9166 |
2023-08-23 17:16
|
iela2f5.exe afc2a16ccea74e30714916eb2f59a55e Generic Malware UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution |
1
https://z.nnnaajjjgc.com/sts/imagd.jpg
|
2
z.nnnaajjjgc.com(156.236.72.121) - malware 156.236.72.121 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9167 |
2023-08-23 17:14
|
000O0oO0o0O0O0o0O0OoO0O000%23%... 0d1550017594bcc25b972623bc69994a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
http://192.210.175.4/receipt_232/3/receipt_231123.vbs
|
4
uploaddeimagens.com.br(172.67.215.45) - malware 192.210.175.4 - mailcious
121.254.136.27
104.21.45.138 - malware
|
2
ET INFO Dotted Quad Host VBS Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9168 |
2023-08-23 17:14
|
receipt.vbs fbc91d72fa61ce79b3a743219e8548b1 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/lime/ivr/up.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 61.111.58.35 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9169 |
2023-08-23 17:12
|
mtvn.vbs 1c95efddfe47d87af3d77d968d285c8c Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/mnx.txt
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.27
104.21.45.138 - malware
45.33.6.223
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9170 |
2023-08-23 17:12
|
igfxEM.exe f8f39502518f5ee2cdab32a5288bc667 .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
9.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9171 |
2023-08-23 17:10
|
df.vbs 047133c0c9174e63bc4a320ee8483aa6 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/lime/ivr/update.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.27
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9172 |
2023-08-23 17:10
|
0oO0O0O0O0Oo0o000O0O0O0O0O000%... cd6a6fc58be90a45c6baad019b482e05 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c http://192.210.175.4/receipt_232/1/receipt.vbs
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 192.210.175.4 - mailcious 121.254.136.27 172.67.215.45 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9173 |
2023-08-23 17:09
|
wininit.exe 9cd889e65235a00e96a92e4304307f53 Formbook AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS |
13
http://www.playcups.life/pta7/ - rule_id: 35250 http://www.cosmicearthgoddess.com/pta7/?JLMiIK=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&g5Z=wqLJTXDaxo0 - rule_id: 35248 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.yh66985.com/pta7/?JLMiIK=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&g5Z=wqLJTXDaxo0 - rule_id: 35249 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.playcups.life/pta7/?JLMiIK=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&g5Z=wqLJTXDaxo0 - rule_id: 35250 http://www.maytag36.com/pta7/?JLMiIK=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&g5Z=wqLJTXDaxo0 - rule_id: 35246 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.promptyum.com/pta7/?JLMiIK=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&g5Z=wqLJTXDaxo0 - rule_id: 35845 http://www.selfstorage.koeln/pta7/?JLMiIK=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&g5Z=wqLJTXDaxo0 - rule_id: 35247 http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
14
www.sisbom.online() - mailcious www.yh66985.com(154.215.247.58) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 154.215.247.58 - mailcious 76.223.26.96 - mailcious 45.33.6.223 203.161.58.192 - mailcious
|
2
ET INFO HTTP Request to Suspicious *.life Domain ET INFO Observed DNS Query to .life TLD
|
12
http://www.playcups.life/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.yh66985.com/pta7/ http://www.yh66985.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.promptyum.com/pta7/ http://www.playcups.life/pta7/ http://www.maytag36.com/pta7/ http://www.maytag36.com/pta7/ http://www.promptyum.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.selfstorage.koeln/pta7/
|
9.8 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9174 |
2023-08-23 17:08
|
receipt.vbs 1004c9ac0ce57f200c38355e51e9a200 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://104.168.46.25/doc0/3/b1.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 121.254.136.27
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9175 |
2023-08-23 16:44
|
sdf.exe e67194e6d1a28c86ee3f31ad100bfffa Malicious Library UPX OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response)
|
|
6.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9176 |
2023-08-23 16:06
|
calc.exe 3abbc9069a163b18c039db37099e3e4b Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
M |
29 |
yjw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9177 |
2023-08-23 16:04
|
calc.exe 3abbc9069a163b18c039db37099e3e4b Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
M |
29 |
yjw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9178 |
2023-08-23 13:49
|
Setup_pass1234.7z f96a58af45e296c5946f1d3b86920876 Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Cryptocurrency Miner Malware c&c Cryptocurrency Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Browser RisePro Remote Code Execution Trojan DNS Downloader |
27
http://94.142.138.131/api/firegate.php - rule_id: 32650 http://193.233.254.61/loghub/master - rule_id: 35736 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://davidlewis.top/3886d2276f6914c4.php http://andrewjohnson.top/calc.exe - rule_id: 35985 http://77.91.124.231/info/img0581.exe - rule_id: 35986 http://176.113.115.84:8080/4.php - rule_id: 34795 http://jjz.alie3ksgbb.com/m/iela2f5.exe http://87.121.221.58/g.exe - rule_id: 35764 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://www.google.com/ https://busell.store/setup294.exe - rule_id: 35772 https://sun6-22.userapi.com/c909628/u647736509/docs/d9/5349c3386a88/crypted.bmp?extra=XfdahKnDVY9Rjj20iW_wAaWhbv7vF1N_qPZAdJ5V30r_5YjGq4XgXLViMX_Y61e_2Oct_3sHfMVLPbtWC0LRQXJnCDJYvqafm33wJi_uEbvljnfvJJXSvAJQtSOeDsUgeXOwkfLtqMPz0Cqp1A https://sun6-22.userapi.com/c237231/u647736509/docs/d56/d82afc11631c/WWW1.bmp?extra=3LL1P9VzcHaRKpyouEe0HD154BFs4wJDNdyakWBriklTmnnWcijJ-S52tmD55rYhswM4Bh9C83JP1ZvE71yUdjqDNmKdc0GBhgUU53IHmHZq3WnhpOwsAevHxdfs5BTMJdp4act0aY_R4q16lQ https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://vk.com/doc44017378_668299763?hash=zmOOWSCCe8PEqA6JzTOimcWsBP4rczFGlKQm7u1wl5w&dl=pZKH7ORpwz4F1bj2umQkxWcLuyYZXbxgyoMtGIhzz1H&api=1&no_preview=1 https://vk.com/doc44017378_668269434?hash=1XPr8Pd2LqVjZtzSfCR5zo3pZq1l86eot1YSFyNkjxw&dl=QzxSCOyCV44wt8iKWMaApWzReJZvlShUFNdk3veg9jo&api=1&no_preview=1#start https://sun6-21.userapi.com/c236331/u44017378/docs/d28/269a778342f3/RazerSynapsee.bmp?extra=qyL-i-FtB0cCS76kHc7poX8QT3NkwXvxzHZeb1KZlWcWP92xZVQqyGLoJd5xTSQxgcWnaB3NqpkOVKJriGMfbZ3PCDlgzXGavOzao_64Mr47JezpSv-asorYZKzb4M3yiy4irlJagF1aZxaZ https://sun6-23.userapi.com/c909518/u44017378/docs/d35/014643b87b1a/start.bmp?extra=8qZvCvh1niuvq1_HSBv8MDAVgwzWs6jncEwfcVD4eyDCqR6XAQGBZ1VU8Zj4LQFIRS04pzZlbk9O-8PsPPCY_IB6qtSuvLDnkBq_wgmbjTMLkI7Ei9KCD08KrHd5UOaiVaFgsky842hfx_2B https://sun6-22.userapi.com/c909228/u647736509/docs/d52/3e0be831efe1/nudik.bmp?extra=EJmw6eISKIZdqq4KKXNW0mBej8fuwZt6t2oPbD9Y27OK7nVOWJ2x_xPCkDwa-WeDrkLgSyoa83-MlKok3S0m_JZdvCnk0kM_mqe7o4TbEJdz6M7wPQWcTS_suVPGfwQrpZzCC3gI28ojRI-kBg https://sun6-21.userapi.com/c909628/u647736509/docs/d12/0e7f2f732e2a/PMmp.bmp?extra=9qzaokku1AKCPEOWOd4kXT_oZBxwXzxPuC4tsOVrK8otj-d5mx6ImL8AaNH8Zk7s9Jvkl1WjUzhs_raxaZbuZABd1jZAsSHfV84PoVEFLAerxVGZyXBNazD9FmXAAfbvqzJuWEGSGwRQhLj_sQ https://sun6-23.userapi.com/c909628/u647736509/docs/d6/3c2b3c219ac8/RisePro.bmp?extra=2CzOaOZMGP-wP3UQ0olk5n3RfU8f2CnE8rD0WNupCjE7kfn91c-qtK-CKCymUz_aVITS70Jfqz-Wia2sBk_1GnTc1lMz2u-IqiwRUQVEadA1OtNXe2OWC47eC9xHJI6up3MOObkY19JencEPLA
|
64
db-ip.com(104.26.4.15) fastpool.xyz(213.91.128.133) - mailcious vanaheim.cn(193.106.174.59) - mailcious ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) andrewjohnson.top(195.58.51.86) - malware iplogger.org(148.251.234.83) - mailcious z.nnnaajjjgc.com(156.236.72.121) - malware api.db-ip.com(172.67.75.166) sun6-21.userapi.com(95.142.206.1) - mailcious busell.store(172.67.159.178) - malware bitbucket.org(104.192.141.1) - malware ns13.domaincontrol.com(97.74.106.7) jjz.alie3ksgbb.com(172.67.200.102) www.google.com(142.250.207.100) api.myip.com(172.67.75.163) davidlewis.top(195.58.51.86) sun6-22.userapi.com(95.142.206.2) www.maxmind.com(104.17.241.37) vk.com(87.240.132.67) - mailcious iplis.ru(148.251.234.93) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.192.141.1 - mailcious 62.122.184.92 - mailcious 208.67.104.60 - mailcious 87.121.221.58 - malware 61.111.58.34 - malware 172.67.75.166 80.66.75.4 - mailcious 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 195.58.51.86 - malware 34.117.59.81 176.113.115.84 - mailcious 176.113.115.85 - mailcious 148.251.234.83 104.21.90.117 104.21.9.89 - malware 176.113.115.135 - mailcious 176.113.115.136 - mailcious 45.15.156.229 - mailcious 94.142.138.131 - mailcious 176.123.9.142 - mailcious 193.106.174.59 104.17.241.37 77.91.124.231 - malware 185.225.73.32 - mailcious 149.202.0.242 - mailcious 156.236.72.121 - mailcious 45.143.201.238 - mailcious 77.91.124.73 - mailcious 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 142.250.204.132 97.74.106.7 85.208.136.10 - mailcious 95.142.206.2 62.122.184.58 87.240.132.72 - mailcious 213.91.128.133 - mailcious 185.244.181.112 - mailcious
|
37
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a *.top domain - Likely Hostile ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible EXE Download From Suspicious TLD ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO EXE - Served Attached HTTP ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET DROP Dshield Block Listed Source group 1 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 39 ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY Cryptocurrency Miner Checkin
|
10
http://94.142.138.131/api/firegate.php http://193.233.254.61/loghub/master http://45.15.156.229/api/tracemap.php http://andrewjohnson.top/calc.exe http://77.91.124.231/info/img0581.exe http://176.113.115.84:8080/4.php http://87.121.221.58/g.exe http://94.142.138.131/api/tracemap.php http://208.67.104.60/api/tracemap.php https://busell.store/setup294.exe
|
7.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9179 |
2023-08-23 10:24
|
mna.ico.ps1 2f25a05132eb5f32660bd2b8996cecbb Generic Malware Antivirus VirusTotal Malware powershell Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
8.8 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9180 |
2023-08-23 09:38
|
http://www.youtube.com bfa846eaac246b8b874b7b52a81a2afd Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
15
http://www.youtube.com/ https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://www.youtube.com/favicon.ico https://fonts.gstatic.com/s/youtubesans/v18/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://www.youtube.com/ https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://www.youtube.com/img/desktop/supported_browsers/opera.png https://fonts.googleapis.com/css?family=Roboto:400,500
|
6
fonts.gstatic.com(142.250.206.195) www.youtube.com(172.217.25.174) - mailcious fonts.googleapis.com(142.250.206.202) 142.250.204.74 216.58.203.78 142.250.204.67
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|