compatible
IE=edge

Redirect headers

connection
Keep-Alive
content-encoding
gzip
content-type
text/html
date
Wed, 13 Mar 2024 11:56:20 GMT
location
https://24.199.98.128/expediente38/8869881268/8594605066.exe
server
LiteSpeed
transfer-encoding
chunked
vary
Accept-Encoding
03097334381226b40fe93dbff8177de3.css
freesexnearme.com/wp-content/litespeed/css/
152 KB
23 KB
Stylesheet
General
Full URL
https://freesexnearme.com/wp-content/litespeed/css/03097334381226b40fe93dbff8177de3.css?ver=83051
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
106921de66dd763e4a85f3b564ad5794bdc015c6e7c666cb68137cf78554953f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 08 Mar 2024 02:35:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
60583
etag
W/"25eb2-65ea796e-fc1bb;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNbpjk%2FNtfWO6avXo9twpzJyV2dHFK31nPtX2IfwUbfroGCFtGwt3MW7hNIh%2F%2Fk8%2BmbjvgzjzfF9RW5MachuV8iAyK9TTx5jeiJn9%2B%2BQK40UBi3377SRoeNLVhI5cyfZUdvAaQAs%2BrrmPBcLsZ0iWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
863bd7211b109143-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 19 Mar 2024 19:06:38 GMT
guest.vary.php
24.199.98.128/wp-content/plugins/litespeed-cache/
16 B
190 B
Fetch
General
Full URL
https://24.199.98.128/wp-content/plugins/litespeed-cache/guest.vary.php
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
24.199.98.128 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
76fb65f605df2b2d124684c3c4ec3e0c75fdf013b2727af6cdb68b73b5c8a9bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/expediente38/8869881268/8594605066.exe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:22 GMT
content-encoding
gzip
server
LiteSpeed
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
x-litespeed-cache-control
no-cache
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
36
Primary Request 8594605066.exe
24.199.98.128/expediente38/8869881268/
44 KB
12 KB
Document
General
Full URL
https://24.199.98.128/expediente38/8869881268/8594605066.exe
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
24.199.98.128 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
66eba8cace2350a6bdabf246b767034b90b62b277b0595e30925b8c20ac42824

Request headers

Referer
https://24.199.98.128/expediente38/8869881268/8594605066.exe
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 13 Mar 2024 11:56:23 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://freesexnearme.com/wp-json/>; rel="https://api.w.org/"
server
LiteSpeed
vary
Accept-Encoding
x-litespeed-cache
miss
x-litespeed-cache-control
public,max-age=3600
x-litespeed-tag
fc6_HTTP.404,fc6_404,fc6_URL.f3f6221b5e690468ee98f03d1086b184,fc6_
x-ua-compatible
IE=edge
e14aa5075deb51aedc87e32a4ed7089d.css
freesexnearme.com/wp-content/litespeed/css/
108 KB
15 KB
Stylesheet
General
Full URL
https://freesexnearme.com/wp-content/litespeed/css/e14aa5075deb51aedc87e32a4ed7089d.css?ver=7089d
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8508848209758027adbbf1d665a08a5b603e5d154bdd755f03d01d3201879a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:23 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 12 Mar 2024 11:34:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
60583
etag
W/"1ae32-65f03dc8-fc135;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bq%2FqPeWyuqbN9LvuqShSuoaOdzsioTsTMUMzu363wneEDPyU0rD74sQqv75x1rhaPynVQ3y89eUmVne3gscbw%2BB%2FZRQmCgS%2FFRPt6hanVn3m1f%2BSENGbFSmyS0gSoq5krB5FToNAMYLpQdZIczqGNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
863bd7272a309143-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 19 Mar 2024 19:06:40 GMT
7ed01e50c6d9d8785832f67f262f1654.css
freesexnearme.com/wp-content/litespeed/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://freesexnearme.com/wp-content/litespeed/css/7ed01e50c6d9d8785832f67f262f1654.css?ver=f1654
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4377375a4383afcb6644d4402c85d054611048cdf247ac59c52c071d4adb49e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:23 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 12 Mar 2024 11:34:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
60583
etag
W/"1573-65f03dc8-fc136;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0vbMFmilBw0nb4eEIaxbjU88wYBtxEq6KMmXL%2F7hbK4jLfFDx1w7SAga6czamdt81W7RVfbnjXb9gMj%2Ff62HOlUDyOyyAAWhJpwapeWwwDcxYgSm25heQdI7Vmzj3SeFDV8G8Jg66kgYgUb2FnJWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
863bd7272a319143-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 19 Mar 2024 19:06:40 GMT
3a00913d9c072ebdf41afef4d86c2d6e.css
freesexnearme.com/wp-content/litespeed/css/
19 KB
5 KB
Stylesheet
General
Full URL
https://freesexnearme.com/wp-content/litespeed/css/3a00913d9c072ebdf41afef4d86c2d6e.css?ver=c2d6e
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:23 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 12 Mar 2024 11:34:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
60583
etag
W/"4c6c-65f03dc8-fc173;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l64vrSlVmW%2B6Z%2FQDr6xmGx1O7M6A3s3ietvyZqXPkTqNE5jy6c%2FkhPOBaYZcGC3VlUf2BonIgD6irgqi12fkPeL0QxNDtsLJbQYnguSsMZa%2BLBDsTKKH%2BFJoW2lU%2BdDVtWfX8KdNCMiaCQiCRrg8gg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
863bd7272a329143-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 19 Mar 2024 19:06:40 GMT
jquery.min.js
freesexnearme.com/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://freesexnearme.com/wp-includes/js/jquery/jquery.min.js
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:23 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 07 Nov 2023 16:52:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"15601-654a6b50-839ce;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BztWRPg4nyiXXYiK1b4n7uYGzkiJAFSnTw0AEuVHjooCHU5H0ePNgS5GayCzG%2FVRlFQEzIzqZWcRApyrYnPVB3QppVDO1Y89%2BXCIjnfobp5c0dGTxh1JwBsK6z6j3oHoVD4BSQSPbwH1maWBJsUI6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
863bd7272a359143-FRA
alt-svc
h3=":443"; ma=86400
2834ae88d6dead9d79be5e3082381f34.js
freesexnearme.com/wp-content/litespeed/js/
13 KB
5 KB
Script
General
Full URL
https://freesexnearme.com/wp-content/litespeed/js/2834ae88d6dead9d79be5e3082381f34.js?ver=81f34
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea64f589334f647f2254d595466c036000a3d9150ad078a69eba7f845c0c0713

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:23 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 13 Mar 2024 11:56:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"350a-65f19467-fc186;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pEObpFeVVY9eyBATJD5pR6o82TQ%2F9Qt3LH3Ay%2BRDv55chJxX7B4uQV6XVbw0tQ7Y307V%2Buy6nhkenqlKsz4sivAI2l6C3J%2FrTvBocQWu55gbTFdNgbfSCDuYXnXvMcOGWqq%2FpEm880ug3%2FbyOBP4OA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
863bd7278a929143-FRA
alt-svc
h3=":443"; ma=86400
js
www.googletagmanager.com/gtag/
226 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-W2NS5M3PB3
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
098c93ee76c849a999035e7a2b3dbb63328af6f6977060898bd14bd603f76b6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:24 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82725
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 13 Mar 2024 11:56:24 GMT
74f37cd11bb22f1c96898677ee80be28.js
freesexnearme.com/wp-content/litespeed/js/
7 KB
2 KB
Script
General
Full URL
https://freesexnearme.com/wp-content/litespeed/js/74f37cd11bb22f1c96898677ee80be28.js?ver=0be28
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
852737594b6489543bf368b838e9474e4a43ff55edf7adfd15963328fd1338c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 13 Mar 2024 11:56:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1b2f-65f19467-fc187;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1sPrizq4hjKfXXCsKskNBJQxR6nKdzha5TCTlihZSATU9M8DZPDMXGoS%2F9fnpZKLRaeBPuhaL3ljjZ%2FwVugrOKeIZiXMleM7NARjRJ5wX0D9JLghnQgyFkZy2vFTAyihtzlEWoyKLgcnOblJSMvcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
863bd7296cb69143-FRA
alt-svc
h3=":443"; ma=86400
2f52f427f6d26753cc64621f1f036927.js
freesexnearme.com/wp-content/litespeed/js/
154 B
444 B
Script
General
Full URL
https://freesexnearme.com/wp-content/litespeed/js/2f52f427f6d26753cc64621f1f036927.js?ver=36927
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
404c47057e6192addd69a212fc68dec8c2ea0e6b8e94cd3dc42e07cb71642e6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 11:56:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"9a-65f19467-fc189;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5EgeqptTY50vk%2BIOVYM1eohPnNacMHV2NexpOnMChstbRnymYulY1Y9p8964uXTsXnqjwRMnZs9kIyrReYtYZbeWrGfDizJ42ZsW%2FMlXLzXV5Ck5nId2oPn%2Bib183XngUpcK%2BhmT5smp39EkMuGY0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
863bd7296cbb9143-FRA
alt-svc
h3=":443"; ma=86400
a4e0e386c2fba3b4b93336236c6127e4.js
freesexnearme.com/wp-content/litespeed/js/
106 B
481 B
Script
General
Full URL
https://freesexnearme.com/wp-content/litespeed/js/a4e0e386c2fba3b4b93336236c6127e4.js?ver=127e4
Requested by
Host: 24.199.98.128
URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a60c13e549f090f5ab826d4f8b20000f44ac531527b1ea44013ef3ddd1dd184

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 11:56:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 13 Mar 2024 11:56:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6a-65f19467-fc18b;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yasvVfVF3vXwQPAMVWEJ%2BQ5c8Bghr0n4ePYC2vMffiBbO%2BuOqkfB%2BSh5I4iQMTvBKy06wtP2GNHyZnV4JXwQ76e5FKsBy2MumLqryYF5pngmERUOyZ2LKaAz8E6YCzjT17vlY7ztaCk%2FmCNF6BlTZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
863bd7296cbc9143-FRA
alt-svc
h3=":443"; ma=86400
truncated
/
132 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e2e058036bb26d7aecb3a7c1b932e0789d15c643b6cbffc1a341315defd77549

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/
174 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77d7073e96499a9423ef728b1defc661bbf5190ea76f936a4a34efc8c75b6cdb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/
259 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2909117400dcc95f99cbcc62930bce751a820266f346a6e676aa573f71e922c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/
122 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17b767f85a14d9d6e5ec49c39498113f8453bbcf4abf90153034a0704f20faa0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
text/javascript
collect
region1.google-analytics.com/g/
0
252 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-W2NS5M3PB3&gtm=45je43b0v9110615153za200&_p=1710330984138&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1345431365.1710330984&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710330984&sct=1&seg=0&dl=https%3A%2F%2F24.199.98.128%2Fexpediente38%2F8869881268%2F8594605066.exe&dr=https%3A%2F%2F24.199.98.128%2Fexpediente38%2F8869881268%2F8594605066.exe&dt=Page%20not%20found%20-&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1342
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-W2NS5M3PB3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24.199.98.128/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Mar 2024 11:56:24 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://24.199.98.128
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| litespeed_docref undefined| $ function| jQuery function| LazyLoad object| google_tag_manager object| google_tag_data object| dataLayer function| gtag object| jabvfcr object| generatepressMenu object| gaGlobal

3 Cookies

Domain/Path Name / Value
24.199.98.128/ Name: _lscache_vary
Value: 32dc6862c93d20e369183f3f8cd89b59
24.199.98.128/ Name: _ga_W2NS5M3PB3
Value: GS1.1.1710330984.1.0.1710330984.0.0.0
24.199.98.128/ Name: _ga
Value: GA1.1.1345431365.1710330984

2 Console Messages

Source Level URL
Text
network error URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://24.199.98.128/expediente38/8869881268/8594605066.exe
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

freesexnearme.com
region1.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::36
24.199.98.128
2606:4700:3034::6815:3a6
2a00:1450:4001:80e::2008
098c93ee76c849a999035e7a2b3dbb63328af6f6977060898bd14bd603f76b6a
106921de66dd763e4a85f3b564ad5794bdc015c6e7c666cb68137cf78554953f
17b767f85a14d9d6e5ec49c39498113f8453bbcf4abf90153034a0704f20faa0
2909117400dcc95f99cbcc62930bce751a820266f346a6e676aa573f71e922c0
404c47057e6192addd69a212fc68dec8c2ea0e6b8e94cd3dc42e07cb71642e6a
4377375a4383afcb6644d4402c85d054611048cdf247ac59c52c071d4adb49e3
5a60c13e549f090f5ab826d4f8b20000f44ac531527b1ea44013ef3ddd1dd184
66eba8cace2350a6bdabf246b767034b90b62b277b0595e30925b8c20ac42824
76fb65f605df2b2d124684c3c4ec3e0c75fdf013b2727af6cdb68b73b5c8a9bb
77d7073e96499a9423ef728b1defc661bbf5190ea76f936a4a34efc8c75b6cdb
852737594b6489543bf368b838e9474e4a43ff55edf7adfd15963328fd1338c4
b12fee321a4d6ab8f1d77d89f6d1b9b384faee8846fbf8fd9238ca15cca71184
bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d8508848209758027adbbf1d665a08a5b603e5d154bdd755f03d01d3201879a7
e2e058036bb26d7aecb3a7c1b932e0789d15c643b6cbffc1a341315defd77549
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea64f589334f647f2254d595466c036000a3d9150ad078a69eba7f845c0c0713