Report - cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed

Report Overview

Submitted URL
cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed
IP
172.240.108.76
ASN
#7979 SERVERS-COM
Submitted
2024-05-08 18:06:02
Access
public
Website Title
Redirect
Final URL
glugherg.net/afu.php?zoneid=6662145&var=6662145&rid=XXz4jyvWNyEJSqRKY8d18w%3D%3D&rhd=false&ab2r=0&sf=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cultivatedcauldron.com	unknown	unknown	No data	No data	2.4 kB	4.2 kB	172.240.108.76
nylonnickel.xyz	unknown	2024-01-02	2024-01-02	2024-04-09	876 B	598 B	192.64.81.118
rqqlj.check-tl-ver-154-1.com	unknown	unknown	No data	No data	2.6 kB	29 kB	188.114.96.1
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-08	4.1 kB	94 kB	142.250.74.163
track-eu.trackingtraffo.com	unknown	2021-12-15	2023-08-09	2024-05-04	1.2 kB	0 B	0.0.0.0
rqqlj.canopusacrux.com	unknown	unknown	No data	No data	589 B	1.1 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.1 kB	33 kB	216.58.207.227
lb.check-tl-ver-154-1.com	unknown	unknown	No data	No data	2.0 kB	49 kB	188.114.96.1
gzeao.canopusacrux.com	unknown	2024-03-26	2024-04-14	2024-04-14	600 B	1.1 kB	188.114.96.1
gzeao.check-tl-ver-94-2.com	unknown	unknown	No data	No data	1.3 kB	11 kB	172.67.189.129
glugherg.net	unknown	2022-07-14	2022-07-14	2023-12-24	3.3 kB	38 kB	139.45.197.237
la.check-tl-ver-154-1.com	unknown	unknown	No data	No data	2.7 kB	51 kB	188.114.96.1
wifescamara.click	unknown	2023-07-05	2023-07-06	2024-03-04	875 B	597 B	192.64.81.118
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-08	523 B	678 B	139.45.195.8
cdnstatic.check-tl-ver-154-1.com	unknown	2024-04-15	2024-04-17	2024-04-26	1.3 kB	25 kB	188.114.96.1
www.highcpmgate.com	unknown	2024-04-19	2024-04-23	2024-04-28	521 B	3.0 kB	192.243.61.227
cdnstatic.check-tl-ver-94-2.com	unknown	2024-04-09	2024-04-16	2024-04-26	749 B	6.7 kB	172.67.189.129

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	cultivatedcauldron.com	Sinkholed
2024-05-08	medium	cultivatedcauldron.com	Sinkholed
2024-05-08	medium	highcpmgate.com	Sinkholed
2024-05-08	medium	glugherg.net	Sinkholed
2024-05-08	medium	glugherg.net	Sinkholed
2024-05-08	medium	glugherg.net	Sinkholed
2024-05-08	medium	glugherg.net	Sinkholed
2024-05-08	medium	glugherg.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	glugherg.net/4/6662145	518 B	2024-05-08	2024-05-08
Pretty URL glugherg.net/4/6662145 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 20:06:09 Last Seen2024-05-08 20:06:09 Times Seen1 Hash 190e63f1c2e41dab1adf6a51438fd9df da14343ca90f6e90f98073d753f92cd95b7b82a6 7ffab5cbce370c1cf7a3609311ee668f95e059d2cf2751f0410a31ebe25e6349 Loading...

	glugherg.net/4/6662145	19 kB	2024-05-08	2024-05-08
Pretty URL glugherg.net/4/6662145 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 20:06:09 Last Seen2024-05-08 20:06:09 Times Seen1 Hash d62638ce79022a57a78e80e6e5c53ef9 934950d49ca78f2bee2036221df6dac5add34575 e3ef41cd4515513b771d652bd84ab85d59629850ea0c9dee7d0d47e963a450ac Loading...

	glugherg.net/4/6662145	12 kB	2024-05-08	2024-05-08
Pretty URL glugherg.net/4/6662145 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 20:06:09 Last Seen2024-05-08 20:06:09 Times Seen1 Hash 927a5947225ab4d88cabe0333dcc0f5b 6a92c9f92adfdf3cca025e3fc6351995f1a865b2 854bbcc1d22db653ddeaa62880421ee91af6680a696f84fa17d387a6ccfc0753 Loading...

HTTP Transactions (41)

URL IP Response Size

cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed

172.240.108.76

1.3 kB

URL
cultivatedcauldron.com/cvgfxran?key=33bb04a4f0edc076934b1949b5902fed
IP
172.240.108.76:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (412)
Size
1.3 kB (1349 bytes)
Hash
2dceb3b1ff37e8076b93a2ceb37915bf
6070c0c96741717d874faf0d952f36b089689ffa
18dfbb9694a5ea69df15c40cb76142fa7bfccc759f62323c701877d4423f61c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cvgfxran?key=33bb04a4f0edc076934b1949b5902fed HTTP/1.1
Host: cultivatedcauldron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=23160926; expires=Thu, 09 May 2024 18:05:37 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE2MDkyNiwiayI6IjMzYmIwNGE0ZjBlZGMwNzY5MzRiMTk0OWI1OTAyZmVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzM1NDAzLCJwaWQiOjQwNTkxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiY3ZnZnhyYW4iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.7v8kb8QAuA3u13UgUZWczauGBBbupWq_Sf7OWA_K_88; expires=Wed, 08 May 2024 18:06:37 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9d57cc1c2b6b7f9104e3d02f4cebb1e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false

172.240.127.234

0 B

URL
cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false
IP
172.240.127.234:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2N2Z2Z4cmFuP2tleT0zM2JiMDRhNGYwZWRjMDc2OTM0YjE5NDliNTkwMmZlZCZwc3Q9MTcxNTE5MTU5NyZybXRjPXQmc2h1PTkzMjcxYTUzZGY0MThlNWNkYTIwMGQ3MDdkMDA1NDdlNDBhM2FlNmMyZGVkN2VmZjc2MmE1YmUwMDZmNDg2OWVkMDc0MjQ0NDFiNzY2OGJkOTFmZDE5MDYwM2Q2YzU2ZDM4NzQ5ZTYyYjNhMzZhNGEzMTczMTc4NjU1OGIyMjJmNDIyMGQzNjk3ZThiYzQ1MjQzNDM0MjFmNTQxMWM0NDBiNTE4YTQyZjhlOTRkNTM4MDY4MjkxOTAxOGY2ZWU0NTI3&uuid=&pii=&in=false HTTP/1.1
Host: cultivatedcauldron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cultivatedcauldron.com/api/users?token=L2N2Z2Z4cmFuP2tleT1hOTY5Y2E1YzlhZDI2MTE3NjJmMTFiNzlhNTI2ZTJkMiZzdWJtZXRyaWM9MjMxNjA5MjY
Cookie: u_pl=23160926; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE2MDkyNiwiayI6IjMzYmIwNGE0ZjBlZGMwNzY5MzRiMTk0OWI1OTAyZmVkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzM1NDAzLCJwaWQiOjQwNTkxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoiY3ZnZnhyYW4iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.7v8kb8QAuA3u13UgUZWczauGBBbupWq_Sf7OWA_K_88; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359
Set-Cookie: pdhtkv=true; expires=Thu, 09 May 2024 18:05:38 GMT
uncs=1; expires=Thu, 09 May 2024 18:05:38 GMT
pdhtkv28=true; expires=Thu, 09 May 2024 18:05:38 GMT
uncs28=1; expires=Thu, 09 May 2024 18:05:38 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 026c00a52c4557e7227969f5ecd379fc
Strict-Transport-Security: max-age=0; includeSubdomains

nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359

192.64.81.118

0 B

URL
nylonnickel.xyz/c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=ssh20i85vx88tciu4a4m&SUB_ID_SHORT=39da1af76648298036ae19f04e3c42f1&COST_CPC=&PLACEMENT_ID=23160926&CAMPAIGN_ID=1026545&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2895359 HTTP/1.1
Host: nylonnickel.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cultivatedcauldron.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 08 May 2024 18:05:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=us7vgxa7my; expires=Thu, 09-May-2024 18:05:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=us7vgxa7my-us7vgxa7my-xr46-0-usgm6o-9rib8n-9ribwj-506d68; expires=Thu, 09-May-2024 18:05:39 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926
Strict-Transport-Security: max-age=31536000

rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926

188.114.96.1

0 B

URL
rqqlj.canopusacrux.com/?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=4l9EZwXc2kSH_LKKjogwWA&click_id=443fcus7vgxa7my35b&sub_id=23160926 HTTP/1.1
Host: rqqlj.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cultivatedcauldron.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 18:05:39 GMT
content-length: 0
location: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
set-cookie: 4l9EZwXc2kSH_LKKjogwWA=1; max-age=345600; path=/; samesite=lax
__pl=7e96cb99-1885-49f2-a9fd-df9def17c82c; expires=Fri, 08 May 2026 18:05:39 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfWXxssbPZw8BiJP%2FyXxQTtF9oZ9KbV0d7LkEfDplCsR%2BTSdQ1ji5ivOos99mHZV3yvnkQ%2B16R0IZRKk2LovEMSdYZH2U7Bn%2FFHeZrmqI%2Bs0vdNdAHOhq5cfMGqyzaURMJR%2BXC90wJx8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61103de97128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rqqlj.check-tl-ver-154-1.com/space-robot/assets/corner.png

188.114.96.1

300 B

URL
rqqlj.check-tl-ver-154-1.com/space-robot/assets/corner.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1285
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9ZneeCYmNM6ZIglpAzo54Or7u0dddNT99r7OiXW20fWjrFEoT%2FQ5XL7bwi9tS%2F81YNG9NpfW9iWAJgbWs%2BlzZ9WTBl2K2jo5ogyctLUQCf1l7ymvN%2FoFB56lPbKvC9Or0UkUtNcm6YBWi9i9%2FRA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6112d9f6569d-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rqqlj.check-tl-ver-154-1.com
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:50:52 GMT
expires: Fri, 02 May 2025 01:50:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 576887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rqqlj.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png

188.114.96.1

23 kB

URL
rqqlj.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-5a89"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNG3NcduwEAPxKpw%2B51pEAGiDXhX7FFgUvmWvgNtl1n%2Fx3T82PMOSAfkTDQvxjSO1drWO9xbqHxEHZvyVmtMbRfbes20NIyyxbNk7t%2BP4mYmvFC%2Bwe0x2yG3oafKrnXvMCMU3YDPx8JCHQzQqztY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61147d1b569d-OSL
alt-svc: h3=":443"; ma=86400

rqqlj.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png

188.114.96.1

1.2 kB

URL
rqqlj.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGWBVEHwBPTyPilnbJJIfErPQ8iqtlBm%2F2scIZqq1UHxNVMYEi9sQzgJE4GwONosA1jJnyGHMtGhKYpe%2FQXnvHuzim%2BP203cjPtjq%2Fkrp%2Bhc81MEROdNhgT7jQN1tGrP5U3ajDelm4B3f%2F3gCi%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61147d20569d-OSL
alt-svc: h3=":443"; ma=86400

rqqlj.check-tl-ver-154-1.com/shared-js/assets/static-pl.js?v=2

188.114.96.1

1.7 kB

URL
rqqlj.check-tl-ver-154-1.com/shared-js/assets/static-pl.js?v=2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.7 kB (1685 bytes)
Hash
7224243dd0b18bb2508a1d77d4b2a0b2
bd833c24aa241861316053fd8bd46a1bef3d343f
920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659

HTTP Headers

GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: rqqlj.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oq0kXyWStAHXDwTCj7HGB9DaaqWg%2BXtsCkutQdV3Rb3%2FaEX6tjDUPyGR7PWGxq5UOI6d31npqTUveNoQQLd%2F4tlZ7OKUg%2BmdwXF5ZvK2%2BSYDZfhYEcEo%2FXmwTWj9uWiU2cU9Ra0DJbdGzb9YqURz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6112da00569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.163

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.163

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489755
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

la.check-tl-ver-154-1.com/space-robot/assets/corner.png

188.114.96.1

300 B

URL
la.check-tl-ver-154-1.com/space-robot/assets/corner.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHXQhs6xG1rZ6mdrioyONUXvyccxhnXKxDndjoWADdLQol%2FzYy1y3N9cRynrO5Erb2wpn5XA4O9FEjw%2FJS5TeumqMhspYBhyyq4R8HJJ%2F9nwqUxrFEB%2FHmt6x9GrAGONWcbsy8IaizS0%2FK2U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61160ff1569d-OSL
alt-svc: h3=":443"; ma=86400

la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839

188.114.96.1

24 kB

URL
la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (474)
Size
24 kB (24043 bytes)
Hash
01041709ecf6a3f0b549820730593c03
55775e4279d24a34f601bf8180d9f280b8131e0d
51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51

HTTP Headers

GET /space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2B%2B3P7xSuyYbulN0f7evTPQyrpnGJ4JxSOSj47TCqH%2BgOxQYddcFfwXFgha73aOASReotkfO7aR%2FEq29%2BhvwWwIfMB99yBkh2X2c9LqVs%2FUcGEweuFD3YnDDnG5bTjoU4absK6eBxQVpYpJ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61156ecb569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

la.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png

188.114.96.1

1.2 kB

URL
la.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f1ws%2FDLJLCzIOsZxEWMvlTXTWVl6PTtDtRbKt3sJrynjbreFyemAzPqb2wKssKFTZNZC8R%2BZu0u2%2FZbKo%2FXmDO9irboYArhxKADqUyWyBRJ7QYSdtHn2flw2oMJ9jNu03fN3rLsF7F4xIpx8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611719a9569d-OSL
alt-svc: h3=":443"; ma=86400

la.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png

188.114.96.1

23 kB

URL
la.check-tl-ver-154-1.com/space-robot/assets/apple-touch-icon.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: la.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 23177
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-5a89"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHXcFm%2BDWKl1C96FKffXZiQS8nrhcSh5KsAW2pDZhWfQLSg18OarwAbY0JoiYpdAcjPGlJHZ0ua1Tv%2FIBDeTmzUWrhSTO57jutp7o58GGtqg57xFZxUfwnSg40jKJhJd8Xg4%2FX7lQHM45c6G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611709a2569d-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.163

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnstatic.check-tl-ver-154-1.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea

188.114.96.1

24 kB

URL
cdnstatic.check-tl-ver-154-1.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33287), with no line terminators
Size
24 kB (23589 bytes)
Hash
b8f0a23e62a853b9e4357a64e8f8fc51
9e19b6bc7365db9b2893de7bc3642dcd260bfde1
057b6d5597db020b6fbf674496033003a9c6ead2a0361bbc43b869cd9ede58e1

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-154-1.com&timeout=30&tb=true&nrid=ef13b47c48a54cecbc0f9c6c812bfaea HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Cookie: __psu=73ee7103-05cc-4f42-9a7d-ae0095570915
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcAVfcXOilZgKlOvSug%2BjjWlFvxYfkX2aNQ6950DgaF%2ByADX8%2B%2BCEN4z%2BFk%2B4ruRELDivBymF1bn3OcKPiio0cP0jWn3Z%2BxcE4y%2FOZMpXXgzN6p0ns7yYyJYroXH5Q0iGeUY7WzCsxN%2B3Dks9hYHeSZM3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6116a909569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lb.check-tl-ver-154-1.com/space-robot/assets/corner.png

188.114.96.1

300 B

URL
lb.check-tl-ver-154-1.com/space-robot/assets/corner.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kp8qaQ0cRAYNfDKNLTOpEM%2Fk9cqoN2k3pex6uqh5zCa0bha0y%2BbAvg2QuhrE40E1BYriLCZgDDorg66n2gZ5LsQAJs%2Fn8MS3Z6QCcOdkVSEodnSnpV8XmAzuQnr%2BZuObPyyzr5VeXRg7Mpdb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b61196dfa569d-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lb.check-tl-ver-154-1.com
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:50:52 GMT
expires: Fri, 02 May 2025 01:50:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 576888
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

lb.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png

188.114.96.1

1.2 kB

URL
lb.check-tl-ver-154-1.com/space-robot/assets/favicon-16x16.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LerDPYI8o%2Bz7yX6mZXUfXvvFTPCtFlK2sJiVoug0kFZFWoo4YfiVOFJbBuKINMlSpcf%2Bych2uXKvjJxPAhVy6IFDyq4HSCwLHYREh6zW9ZR%2Bx5ZoJx2C%2FzkGG8%2F9Oyp4HmcZfABFae6cQYsC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b611a6f9a569d-OSL
alt-svc: h3=":443"; ma=86400

lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839

188.114.96.1

45 kB

URL
lb.check-tl-ver-154-1.com/space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (474)
Size
45 kB (45324 bytes)
Hash
01041709ecf6a3f0b549820730593c03
55775e4279d24a34f601bf8180d9f280b8131e0d
51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51

HTTP Headers

GET /space-robot/?pl=4l9EZwXc2kSH_LKKjogwWA&sm=space-robot&click_id=443fcus7vgxa7my35b&sub_id=23160926&nrid=ef13b47c48a54cecbc0f9c6c812bfaea&hash=F6YfQUZANATR2LEhIXIZ2Q&exp=1715191839 HTTP/1.1
Host: lb.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://la.check-tl-ver-154-1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:40 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QT3APYgL8O9FSvlK34ivTncYzUWjM8Zocy90%2BUGfunXzrS7tbP8lQ1ou8gHahsgCAQTUWFqvtVqlODb6f3e1UJSmMgRR5CnvhTZxaIuE18ssiBZqYp81fl2p%2Brj5zeXEkePZNg325elqWPob"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61187c60569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.163

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.163

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lb.check-tl-ver-154-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.highcpmgate.com/g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec

192.243.61.227

1.3 kB

URL
www.highcpmgate.com/g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (410)
Size
1.3 kB (1349 bytes)
Hash
d89066428b4a95bafbbd1132d5610341
2a5f609ed9c612c21fa5349f0be183397b2760bc
bdbc4332d4f550815357432af6055e72118f115ccddee5baf3bcd76ab76dcfe1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /g0rcyaaab7?key=95e6f21cd393f59a1833b1034d8951ec HTTP/1.1
Host: www.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 18:05:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=23070551; expires=Thu, 09 May 2024 18:05:41 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzA3MDU1MSwiayI6Ijk1ZTZmMjFjZDM5M2Y1OWExODMzYjEwMzRkODk1MWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzk1OTI5LCJwaWQiOjE4MjM3NzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6ImcwcmN5YWFhYjciLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.U2ebwFjEv1emnUSOTmNQTe-4rPP39OWIepgfVbZEwNQ; expires=Wed, 08 May 2024 18:06:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3a672cd9f3f9a7ddfd011389bdcc46d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA

188.114.96.1

228 B

URL
cdnstatic.check-tl-ver-154-1.com/ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
228 B (228 bytes)
Hash
dc65a2fbfc4c76147b8b778b759c8d91
b8374137f0fe797e6a7e58c0c6ef14aa7a6b9855
7e85c285fd983223d07a014d1a96804ba1c8f65fb43238a4fad204350e896958

HTTP Headers

GET /ps/config.js?id=4l9EZwXc2kSH_LKKjogwWA HTTP/1.1
Host: cdnstatic.check-tl-ver-154-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rqqlj.check-tl-ver-154-1.com/
Cookie: __psu=73ee7103-05cc-4f42-9a7d-ae0095570915
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:39 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d799SXFonJ5PX9uE5J%2FlRGFN1uNx%2BE0%2FLSrx0seg%2FwxMlMKicSjBXWvGh%2FgHS%2FRiEmBdunp86OW0006ZuUbrD7rQE3%2F2gXNBsY3PmgdnBpJwpX7Mae%2FEGYMicdZOibVBQem0WEhjlYGTHiopchXQ6iJIyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b6113dbda569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296

192.64.81.118

0 B

URL
wifescamara.click/c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=j9bvotykda242i8ilk8f&SUB_ID_SHORT=39d8305f8e8a6fed6c8c6d73a1050199&COST_CPC=&PLACEMENT_ID=23070551&CAMPAIGN_ID=1030445&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=2904296 HTTP/1.1
Host: wifescamara.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 08 May 2024 18:05:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=us7vgxa8hq; expires=Thu, 09-May-2024 18:05:42 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=us7vgxa8hq-us7vgxa8hq-uoxs-0-usa30-9rq5dz-9rq5bl-24050d; expires=Thu, 09-May-2024 18:05:42 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551
Strict-Transport-Security: max-age=31536000

gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551

188.114.96.1

0 B

URL
gzeao.canopusacrux.com/?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=dR1J35fCDkibR45g1XXjgg&click_id=29c30us7vgxa8hq802&sub_id=23070551 HTTP/1.1
Host: gzeao.canopusacrux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 18:05:42 GMT
content-length: 0
location: https://gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842
set-cookie: dR1J35fCDkibR45g1XXjgg=2; max-age=345600; path=/; samesite=lax
__pl=726a0e4b-a433-4f04-9fa7-56af7c02136f; expires=Fri, 08 May 2026 18:05:42 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPcwmw4Bx5EmmQ%2FFcTsVHS1kRronHbXw7fKc8nq1%2B%2FFfMic5SLB8CBgl6Rtkyq9If7vYVOD%2BCCu%2FACA0kpXzq80fTLXD8J4CMAKoPiKHpUZqFaXZLgIIYuUlyyJODwOvSfkJ8UHBQPxp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61273882b52d-OSL
alt-svc: h3=":443"; ma=86400

gzeao.check-tl-ver-94-2.com/favicon.ico

172.67.189.129

0 B

URL
gzeao.check-tl-ver-94-2.com/favicon.ico
IP
172.67.189.129:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gzeao.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 08 May 2024 18:05:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6278
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6JdaS5H3n0%2Fx9AhkwAfJiPVgw%2Bz6GR5dVq29cdqudVHM%2FjP1LYeQP71K9bZTuQ3WX6PGFVmT58dyK%2Bw98a0U%2F%2Bf483HjexWT9EwT5ki0Mqxy%2FmP8R9Q6W2WfGl2NDrX9aJbO6%2B3XFn2oZlnhwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b612aaa69568e-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.163

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576526
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.163

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gzeao.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Early-Data: accepted

gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842

172.67.189.129

9.5 kB

URL
gzeao.check-tl-ver-94-2.com/allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842
IP
172.67.189.129:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (10169)
Size
9.5 kB (9508 bytes)
Hash
80f93dbb557a8864dc665d0ce557af58
963f36ccd9c2e63967ea3a66d051a8b4b7e08ab6
ee4d53ba73ffa074d944eae12df6386888e842ce4ca82d0ca6d6779256257f3b

HTTP Headers

GET /allow-button/?pl=dR1J35fCDkibR45g1XXjgg&sm=allow-button&click_id=29c30us7vgxa8hq802&sub_id=23070551&nrid=695ed4299d6445a2859b7f18c5e45627&hash=3UzkIlvTRXE53TomEn8vYA&exp=1715191842 HTTP/1.1
Host: gzeao.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmgate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:05:43 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMW7jyqPV%2FQxk%2FWkoSokR3NOd4zC81oXaPpLBiRTvxki0EW8GEx0PBe2QutgjBv2MTrqd8C234kPKgKNu7VEsv8AbjbW%2BFFFp0qhqghnN2r1Q69KpWW9%2BwQmJpk4eT5FM%2FVaXVeNlRcv8vKTmnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b61280f8356bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.163

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:57 GMT
expires: Fri, 02 May 2025 01:56:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 576527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.163

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:03:05 GMT
expires: Sat, 03 May 2025 02:03:05 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

glugherg.net/sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM=

139.45.197.237

200 OK

2 B

URL POST HTTP/2
glugherg.net/sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM=
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://glugherg.net/4/6662145
Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf&branchId=0&rb=tqLIl9COhYZSD58TSlgK1quF0r2xGew5uXxbKaX0Y1tm1OCI8i4DLm-JwviEFORxH0sKHnEtPr3YhqL3MJZ2gq47OgrRNAD9KQvqv5jgIEHbrRhFqEXiSdmT8fBHYC2lEMBcmS0YNYC01rP87atVOQGVBK9Xi_U1j4naehPERVNFi88cqLnVmKRkVMkZPVIqUZBOuDaiOGhlcsoFPexbDtaGrA3L9gDYulbfqmR_hMM= HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/plain
content-length: 2
x-trace-id: e3fc6b96e4837041872d9c8dc4bd6284
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://glugherg.net/4/6662145
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=008056e6262d4b98e72d049861615987&z=6662145&p_rid=2f1ab75a-8982-40e3-99e3-e3ef841903d3&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

glugherg.net/favicon.ico

139.45.197.237

204 No Content

0 B

URL GET HTTP/2
glugherg.net/favicon.ico
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://glugherg.net/4/6662145
Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

glugherg.net/?z=6662145&syncedCookie=true&rhd=false

139.45.197.237

0 B

URL User Request POST
glugherg.net/?z=6662145&syncedCookie=true&rhd=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=6662145&syncedCookie=true&rhd=false HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 520
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/afu.php?zoneid=6662145&var=6662145&rid=XXz4jyvWNyEJSqRKY8d18w%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 18:05:45 GMT
content-length: 0
location: https://track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH
x-trace-id: 5e016e1e56fdb0f72974bc2eb9f2c3c3
link: <https://track-eu.trackingtraffo.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://glugherg.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:45 GMT; path=/; secure; SameSite=None
oaidts=1715191544; expires=Thu, 08 May 2025 18:05:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 18:05:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cdnstatic.check-tl-ver-94-2.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2

172.67.189.129

6.0 kB

URL
cdnstatic.check-tl-ver-94-2.com/ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2
IP
172.67.189.129:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
6.0 kB (6035 bytes)
Hash
f6dcca680a4d5fe1e3c9a5e8035b5c90
9362a4e50a3aaa0115daae01b4d28778c9bca070
5dd762ac2af693c86641ae5dc26c78566329fc590b7ca72dc34ed53151feafe3

HTTP Headers

GET /ps/tb?id=dR1J35fCDkibR45g1XXjgg&sm=allow-button&sub_id=23070551&click_id=29c30us7vgxa8hq802&nrid=0615313468ddc724bef6211122b26ae4&reason=tb_exit&attempt=2 HTTP/1.1
Host: cdnstatic.check-tl-ver-94-2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ta.check-tl-ver-94-2.com/
Cookie: __psu=a3a1ca24-6606-4148-b74c-b1ca566bd7dc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/html
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bY%2BtilEQUWQWj6DHNUx7y7NRYWa%2BQ%2BVDwfZGZuhb4MSY6PytPANpg04TOTsZNLE9hIpaBUh3mvtoA5oG0mRpbTs98EYfvTwS1QmYMc7viml6VStMfYezfsknNHEMTUsFOuayh8xOgxVEYYZxEmnB39ZE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b612f59cb568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

glugherg.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3

0.0.0.0

0 B

URL POST
glugherg.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3
IP
0.0.0.0:0
ASN
#0

Requested by
https://glugherg.net/4/6662145
Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2f1ab75a-8982-40e3-99e3-e3ef841903d3 HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1381
Origin: https://glugherg.net
DNT: 1
Connection: keep-alive
Referer: https://glugherg.net/4/6662145
Cookie: OAID=008056e6262d4b98e72d049861615987; oaidts=1715191544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH

0.0.0.0

0 B

URL User Request GET
track-eu.trackingtraffo.com/pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pop/imp?auth=3z7uj5&c=C1-uvFwmzVoIuVPVguQStXKZ1vgg7VH1wZ-vk1hSpLDGGtHdkHlZDV5N2Svl8WIFeaa_K-eVqevJScl7OEpmLtId-Kife6Udyv4EZTas1sNTsoP41lqM1nj7VzVmCVkKUYptR0YzlUU98FLpueUnXoZCtzgC-zCUtrSUSRz5JGz4YhrA7b-NRsFBs8dJUnRGecA3CkoJm-VE7LhJYJsKOAomYTlmz3_O2TCUtLa329RWat-L385HVPO6YJa8kYjd01dDomY5Jks1o9sYJ9xHSgKyrunKvt_3OXk-l8gfiyG_l6BpztThYdUUo0DYoHyDlD-NvEWAa6Y3AsE7cX36rnfePpqrId3VIvwTh0cIAWo1H7ghnLU5ZD7HTz42ndFU83wSc4Dp43AS6D03im3svI7rScj3EK_utz0CPbaT7XuBpN6GoBKsTx7KQ4FtD36mn_gCfy64uoTlxK80NzMNWTomwTxO7uhohWPSLN2OEwMM9oaHD_sDFuty7YbvzCZU-4h4ezFhplLgE-O2Ke0of7xsGGrHhpJnkeUUM28FA_B_ODYwBHW8dvPn78kLy2DEC6v51cSPra91kGoty5EX5pbUoqw8LeBJBE0ojsagoN8kz6GRoEC7dlodl8Szy89JFLKpDnknBHLC5PIg8EFwgHOjLG8Fj-ZKpH8JJxlwRNKNsdCH HTTP/1.1
Host: track-eu.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

glugherg.net/4/6662145

139.45.197.237

200 OK

34 kB

URL User Request GET HTTP/2
glugherg.net/4/6662145
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectglugherg.net
Fingerprint32:41:21:37:65:99:C2:A0:C3:78:74:04:E3:8D:18:A9:B6:60:97:57
ValiditySun, 14 Apr 2024 05:10:47 GMT - Sat, 13 Jul 2024 05:10:46 GMT

File type
HTML document, ASCII text, with very long lines (18247)
Size
34 kB (33769 bytes)
Hash
a00ffe0b0d72818f347f7fe3ff5e2b2d
a6611d073e72d6b5a66778afec3b5f9565badecf
4f7c44bd7d13b78c397d3e8d8c12627c138d2f43b88cc08cb4e10252812674db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/6662145 HTTP/1.1
Host: glugherg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:05:44 GMT
content-type: text/html; charset=utf8
x-trace-id: 7c31316891e9d4385a533079c3b9ed3d
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056e6262d4b98e72d049861615987; expires=Thu, 08 May 2025 18:05:44 GMT; path=/; secure; SameSite=None
oaidts=1715191544; expires=Thu, 08 May 2025 18:05:44 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP