| code.jquery.com/jquery-3.3.1.min.js |  151.101.2.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.3.1.min.js IP151.101.2.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/
Origin: https://randyfinder3d.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 09 May 2024 19:41:31 GMT
age: 20483088
x-served-by: cache-lga13622-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 36, 89380
x-timer: S1715283692.981117,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2
|
|
| freeromance.site/?gallery&s=Beauty_135z | 172.67.188.161 | 302 Found | 15 kB |
URL User Request GET HTTP/2freeromance.site/?gallery&s=Beauty_135z IP172.67.188.161:443
CertificateIssuerGoogle Trust Services LLC Subjectfreeromance.site Fingerprint71:0D:33:43:90:77:83:F5:C9:75:10:6C:55:39:4A:C3:2B:6F:94:DF ValidityFri, 29 Mar 2024 21:12:59 GMT - Thu, 27 Jun 2024 21:12:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14940, version 1.0 Hasha46fb7aae99225fdfd9d64b2b8b1063f 1ee50bf5985c1956dde1c06d9b1cec4645ddb92b 4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
GET /?gallery&s=Beauty_135z HTTP/1.1
Host: freeromance.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 09 May 2024 19:41:31 GMT
content-type: text/html; charset=UTF-8
location: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
x-powered-by: PHP/5.3.3
set-cookie: visited=1; expires=Sat, 08-Jun-2024 19:41:34 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2FdRYBSlJbemkugQSKUi4GAiFoHSsZVyntfLTNBm0T84e5MAZeQWxXqhrs5lJbVOFkAIlhaDyhaQiQpTNZyjCuNpnCasezN%2F%2FLHPaN61CTixxWchBItumCc265PB8AZ9eWw%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88142addcfae712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| randyfinder3d.com/info-ws/ |  104.21.16.137 | | 0 B |
URL randyfinder3d.com/info-ws/ IP104.21.16.137:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /info-ws/ HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://randyfinder3d.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qv9Z18Ioa19PGtNI6knW7Q==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 May 2024 19:41:32 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1rLuKCxxTtcTMeu8huLl7J/wy/U=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIQn2T0HrF8acaX7BvZH6GQcD9FWD3nEfIM7cdw1%2FZJJ5fRXd4hIHn0smdaSK48zr0v4UQk2ub5Jc2VFce9k10EAhFnbS7VmebC3cZ7awuV8Dx7L7PQg3GxXhF%2FO9%2FL154UxpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88142ae3ff757131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/uuidv4.min.js | 104.21.16.137 | 200 OK | 82 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/uuidv4.min.js IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typegzip compressed data, from Unix Hash5abefaf79da52cd8c4817d6364ff5200 5838cba2bffb4a6a53b5fc7cac0113bf0543f6ef 8fda5494b1fe04d0741ba4f7db1cb86fd077ef4d45a9f23b597aca1c94484c43
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/uuidv4.min.js HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxkAANuaWxtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAALQmVhdXR5XzEzNXptAAAAA3VucW0AAAAMbm1oSnh5VmVtYXNP.vvUrAHAya8Ygr_pgybPTDfQqhTcy8MSnslAHGtqRIG8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:31 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Feb 2024 13:29:03 GMT
etag: W/"65d4a91f-451"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 6389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siQhp8SChy4CynJntuKtm1M9rL4UeakBdcY1ByTW9FZ%2Fi%2FKmVELD6O24RtkE6lzdnpKDFrl%2B%2BWAxv7aWA0OETmeit0Mj5%2Bgamyscz%2B%2BdH%2B1zCDELncpeTDJFrU7KFTqDbE3JOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88142ae25e9456cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m5.jpg | 104.21.16.137 | 200 OK | 83 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m5.jpg IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 820x1240, components 3 Hash6494ce2e146a1d54a49331d5148dd206 6de29c43900293c7f7d95e7fede16c6d8fee9c93 f61ba9ac0cab5fcbfd76fa52e3448a0a8eff2749d30273f2ced34442f6fda263
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/43f0cac5d4a90325802a719db6f9553f/images/m5.jpg HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/jpeg
content-length: 83193
last-modified: Tue, 20 Feb 2024 13:28:59 GMT
etag: "65d4a91b-144f9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CjmFGK9eG0bdt47DJnvV4eTpZnqYn5hUY9jBvChI%2BX%2BrKqTxY1s6deE6NmgqFmP3RTm2xUixfYJ7BrIm%2Bcu3JAd6zoz2OqNy1oVH14ESI1nBG4BrMCWW0MaD%2FNaeE2qwxl%2FOdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae3584b56cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m4.jpg | 104.21.16.137 | 200 OK | 102 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m4.jpg IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 740x1250, components 3 Size102 kB (101737 bytes) Hashc1b08ff8c5da13585386395443e0286d 1e603a94109f76f735aaa060fc180fad5e889c59 fcce3b2868ea0ba4f8ffcd3077668a0e3644a14390722e53e9b25b42c9f68a73
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/43f0cac5d4a90325802a719db6f9553f/images/m4.jpg HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/jpeg
content-length: 101737
last-modified: Tue, 20 Feb 2024 13:28:59 GMT
etag: "65d4a91b-18d69"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oz3ndco4qW%2Fwm1uAfIfHmzrfJ5XzM%2Fcc85cVpjeuxRi6UDQz0A4IokzVSGVHFX8ej7OLNlH4xeKS3%2FvUH6WorW9R3acbJCx%2BRveHQ2q6L4Xz2Z8OTf9ixRYKAFvfbKb9uFO6Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae3484856cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m1.jpg | 104.21.16.137 | 200 OK | 59 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m1.jpg IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x1230, components 3 Hash62b9f9f5440f2755817eb9826bfeb5d4 51844d0032252f3db9d24c5a06a4cc46f59e1866 f61d54bf501dfa795a4031d57313e700e23ccb15251a6813b488493d551b14db
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/43f0cac5d4a90325802a719db6f9553f/images/m1.jpg HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/jpeg
content-length: 58774
last-modified: Tue, 20 Feb 2024 13:28:59 GMT
etag: "65d4a91b-e596"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5xDot0G0CrpQY1Ygb6c2x4Acg%2FQ9xYRnOKo1v0ykHY%2B76yXE9S0DoHVR7364FwhGxdXF1JCrlbe8DWbRLRd%2BDeY6veUr%2Bx06n5PUsvuVeSqGDmQZI9sOUR1rV4OIVxGJD%2FSrGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae3483f56cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m2.jpg | 104.21.16.137 | 200 OK | 34 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m2.jpg IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x1082, components 3 Hash29a074621d9eb9c47b3228e838c40be5 8bb2ca896ad0c6c65c36a474a550590334cfc0d0 62b36a920159c2a50c6ed7d07a9147503de9cba4ebf3c965a977d03104e9dcbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/43f0cac5d4a90325802a719db6f9553f/images/m2.jpg HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/jpeg
content-length: 34377
last-modified: Tue, 20 Feb 2024 13:28:59 GMT
etag: "65d4a91b-8649"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0f0sGdIWijdp94j10g9uZlouFgMHe0LCe8TMQF8u9NvqFxDJ%2FKyhDqdzfsbu38OLt8pXSJMeEo4Ay24%2BEWhTNZZYvKGWR67FXx0Sw88k4PyVznngss9eIs6JVRC7MsPNoZFC0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae3484056cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/lstatic/info.min.js | 104.21.16.137 | 200 OK | 164 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/info.min.js IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJavaScript source, ASCII text, with very long lines (37352) Size164 kB (164073 bytes) Hash38ea2c394a4abb159172f8d7b77f495e 8efd580a25c3d1be8533ed74de7bc5607cbc278d a6510d097802bc66cc5aae4485af48dd9d77053766be8dd671d974d21d363031
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/info.min.js HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxkAANuaWxtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAALQmVhdXR5XzEzNXptAAAAA3VucW0AAAAMbm1oSnh5VmVtYXNP.vvUrAHAya8Ygr_pgybPTDfQqhTcy8MSnslAHGtqRIG8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:31 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Feb 2024 13:29:01 GMT
etag: W/"65d4a91d-280e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
cache-control: max-age=1800
cf-cache-status: HIT
age: 6389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMWhYvaULWtjHQ4rCvv0G4SpcfOfLHqFTtNCBGwJZ9M%2F3RZhUwwH0f13fGXH261jWjLre4t0nYEExEiCiUrkQMu5AMogBRXqw1iBz5HBksR5nNIxHe2dCaXo4uEN20Q0bzTNpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88142ae25e9256cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/info-ws/ | 104.21.16.137 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1randyfinder3d.com/info-ws/ IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /info-ws/ HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://randyfinder3d.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qv9Z18Ioa19PGtNI6knW7Q==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 09 May 2024 19:41:32 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1rLuKCxxTtcTMeu8huLl7J/wy/U=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIQn2T0HrF8acaX7BvZH6GQcD9FWD3nEfIM7cdw1%2FZJJ5fRXd4hIHn0smdaSK48zr0v4UQk2ub5Jc2VFce9k10EAhFnbS7VmebC3cZ7awuV8Dx7L7PQg3GxXhF%2FO9%2FL154UxpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88142ae3ff757131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/p.js?a=2124735&cr=66789&lid=41176&mh=b1ZVTnNCQUdwU0xRQWtGUUdCc1BYV1JBTGtyS2FwUGh6ektqU0FBLTM1ODc1&mmid=3979&p=0&rf=uua&rn=zc40mdmUys4WmdeVEhG&t=Beauty_135z | 104.21.16.137 | 200 OK | 378 B |
URL GET HTTP/3randyfinder3d.com/p.js?a=2124735&cr=66789&lid=41176&mh=b1ZVTnNCQUdwU0xRQWtGUUdCc1BYV1JBTGtyS2FwUGh6ektqU0FBLTM1ODc1&mmid=3979&p=0&rf=uua&rn=zc40mdmUys4WmdeVEhG&t=Beauty_135z IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJavaScript source, ASCII text, with very long lines (393), with no line terminators Hashf1a4722979016eb7d5f86bcc110fb938 2522b1d372254f6905ee497c71d6e83d2a44e1b8 a0ef8282fe318ba5e2d8a47f7212cce513d11e8e7e15a3e3e0f91cb98c67c51c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /p.js?a=2124735&cr=66789&lid=41176&mh=b1ZVTnNCQUdwU0xRQWtGUUdCc1BYV1JBTGtyS2FwUGh6ektqU0FBLTM1ODc1&mmid=3979&p=0&rf=uua&rn=zc40mdmUys4WmdeVEhG&t=Beauty_135z HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxkAANuaWxtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAALQmVhdXR5XzEzNXptAAAAA3VucW0AAAAMbm1oSnh5VmVtYXNP.vvUrAHAya8Ygr_pgybPTDfQqhTcy8MSnslAHGtqRIG8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: BYPASS
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc; path=/; expires=Fri, 09 May 2025 19:41:32 GMT; max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCE9%2FY42Q0TtEm2e5Han0bWRc1ERkriJAUCIv0VxwmPjBW6p7LDRpBGu62oUsPtc1Z28VlDDB83%2BOm6ykGWIPNi5steam74XgKmsStR7Pq2js2NNXaun9HD9IPwNkWcviiqnKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae25e9556cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z | 104.21.16.137 | 200 OK | 16 kB |
URL User Request GET HTTP/2randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z IP104.21.16.137:443
CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJavaScript source, ASCII text, with very long lines (12800) Hashcab06204e8c06f2c97a24e99dc617351 3dcd947c7634926183be7079acf2839d9031d5fd f10520e6c503a9649eda2cdcb4bbc71963c63ceedcfbe80f60d3aa286d3fa03f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 19:41:31 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxkAANuaWxtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAALQmVhdXR5XzEzNXptAAAAA3VucW0AAAAMbm1oSnh5VmVtYXNP.vvUrAHAya8Ygr_pgybPTDfQqhTcy8MSnslAHGtqRIG8; path=/; expires=Fri, 09 May 2025 19:41:31 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Z9L%2F1f6cHJC%2FG9FFanUIPUIZYwaCKOiaoKGUxSYqAL4%2Bnpk8zRa77X%2Bt1amqQBoTeDRze2pos2wjxpG9xqd47lXkZcJPUiWSF4txoidKbsaR458vkK2SQ7geGw9TTsPLZQEMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88142ae02f6e569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Montserrat&subset=latin-ext | 142.250.74.106 | 200 OK | 1.8 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Montserrat&subset=latin-ext IP142.250.74.106:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (1849), with no line terminators Hashf9bede8e0040dae7b773802d556ed574 3b54311abf21a8a22a7c39012bd4365561cd958e a431b718972726753c9f8bfc03334df3414b61b644f692c51673bfbe90164e4a
GET /css?family=Montserrat&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 19:41:31 GMT
date: Thu, 09 May 2024 19:41:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 | 142.250.74.163 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 IP142.250.74.163:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14940, version 1.0 Hasha46fb7aae99225fdfd9d64b2b8b1063f 1ee50bf5985c1956dde1c06d9b1cec4645ddb92b 4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
GET /s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://randyfinder3d.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 04:47:09 GMT
expires: Sat, 03 May 2025 04:47:09 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
content-type: font/woff2
age: 572063
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m3.jpg | 104.21.16.137 | 200 OK | 82 kB |
URL GET HTTP/3randyfinder3d.com/lstatic/43f0cac5d4a90325802a719db6f9553f/images/m3.jpg IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 853x1250, components 3 Hash9995672f151f723c8e8abbd64c30022b 13ad6e5bc53d13620a53824f8d5c190fa1cf6f81 54e2f4a9f784c0ab8b8fb9c9d0666d60d0a4c63e2192aa3c91dc668ca9a03a79
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/43f0cac5d4a90325802a719db6f9553f/images/m3.jpg HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/jpeg
content-length: 81989
last-modified: Tue, 20 Feb 2024 13:28:59 GMT
etag: "65d4a91b-14045"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6OKtAH%2FH1A9xjPX7giquPhP0%2F0zNeHXHMs10HZgpHL2mxRmSeYG2qRf2Ej1dOlOsTECr7Jz6CXTU3BEZAhgdVnCVQVRSm04qjDxrh3f%2FSZuzq%2BbO3R9uFI2dB42vgbEv%2Bl9jiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae3484656cb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| randyfinder3d.com/favicon.ico | 104.21.16.137 | 200 OK | 68 kB |
URL GET HTTP/3randyfinder3d.com/favicon.ico IP104.21.16.137:443
Requested byhttps://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z CertificateIssuerLet's Encrypt Subjectrandyfinder3d.com Fingerprint71:69:9F:D9:E3:63:E2:C0:DF:C3:FC:85:A9:7A:63:E0:24:38:6D:2D ValidityThu, 02 May 2024 13:45:04 GMT - Wed, 31 Jul 2024 13:45:03 GMT
File typeMS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel Hash60815a32fa23ff7b83bdf71ffb583475 9aa83b8ce42b528e97ae12ba5c8cc9318f7bb9c6 b8f4191a9eeb1d2bc53e7a33e08ee5d09b1f551a42219c042182585cccc287d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: randyfinder3d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randyfinder3d.com/?utm_source=J2yUk0VsyPbfE&utm_campaign=Beauty_135z
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTQxNzk4bQAAAApSbmdrTmF5R1d3bQAAAANoaWRtAAAAJ29WVU5zQkFHcFNMUUFrRlFHQnNQWFdSQUxrckthcFBoenpLalNBQW0AAAACaGxhAW0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAAtCZWF1dHlfMTM1em0AAAADdW5xbQAAAAxubWhKeHlWZW1hc08.UQ6ctp0S66dWVBzqJi3hQlmDV_oFASx-yBVHcAPWlXc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 19:41:32 GMT
content-type: image/x-icon
cache-control: max-age=1800
cf-cache-status: EXPIRED
last-modified: Thu, 09 May 2024 17:03:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcJd4k644KzetUc%2FoVHpDt9dUniyti1ad3uT40d36LgG%2FzQ5AftKVDMXGtC2Ya7McCIcdRLjFB5bVu7gbd1LkqxJ32EJlYY1CvcuPLI2tZ34I38dbvvmW4tSq%2BcUW4YwPxjuEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88142ae5bbfd56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|