ocsp.starfieldtech.com/
2.1 kB IP
Hash 5761045b3bdfcdc6cd5bdc7e2c072a75
6fb91b232f05bc05bab4fc456153bfe3c6a826fd
ca7f0082aa46a19e2737787cd6b94ff2bda35b618193b88d54f9b748d80431f8
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 10 May 2024 04:09:04 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 09 May 2024 14:52:05 GMT
Expires: Fri, 10 May 2024 14:52:05 GMT
ETag: "6fb91b232f05bc05bab4fc456153bfe3c6a826fd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.attractivebee.com/75TNF9/26CKJ9L/
302 Found 235 B URL User Request GET HTTP/2 www.attractivebee.com/75TNF9/26CKJ9L/
IP
Certificate IssuerStarfield Technologies, Inc.
Subjectcmv8ftrk.com
Fingerprint08:93:36:9F:E1:4E:1E:B0:C6:80:6D:96:5F:8F:72:C7:58:A0:41:BA
ValidityThu, 02 May 2024 14:26:09 GMT - Sat, 09 Nov 2024 16:02:06 GMT
File type HTML document, ASCII text
Hash a942f23b6c3cc3cb7159ae9dbb38ae4e
b84b2f0f568161d4ceeb98ef7923ec6ce0b2af39
3bf941abb9499cd55c6481db405fb43d25e92378ffc130d1591189dbf73df98e
GET /75TNF9/26CKJ9L/ HTTP/1.1
Host: www.attractivebee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 04:09:05 GMT
content-type: text/html; charset=utf-8
content-length: 235
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://www.attractivebee.com/cmp/4CSDX1/27W1G/?__rpt=0&__po=673&__ptid=314506c4fd26405dbdafa254098c2b79&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
set-cookie: uniqueClick_26CKJ9L=412e67c4-3fdf-427d-aff5-52d571734840:1715314145; Path=/; Expires=Fri, 10 May 2024 05:09:05 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: f6be1843-9324-4274-8e4a-062850e3b3b4
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
2.1 kB IP
Hash 5761045b3bdfcdc6cd5bdc7e2c072a75
6fb91b232f05bc05bab4fc456153bfe3c6a826fd
ca7f0082aa46a19e2737787cd6b94ff2bda35b618193b88d54f9b748d80431f8
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 10 May 2024 04:09:05 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 09 May 2024 14:52:05 GMT
Expires: Fri, 10 May 2024 14:52:05 GMT
ETag: "6fb91b232f05bc05bab4fc456153bfe3c6a826fd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.attractivebee.com/cmp/4CSDX1/27W1G/?__rpt=0&__po=673&__ptid=314506c4fd26405dbdafa254098c2b79&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
302 Found 152 B URL User Request GET HTTP/2 www.attractivebee.com/cmp/4CSDX1/27W1G/?__rpt=0&__po=673&__ptid=314506c4fd26405dbdafa254098c2b79&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9
IP
Certificate IssuerStarfield Technologies, Inc.
Subjectcmv8ftrk.com
Fingerprint08:93:36:9F:E1:4E:1E:B0:C6:80:6D:96:5F:8F:72:C7:58:A0:41:BA
ValidityThu, 02 May 2024 14:26:09 GMT - Sat, 09 Nov 2024 16:02:06 GMT
File type HTML document, ASCII text
Hash 8b938197b528c10d37fb09d1d48c63db
6c89d427bf3b13e173851c202af20f77e8e00e2c
76136d2e83e4d282d1ca56fa4bfe3f2c6fed5755f47df49c329e67e1d0881368
GET /cmp/4CSDX1/27W1G/?__rpt=0&__po=673&__ptid=314506c4fd26405dbdafa254098c2b79&__rpa=0&__rc=1&sub1=&sub2=&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1
Host: www.attractivebee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uniqueClick_26CKJ9L=412e67c4-3fdf-427d-aff5-52d571734840:1715314145
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 04:09:05 GMT
content-type: text/html; charset=utf-8
content-length: 152
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://zone.love-tracking.com/aff_c?offer_id=12318&aff_id=1206&aff_sub=136&aff_sub2=2c96915d222045588bdf95e75d0c6e24
set-cookie: uniqueClick_27W1G=d2a019ef-8c48-4ac3-bf42-faa2c3247291:1715314145; Path=/; Expires=Fri, 10 May 2024 05:09:05 GMT; Secure; SameSite=None
transaction_id=2c96915d222045588bdf95e75d0c6e24; Path=/; Expires=Thu, 08 Aug 2024 04:09:05 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: b3a6e061-4089-47d4-b3a9-bc06e5661312
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
shouldbyou.click/storage/106aa5c1-5468-4287-8a86-c391885f7e8e/icon-cart.jpg?v=3a0f73889ce874f24dd328de53334e750b2dbe83
200 OK 1.2 kB URL GET HTTP/3 shouldbyou.click/storage/106aa5c1-5468-4287-8a86-c391885f7e8e/icon-cart.jpg?v=3a0f73889ce874f24dd328de53334e750b2dbe83
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type JPEG image data, progressive, precision 8, 100x100, components 3
Hash 50c1e3b00e078e14ddd887fb84e0cb9d
3a0f73889ce874f24dd328de53334e750b2dbe83
032291ce14b39569f2d7101c63ea52377108f20a17b2c70cfd19f6f063a1ec3c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/106aa5c1-5468-4287-8a86-c391885f7e8e/icon-cart.jpg?v=3a0f73889ce874f24dd328de53334e750b2dbe83 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: image/jpeg
content-length: 1164
cache-control: max-age=43200
etag: 3a0f73889ce874f24dd328de53334e750b2dbe83
last-modified: Tue, 19 Mar 2024 13:44:40 GMT
cf-cache-status: HIT
age: 71
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6S6%2B8BDMHwVBwoVrNpFoeC6fLSnsGmrQlqg1bHqylN03QmSDcVmSoAn4%2FLEBKQHhb6AwvCniN8jmcL5dnVyrEd5ok0Ky1qQSnjaHu%2Fv%2B1UWGhcz4AOna%2FGVxmRwK8T2%2BiWIQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881712676be7b50b-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
200 OK 19 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (52276)
Hash 5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css; charset=utf-8
content-length: 18778
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64cac444-495a"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 122386
expires: Wed, 30 Apr 2025 04:09:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JL4imNR67fogsJIczRfBxpYUMHjUbsF9rU%2Fpw2zr3ghmSgdbmovwmsqYQPOUHv94c1C0Bj8ZFFF1GgWUtIOhff70oIWPsaaFMZEevTKP65mi4UC9JaGnDlvD4vr0ZoQWyI%2BHGnRY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88171267ab91b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
200 OK 27 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 27446
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64ed75bb-6b36"
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 175419
expires: Wed, 30 Apr 2025 04:09:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adh%2BeJ54giMNAPw%2B2Vjnt1dqdWcKvfCWPZlpA4JKDQKZmOpWh3oA0BpOZKjjFVjHhXZ53vQMqS61X4YouWA1Vh0GwwAXUniG1fkk%2FXWmz%2FT0OfkrnuOcop5rSv%2BaXwjHbLMmXlPD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88171267ebd6b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js
200 OK 25 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65299)
Hash 6baf57f25796c332144ed58a2a0cd9ee
f7fd0f3dc84b2cf93bf81e832505a673f354e0a3
82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd
GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 25109
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.3.2
x-jsd-version-type: version
etag: W/"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM"
content-encoding: br
x-served-by: cache-fra-etou8220085-FRA, cache-lga21968-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 312617
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8oTQsDxUW%2FYx9gZkQ0ZrUDLM1HKBOuRUdZmVEAkQCtgmVHbqy%2BVSSNT2d4tkhuPQD30I4l%2BjuOWq2mGTPzthQwDptrufEV3jC1vEkbuVViPDJTHv7O5L%2BQ28cH6KqEBCjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171267ec6b1bfa-OSL
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js
200 OK 42 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65277)
Hash 254f4cb7566a60c212786f9dd2d2596b
5f3b14b0ecd6172cf897c64fadec73460d6eeec2
d3422c182871135666da685419bbed480a08f51fead9546fb95965a6e47450a3
GET /npm/swiper@10/swiper-bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 41713
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 10.3.1
x-jsd-version-type: version
etag: W/"22ec6-XzsUsOzWFyz4l8ZPrexzRg1u7sI"
content-encoding: br
x-served-by: cache-fra-etou8220129-FRA, cache-lga21946-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 5452
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzC9aWbxzvSqUGiI6X1AtaS6KkGMD7qI6EOV9P3NFv55zXwyZtnrFrW3YewXC2jct%2Bo4CuDyxAPN6mtrcHOmhpOqLzzNEzFK6%2FQIh9Ix5Bn3Jav1eB6JngyhO7Xn%2BQ3c0W0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171267f8f1b50c-OSL
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
200 OK 150 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
Size 150 kB (150020 bytes)
Hash d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-24a04"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 811697
expires: Wed, 30 Apr 2025 04:09:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeGctRF2zBf6LHLk4Sdh4joyaouoDxoFUZai3QMPj%2BwGVVeD0KfZNhXtVJpB1mQxKDqI6RtoF5%2BlevUgYsZk8of6TD5ZOCC4ehhmSqh1Pgp7HZJvxqgDXwiat1%2FOLqKVetpmfetv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8817126a3dffb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
shouldbyou.click/storage/b72a9f4a-44ea-4fcd-a46a-ef0e4da99e6a/check-mark.webp?v=94c19cf9c0de329b3485634d18cca22636f59468
200 OK 114 kB URL GET HTTP/3 shouldbyou.click/storage/b72a9f4a-44ea-4fcd-a46a-ef0e4da99e6a/check-mark.webp?v=94c19cf9c0de329b3485634d18cca22636f59468
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type RIFF (little-endian) data, Web/P image
Size 114 kB (113546 bytes)
Hash 8394e5c313486fd82b987df861fb86fe
79344aff5151b76ececbb54cdcb7f181c73fbe7b
2c79190ad55763f1ac8434a6d7bc8b3a2030d21bf7c17a768fcfe7bbc879686b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/b72a9f4a-44ea-4fcd-a46a-ef0e4da99e6a/check-mark.webp?v=94c19cf9c0de329b3485634d18cca22636f59468 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: image/webp
cache-control: max-age=43200
etag: 94c19cf9c0de329b3485634d18cca22636f59468
last-modified: Thu, 04 Apr 2024 07:05:37 GMT
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WK0dI6%2BN%2FFaWhTdOMGl9uNhGapaw63VahooJrljFHCaVdpqxVI51lofiZNolNKNASUlLoIgunH92hnJLB%2FBklac3VyUIPtjXVOoIAuTXtQ0FrB1MS%2FFJR0Ix%2F2mZPD%2Fy6sk4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881712678bf0b50b-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
200 OK 110 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 109808, version 772.1280
Size 110 kB (109808 bytes)
Hash 005c9aa92b564b73b7582cc4f1fa49cb
373361ed756b1fe68ce2f5968d467826b6973bb5
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1
GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 109808
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-1acf0"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 201003
expires: Wed, 30 Apr 2025 04:09:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMt1b1d9pgp4ERb7Yx5ty6uSUWLMi8MpnN%2BnftPIxa21q5hGy83cdRmRnxH781k6Z%2Bjbob6G9M978%2FaBH5Dtmv14mwCeliBrYzFOAUIa6%2Fmy89FdqGcsUt3t6JnxFVM8l%2BF1umgZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8817126a9d61b518-OSL
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/10a894fc-307d-4319-ae80-9847fd17126b/rating-star.png?v=4a1a445d05ba1bef74dd6d77a21ed2b5333d1272
200 OK 345 B URL GET HTTP/3 shouldbyou.click/storage/10a894fc-307d-4319-ae80-9847fd17126b/rating-star.png?v=4a1a445d05ba1bef74dd6d77a21ed2b5333d1272
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type PNG image data, 17 x 16, 8-bit colormap, non-interlaced
Hash b690c33f62872fbde7dac5e01cf0707f
4a1a445d05ba1bef74dd6d77a21ed2b5333d1272
bee23f6d6b5ad51ceb0889d8b690ff040cace786344dc83c313d8cdc2df5fb13
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/10a894fc-307d-4319-ae80-9847fd17126b/rating-star.png?v=4a1a445d05ba1bef74dd6d77a21ed2b5333d1272 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/png
content-length: 345
cache-control: max-age=43200
etag: 4a1a445d05ba1bef74dd6d77a21ed2b5333d1272
last-modified: Wed, 27 Apr 2022 14:03:30 GMT
cf-cache-status: HIT
age: 72
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=peaSVwalobdn8jTO92ZUB4TKLrup5m9bGxMcmBJPLWUTIRd9JB9uTcbgyXK0ZyCJq0ZloTx%2BcEWkM9viy2NU2oc4IPc%2FnrYaSxURHgA6A4cayY8aBeJ6b%2BJOqk3X5xVT9ROt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126aed64b50b-OSL
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/c82202d3-8a77-49bd-8ff2-980c84ab8547/styles.css?v=9529b5247169664a4d465b9c40e33454d040d82f
200 OK 71 kB URL GET HTTP/3 shouldbyou.click/storage/c82202d3-8a77-49bd-8ff2-980c84ab8547/styles.css?v=9529b5247169664a4d465b9c40e33454d040d82f
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type ASCII text, with CRLF line terminators
Hash 8dc019edaf27666b811fa17e81c043d4
9529b5247169664a4d465b9c40e33454d040d82f
323af3d887ec4d3c30e464a934c06152ec08651a284c5e5c5c3b7093f031cb04
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/c82202d3-8a77-49bd-8ff2-980c84ab8547/styles.css?v=9529b5247169664a4d465b9c40e33454d040d82f HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css
cache-control: max-age=43200
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWMBmEszLcgTC04vWvcudvdRLiDHZ9pQ0KhH6R7mrUsN6VASXuxC6nD9llISR67DGHzh3p3iW40t4POBuMqHe8h0lOZ99lZq0k8NNGf%2FGGqtYebLN4UxSUphBh7gHtwURjcc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881712676be6b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/a9bad42d-d8ea-4277-96f4-aa7b68921906/summary-icon2.webp?v=0edf2bb95d6807582cff785e1eca163c50bd987c
200 OK 3.1 kB URL GET HTTP/3 shouldbyou.click/storage/a9bad42d-d8ea-4277-96f4-aa7b68921906/summary-icon2.webp?v=0edf2bb95d6807582cff785e1eca163c50bd987c
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type RIFF (little-endian) data, Web/P image
Hash 0c7eaf1138480894cf1e96c4caf8bbfa
0e325ff9467d7ced78f417f75d3f06f5c20bc7b9
cb6e54ad4f150787feb15b0c8fabd52dcb8c40d96575d2c30fea67d3e91f8752
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/a9bad42d-d8ea-4277-96f4-aa7b68921906/summary-icon2.webp?v=0edf2bb95d6807582cff785e1eca163c50bd987c HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/webp
cache-control: max-age=43200
etag: 0edf2bb95d6807582cff785e1eca163c50bd987c
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfkWNAXoFWV8Y8BryFGoeMKxcI0AUsdx%2FdH8pr7CtGNg%2B4ud47d%2B0d7Z%2BatS0YvkRQdc3R34St9F8NiYibnVUeLalQJgnSFebJhmVrX78faxHXctO5%2BhsAcY8w5W0mX4eYXs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126aed66b50b-OSL
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/7c1c16e9-f73e-4689-a7e6-09cf4ee702c8/shopping.webp?v=d05d1317261606be1af5d7b0ab974f32246aa1bb
200 OK 34 kB URL GET HTTP/3 shouldbyou.click/storage/7c1c16e9-f73e-4689-a7e6-09cf4ee702c8/shopping.webp?v=d05d1317261606be1af5d7b0ab974f32246aa1bb
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type RIFF (little-endian) data, Web/P image
Hash 73a4534f6c0a4ea3e1e923b2050dc5f1
784aace4380d28727c9ac67e7a6cf3f2cc7196b4
365177e699154eb4aa07b12dcf606a0fd9eb91d2f85d754559ab53c7e94e16e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/7c1c16e9-f73e-4689-a7e6-09cf4ee702c8/shopping.webp?v=d05d1317261606be1af5d7b0ab974f32246aa1bb HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/webp
cache-control: max-age=43200
etag: d05d1317261606be1af5d7b0ab974f32246aa1bb
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KecX2D4NwVXmmKBkd6mfNIJpDwV9gST9vLUVA%2BhSNVXqCaqi3lkNzsCyYHAGXiw6lMBiJOUCWMEg4orPPeQyBtfqC6CFB1iuwrYTkGVUbtcEDcGcOO878KP1gQHZq4N2cVbn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126afd6cb50b-OSL
alt-svc: h3=":443"; ma=86400
zone.love-tracking.com/aff_c?offer_id=12318&aff_id=1206&aff_sub=136&aff_sub2=2c96915d222045588bdf95e75d0c6e24
302 Found 7.5 kB URL User Request GET HTTP/2 zone.love-tracking.com/aff_c?offer_id=12318&aff_id=1206&aff_sub=136&aff_sub2=2c96915d222045588bdf95e75d0c6e24
IP
Certificate IssuerLet's Encrypt
Subjectlove-tracking.com
Fingerprint45:95:1B:AE:0F:7F:47:9C:E9:A3:AC:79:76:5E:C0:9D:1A:90:0E:39
ValidityFri, 22 Mar 2024 13:35:27 GMT - Thu, 20 Jun 2024 13:35:26 GMT
Hash e034307f2d1fb774048fd32db667d0e4
67f8f9961ac6aba4e635058aeccab8b1314c2e52
a7766db6e79a5d459ebf11e03f920b6a1967082a03937268958b6ef4c98cee07
GET /aff_c?offer_id=12318&aff_id=1206&aff_sub=136&aff_sub2=2c96915d222045588bdf95e75d0c6e24 HTTP/1.1
Host: zone.love-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 04:09:05 GMT
content-type: text/html; charset=iso-8859-1
location: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI CUR OUR NOR INT"
pragma: no-cache
set-cookie: enc_aff_session_12318=ENC03a2fa5777c42cc159d78005c58bfe9d3febde96525762dfc3ed0d8909e8aec11a6268f906632b95159d29ba298314998a1dfc483c2d573f863e9ced622ae6301e439af08c465a29d74985d6d648119c6a27380fddbd36c82b28a1e4a704e2f6ee4b65ba5335a21a3255349df1d6dbf41dfdd3b0766f362af9dd45b8213582b25bfa12411b19e903ebd96ea4db58c2f47f69006df873dfa40c0b0f39024fc6f2a311df26b8; expires=Mon, 10 Jun 2024 04:09:05 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IFg4Nl82NDsgUnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiYWNjZXB0X2xhbmd1YWdlIjoiZW4tVVMsZW47cT0wLjUiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Sun, 04 Apr 2027 14:49:05 GMT; path=/; SameSite=None; Secure
tracking_id: 1022571a13c5d23d80027d60f09c33
x-robots-tag: noindex, nofollow
access-control-allow-origin: *
x-request-id: 9e467db8e3bd98c370716f392fc398f2
access-control-allow-headers: Tune-SDK-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WC1rINh1g%2BM%2FeVKFat8XYYufBOzQHuudX93DCrPa8AFNffFSEKOlY%2BaLbegWoeJEi3vbzkp3K3LDr1ysirC5gL2BZWjs1bBXJPbXIt1Ozowe8agc0mQloUZ4ocMS7An3eLXDNHzUQTcV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881712611e7e568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
200 OK 19 kB URL User Request GET HTTP/2 shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
IP
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (641)
Hash 60ccd4f140e0bd013cad1b43fe85da01
c02f0f6ee5efe6cd0f272251ddccdc9796eb1dad
2af47edcdeb1f17c28cafc92c783cd53cad174c9386658a52a5b546fb0cbdd2c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id= HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
x-frame-options: SAMEORIGIN
set-cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; expires=Sat, 25 May 2024 04:09:06 GMT; Max-Age=1296000; path=/; secure
SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D; expires=Sat, 25 May 2024 04:09:06 GMT; Max-Age=1296000; path=/; httponly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FAs6oHF5qd4ofz4BLv2Y4NBG8ba1lJj%2BsjvyjJZ4sVYAGThYByYHmc04sX15ziOTaap5eXjSADbvZcLu9CELACWX0nFE%2F8G9n6DR7AO%2Bj3mXKbJ6YXOxdqVZHSsc5xguAbRy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171261ebc556b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
shouldbyou.click/storage/91a328b2-08eb-40b3-99d3-4c1317e68bcb/summary-icon1.webp?v=4c907c74ef62718903431012314e6f69a698d959
200 OK 152 kB URL GET HTTP/3 shouldbyou.click/storage/91a328b2-08eb-40b3-99d3-4c1317e68bcb/summary-icon1.webp?v=4c907c74ef62718903431012314e6f69a698d959
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type SVG Scalable Vector Graphics image
Size 152 kB (151864 bytes)
Hash 4985406ebeb109a92b2a60193462f72e
4c907c74ef62718903431012314e6f69a698d959
fed1558c08d3315577c76538838482ddedcdcf741ae324a3d976de99f4bf6e3a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/91a328b2-08eb-40b3-99d3-4c1317e68bcb/summary-icon1.webp?v=4c907c74ef62718903431012314e6f69a698d959 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/svg+xml
cache-control: max-age=43200
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHhH6lS4hoIVfWCDKLTIwBaCxScvDeZ3BFC14trHiD%2BOA3s9dYMPCAHtc24WJMmyUBWSERIJEkiWghtiIqvitJWIEnVU1OXQOeB6GLkqBezbHTBROzMBgSd1nSS9yXh6tNKN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126aed65b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
shouldbyou.click/favicon.ico
403 Forbidden 13 kB URL GET HTTP/3 shouldbyou.click/favicon.ico
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type HTML document, ASCII text, with very long lines (16394), with no line terminators
Hash 7792ca2ba0a73e772c3afe28992d62f9
3df6821a276d5d150be6ffa61170040d95b62383
673ed7be33224db177047c04b54f9e5e4ca91ca44ec646ae3c72564f97fe8f97
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Fri, 10 May 2024 04:09:07 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 4BB3O797O0x7TT1rwvGPKswCXLObscmCShHKd3XmMKTHv9EaaQSac8XFGVE27+Phwabz2MXyb3nHfu0tbdoOXoRQVJIW94uMsS76y0IQ4aLBa44FgSxBwh5RVIfZyNEP0DNdy48mdry9GHwh5vVAnA==$I22DCgI8d3aaUYYZoTaJiA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kaoa9RdSBNhTGrSr0SwmqDMP9q3M%2F9WK75LLVPR1FaDuOoXwnklcrQWbN4WRAoJzCq%2Biu2e6XVlXIMXizkKBDpua%2BCV7YpRAcncn1fsw7DAmkcez0xDOi%2BNqDtcLZSCjnVYj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126c2de9b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/258b120b-bc60-4a89-b623-758b919e2342/styles.css?v=715ca377cd72161d49456ab86fc1fcc684b74532
200 OK 3.2 kB URL GET HTTP/3 shouldbyou.click/storage/258b120b-bc60-4a89-b623-758b919e2342/styles.css?v=715ca377cd72161d49456ab86fc1fcc684b74532
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type ASCII text, with very long lines (3575), with no line terminators
Hash bbd48240e159b26fc294dbe6a53a8a5d
08927ece656e7ad099003cdaaaf2c5eeb58ed9cd
e4f8c4e88d49ca75854d1efdb8ae5da27e7b649e25acf7b165f0c24ed786d40c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/258b120b-bc60-4a89-b623-758b919e2342/styles.css?v=715ca377cd72161d49456ab86fc1fcc684b74532 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css
cache-control: max-age=43200
last-modified: Tue, 30 Apr 2024 11:56:08 GMT
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4IaY4uPqGA31f0puRT5Q9ZmZmnLvtoRIA7Zpjb1WkxRfMlF3PdFWjTxMNhbNwc0tA3g7WCJMD9SWbjXmeBEyh5L%2FyEcTV4yLuRNrOjD0eErn%2BRfk5d5UZ3xZCTfd5UnYFQ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881712675be2b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
shouldbyou.click/storage/86e1a59f-f13c-4f42-a385-ddfbdb98969c/cards.png?v=241c879ccff27bf3c189986e785baffded53e598
200 OK 3.8 kB URL GET HTTP/3 shouldbyou.click/storage/86e1a59f-f13c-4f42-a385-ddfbdb98969c/cards.png?v=241c879ccff27bf3c189986e785baffded53e598
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type PNG image data, 246 x 49, 8-bit colormap, non-interlaced
Hash 03d293aeb9801a3efe0297bcdc21ce81
241c879ccff27bf3c189986e785baffded53e598
a7a1e4e5aa1ef410de7347d8abdc154f35f57e88059fc7c06f79df8a7cb10d31
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/86e1a59f-f13c-4f42-a385-ddfbdb98969c/cards.png?v=241c879ccff27bf3c189986e785baffded53e598 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/png
cache-control: max-age=43200
etag: 241c879ccff27bf3c189986e785baffded53e598
last-modified: Tue, 14 Jun 2022 07:18:46 GMT
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1V1jvl%2FhapjgOQCimZdad3diMZUx7Hc%2FPSytxJytbYbnCSZqyaSbOialQAxg%2B6AU16sxK0AZtkPiy9JeLTseZy3dhFLMk%2FnheZCPECat2Z5BBh35VIUXJHl%2BUnynrI3b%2BOGz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126aed63b50b-OSL
alt-svc: h3=":443"; ma=86400
cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.css
200 OK 18 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.css
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
File type ASCII text, with very long lines (18192)
Hash eb21d0f0053cd0b33a1e2107e95156d2
715460aed84071944bc26b7cb1e565f3ed107221
79a42e24b867ff52d9e4d766b96d8882c83f18e7442408a41c4b09a043dffccb
GET /npm/swiper@10/swiper-bundle.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 10.3.1
x-jsd-version-type: version
etag: W/"4813-cVRgrthAcZRLwmt8seVl8+0QciE"
x-served-by: cache-fra-eddf8230084-FRA, cache-lga21950-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 9789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqWHRGJsfB4aEartj6GDnDn08wblwdzP%2FnGrRqvCwKHrIQZHF2F3jjmXwVgf3QaIv4M5FU0TPiBPChZVE1rZct1YkQ6yUrvHRKnqZsWLzVOC3bRvHP9FBBcFi%2BbCQ7hEXrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171267d8d9b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
shouldbyou.click/storage/f04fd89a-fdad-4a7f-83f3-42cbac3ad8ce/summary-icon3.webp?v=663acce00dbaba22816e31c565685524edfd3f05
200 OK 11 kB URL GET HTTP/3 shouldbyou.click/storage/f04fd89a-fdad-4a7f-83f3-42cbac3ad8ce/summary-icon3.webp?v=663acce00dbaba22816e31c565685524edfd3f05
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Hash 87a6d09add48a8c58fd9c538b7b1a00b
663acce00dbaba22816e31c565685524edfd3f05
f85705953d818e627bbbbbc7169f48e13928778d1e4297c6ae6a97608e780bbb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/f04fd89a-fdad-4a7f-83f3-42cbac3ad8ce/summary-icon3.webp?v=663acce00dbaba22816e31c565685524edfd3f05 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/png
cache-control: max-age=43200
etag: 663acce00dbaba22816e31c565685524edfd3f05
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 72
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqkcUyV%2FvoBKT0xGKWeBDEYJ5kQa5LkCtjlLsNzku1mFZqToCykmT1onsbwNhe3rsAAIa8xtkjOueXld2uscX%2FqPKbca9duAZW3eXk6ID6SEstKlMqAgo8d4uP2TLSxibDzy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817126aed67b50b-OSL
alt-svc: h3=":443"; ma=86400
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css
200 OK 233 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
Size 233 kB (232948 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shouldbyou.click
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.3.2
x-jsd-version-type: version
etag: W/"38df4-HxOZgbm0enZu+gphu3ito1HxbEs"
x-served-by: cache-fra-etou8220083-FRA, cache-lga21981-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 312743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2UjzrztLF9ocUclrIU2V1IUe%2F5S0VvoDLlwBDiPRDPHexqYDgFOlKnUA1Sbgf70da%2FAwS8gz3FAR7j1e8oieKf8KbIaIkPMJq%2F%2Fh176MWHzczoZXypRwBEyyRbgbYvpYqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171267ec6e1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/intl-tel-input@17.0.19/build/css/intlTelInput.min.css
200 OK 19 kB URL GET HTTP/2 unpkg.com/intl-tel-input@17.0.19/build/css/intlTelInput.min.css
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type ASCII text, with very long lines (19157), with no line terminators
Hash 6b7fb2ee130535419a67afb198f41c2b
ffb8a25633c4ddeab81d1b1742ac2fd0b442a4c6
c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845
GET /intl-tel-input@17.0.19/build/css/intlTelInput.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "4ad5-/7iiVjPE3eq4HRsXQqwv0LRCpMY"
via: 1.1 fly.io
fly-request-id: 01HWRA920WHCVCRQDVBJXWJRZ8-arn
cf-cache-status: HIT
age: 806106
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88171267ea6a568d-OSL
X-Firefox-Spdy: h2
shouldbyou.click/storage/c19cddc1-63c7-4a83-84bf-cbfe746a9691/global-styles.css?v=de661d7eeaf3c3c8c95f21cc7a4cc811e346e789
200 OK 1.7 kB URL GET HTTP/3 shouldbyou.click/storage/c19cddc1-63c7-4a83-84bf-cbfe746a9691/global-styles.css?v=de661d7eeaf3c3c8c95f21cc7a4cc811e346e789
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectshouldbyou.click
Fingerprint2A:49:77:D6:C0:E5:87:5F:33:76:F7:CD:CB:7C:64:DB:A4:DD:2A:CC
ValidityThu, 18 Apr 2024 10:10:22 GMT - Wed, 17 Jul 2024 10:10:21 GMT
File type ASCII text, with very long lines (1794), with no line terminators
Hash 71f25357316f81d64bb04ab7ffb6422f
1ced28e6a9173c35624908ad52c2f7077ab7114a
89b2bf2221bfe706a2780c78a30a0ed1943cfda274d8189b4f8b3df5d81d2b9a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /storage/c19cddc1-63c7-4a83-84bf-cbfe746a9691/global-styles.css?v=de661d7eeaf3c3c8c95f21cc7a4cc811e346e789 HTTP/1.1
Host: shouldbyou.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Cookie: XSRF-TOKEN=eyJpdiI6Ik9hanFZeGhKT3ROenhZZ2tIT29Damc9PSIsInZhbHVlIjoiallXcE1BS0UvQ0JqN0djcnVlcVVwT3kxUCt6U2Q0U3hFYzJWMjJiU1Q4QjVnRDM1Z0lkZUM4amo3eEdIM3F0OTZWVFZ1cFF0QkpraVA4SDc4aE5pbW02Zk9aWU9RWmlFSWthR0E2NmJ3NlpncU9GSEdFdHpKL1hlSHFIYkhuRHoiLCJtYWMiOiI2MTA0NmRkZTNiY2Y0MWI5N2E4MTMxMTUzNmRiYjM5NDhjNTYyMzQ2ZjNmODU2YmNlNjdhNDg2Yzc2ZjU4YmEzIiwidGFnIjoiIn0%3D; SESSION_ID=eyJpdiI6Ik1HcktjdmJMUlpDR21NQlRhSnlPSEE9PSIsInZhbHVlIjoiY0xOWXhhZzZWQXRRc0FGeFBVL2ZnaE5SV3h4T242NHpzOUQ0RkJ5MmoxYlZJTXZjdldHck5xTzJPVVpETG91NFpwWTVzZFR2b2Q5NWRqR1pqRHhIMUc4Y3pQYUhFQzdhZDZWUGszQlk3V2pnSWJYZTB1RExpWHZFQ0x1d1htRGMiLCJtYWMiOiJkZGM3ZDIyODI0M2I0NTE3ZjllNmU2YzczNmZjZDI4ZjI2ZTMyNTlhZDRhNWFkOTcwYmRmMGY5ODBkZTk3ODk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: text/css
cache-control: max-age=43200
last-modified: Tue, 09 Jan 2024 09:30:43 GMT
cf-cache-status: HIT
age: 71
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=knhkAalR4B%2BIMUW4qDDRUlf%2ByrKsRNeYa%2FQCgEYN4QvKzJ%2BZek2%2B2oyNl9MH7jirdvB5YQO31Vw%2FDSbByWHn4hIBGADY%2BhmnX8fNYOZIKiajHPG9SNo5i%2BajrF5ZwFm0oN2c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881712675be1b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/intl-tel-input@17.0.19/build/js/intlTelInput.min.js
200 OK 30 kB URL GET HTTP/2 unpkg.com/intl-tel-input@17.0.19/build/js/intlTelInput.min.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /intl-tel-input@17.0.19/build/js/intlTelInput.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "734f-tveChQZOzfKDCBYG03tkPAXVi2E"
via: 1.1 fly.io
fly-request-id: 01HWR0VJ93FPXY2VASKRWW3M98-arn
cf-cache-status: HIT
age: 815985
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88171267ea6c568d-OSL
X-Firefox-Spdy: h2
unpkg.com/intl-tel-input@17.0.19/build/img/flags.png
200 OK 71 kB URL GET HTTP/2 unpkg.com/intl-tel-input@17.0.19/build/img/flags.png
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced
Hash 416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
GET /intl-tel-input@17.0.19/build/img/flags.png HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://unpkg.com/intl-tel-input@17.0.19/build/css/intlTelInput.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: image/png
content-length: 70857
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "114c9-IVcsl1Hlo9wgOVvvoPyzScMsSBE"
via: 1.1 fly.io
fly-request-id: 01HWR15109ZKW4P12AJ3TTV1X9-arn
cf-cache-status: HIT
age: 815676
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8817126b5c60568d-OSL
X-Firefox-Spdy: h2
unpkg.com/intl-tel-input@17.0.19/build/js/utils.js
200 OK 252 kB URL GET HTTP/2 unpkg.com/intl-tel-input@17.0.19/build/js/utils.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type JavaScript source, ASCII text, with very long lines (1454)
Size 252 kB (252155 bytes)
Hash 9efa948e4c90fd3b85f6da8b26fea5d1
2c9916f0b09ba12e437eeda82364eb53da0508be
0efad3f5cc55af8cf3e1d0a7c74213fb285c7f242880873f7f83e1c80ca4aa48
GET /intl-tel-input@17.0.19/build/js/utils.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:07 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "3d8fb-LJkW8LCboS5Dfu2oI2TrU9oFCL4"
via: 1.1 fly.io
fly-request-id: 01HWRA92J2EZFQDC47JM4BNYZZ-arn
cf-cache-status: HIT
age: 806107
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8817126c6cff568d-OSL
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js
200 OK 1.5 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1546), with no line terminators
Hash 0ce65d25b3ddb57ebd921dc8788728fb
6db9a82f863954d11411a8646a97effc5bfddb94
7ef97a965d3e5c48d1702bc40e3022057b6d6e07d81f51c48e8382e4e9ed513a
GET /npm/js-cookie@beta/dist/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.0.0-beta.4
x-jsd-version-type: version
etag: W/"5de-umxYiZHe1aDZ+J/AVp+cMSpsIxY"
x-served-by: cache-fra-eddf8230107-FRA, cache-lga21970-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 10039
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BQKhPVtShjkRnhkjpatBeeTpmL9Fd2qKFUxaJHZQgeigbm49iJ5GgkihJWZi8Hk2tvtIQMx17zXnG151kp%2B2cr327TByRqbwp1nlfBc1dHjS5%2FWthbBtnGPXL%2B5lKBQR34%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88171267e8efb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/aos@2.3.1/dist/aos.js
200 OK 14 kB URL GET HTTP/2 unpkg.com/aos@2.3.1/dist/aos.js
IP
Requested by https://shouldbyou.click/c/CPqS2Nv1PGcP8bzXymb?s1=1022571a13c5d23d80027d60f09c33&s2=1206&s3=136&offer_id=12318&s4=&p_id=
Certificate IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File type JavaScript source, ASCII text, with very long lines (14239), with no line terminators
Hash 70b4897108480dbe11c443c2ab7679c9
70dbfd38a0f1fc3b1a7d9fadab58786484c34f17
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
GET /aos@2.3.1/dist/aos.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shouldbyou.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 04:09:06 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Thu, 17 May 2018 22:11:13 GMT
etag: "379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
via: 1.1 fly.io
fly-request-id: 01HWR4V0DAS96HY7329QE7KJFZ-arn
cf-cache-status: HIT
age: 811808
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88171267da65568d-OSL
X-Firefox-Spdy: h2
35.186.217.63
104.17.246.203