GET toonitalia.xyz/wp-content/themes/twentytwenty/assets/fonts/inter/Inter-upright-var.woff2
200 OK 224 kB URL GET HTTPS
toonitalia.xyz/wp-content/themes/twentytwenty/assets/fonts/inter/Inter-upright-var.woff2
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 223892, version 1.0
First Seen 2023-04-19
Last Seen 2025-08-02
Times Seen 766
Size 224 kB (223892 bytes)
MD5 2f136faf2d0ef6368898d1a515ab707c
SHA1 81dbe45ccd7fae3a0a298c5c166b4317c985f538
SHA256 e03c2df7ef439d2708bbc168a21c0a00da63e5664d286120c994c39644addd03
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/themes/twentytwenty/assets/fonts/inter/Inter-upright-var.woff2 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/wp-content/themes/twentytwenty/assets/css/font-inter.css?ver=2.9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: font/woff2
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0zlU0CvIWgpwEqT6zBgttc%2FqsdsKuG%2By5yFaYUnr0IjEaVmlyHoDHxVb1%2BN4ohiEFnmfq4seul7fd4u1K%2FccXj%2F%2BtqTPylDVS0P4wPolFucWkCPdoGSofekLlMemlOayw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: EXPIRED
last-modified: Tue, 15 Apr 2025 19:19:33 GMT
etag: W/"36a94-632d60c7a3edf-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 9685de09294f0b61-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3264&min_rtt=645&rtt_var=2203&sent=104&recv=160&lost=0&retrans=0&sent_bytes=11743&recv_bytes=9451&delivery_rate=586654&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=00802a8f80661eb4&ts=1078&inflight_dur=66&x=40"
GET everydayplacidity.com/e2/be/45/e2be4504dce870fcc41510596c5c0ce0.js
200 OK 106 kB URL GET HTTPS
everydayplacidity.com/e2/be/45/e2be4504dce870fcc41510596c5c0ce0.js
IP / ASN
172.240.108.76
#7979 SERVERS-COM
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 106 kB (106150 bytes)
MD5 f52a7f7932caa9ccec0fd4588165ff04
SHA1 246ec3c91ce91711ccf360bc53a3c244bec42981
SHA256 992a840527cf00a034103951aca98e7e2526cfc4311778601a3871690f8a8b73
Certificate Info
Issuer Let's Encrypt
Subject everydayplacidity.com
Fingerprint 89:33:58:AC:21:FB:97:F3:28:D5:1E:E4:DF:3A:A9:04:CF:CD:88:FB
Validity Sat, 14 Jun 2025 21:10:17 GMT - Fri, 12 Sep 2025 21:10:16 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Envoy (Reverse proxies) Envoy is an open-source edge and service proxy, designed for cloud-native applications.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /e2/be/45/e2be4504dce870fcc41510596c5c0ce0.js HTTP/1.1
Host: everydayplacidity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:24 GMT
Content-Type: application/javascript
Content-Length: 32776
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 5
Host: everydayplacidity.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 49c44956df74887c03b4477e90f23f45
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET sswalesmentb.com/d0gybHpYd1EfRzoyViEpGit5LhQlcWoLKyctelkcNhlgXRwxfBQYExN1A15KQ3kFWFwHIVZRS1E7Rg0OAjsPXVweJlQDR1E+D11URHwcX0xZfhQZR0ZuRhwbEHUDSgoDPF5RS0B9BlxPQXAKWEhCew
204 No Content 0 B URL GET HTTPS
sswalesmentb.com/d0gybHpYd1EfRzoyViEpGit5LhQlcWoLKyctelkcNhlgXRwxfBQYExN1A15KQ3kFWFwHIVZRS1E7Rg0OAjsPXVweJlQDR1E+D11URHwcX0xZfhQZR0ZuRhwbEHUDSgoDPF5RS0B9BlxPQXAKWEhCew
IP / ASN
104.21.89.126
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject sswalesmentb.com
Fingerprint A3:10:8A:AE:11:0E:C7:FF:9F:73:4E:8B:C8:BE:AD:10:F1:AA:13:61
Validity Wed, 11 Jun 2025 06:25:26 GMT - Tue, 09 Sep 2025 07:23:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /d0gybHpYd1EfRzoyViEpGit5LhQlcWoLKyctelkcNhlgXRwxfBQYExN1A15KQ3kFWFwHIVZRS1E7Rg0OAjsPXVweJlQDR1E+D11URHwcX0xZfhQZR0ZuRhwbEHUDSgoDPF5RS0B9BlxPQXAKWEhCew HTTP/1.1
Host: sswalesmentb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Fri, 01 Aug 2025 14:01:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zsGFpXlLfzGM3HqmHJokeqDbrHqlLgzDJWjMAW0aYiuN2h%2BJ%2FyHKPPPaBUy2jlRWxy94PzjSdJNsqRG%2BTFjR76UJu3YfbvLRYAPsSGZg"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9685de06dbdb569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET acscdn.com/script/inpagepush.js
200 OK 87 kB URL GET HTTPS
acscdn.com/script/inpagepush.js
IP / ASN
104.18.16.201
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (33238), with NEL line terminators
First Seen 2025-07-24
Last Seen 2025-08-03
Times Seen 91
Size 87 kB (87200 bytes)
MD5 582bd6a9e9985cf50cbf60ad0aab3688
SHA1 408290a637e4f9cce4d6a8de7b2bf3e0b3152693
SHA256 2838a9af35acd33ba55adf377b12cfa11db7c570ba67854e0011fcf17f16e554
Certificate Info
Issuer Google Trust Services
Subject acscdn.com
Fingerprint 63:1A:7B:92:DA:D9:63:40:A3:A0:9C:C9:93:7F:79:CD:2E:FB:74:83
Validity Fri, 11 Jul 2025 17:47:20 GMT - Thu, 09 Oct 2025 18:47:00 GMT
Technology Fingerprints
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
Google Cloud Storage (Miscellaneous) Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.
GET /script/inpagepush.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/javascript
x-guploader-uploadid: ABgVH889wnds427Ipv_W9EqHs9TrCY6Kh4tOXNBIrmTJPZN6s3Jot7nhGGTUU91O4H8OCCI
x-goog-generation: 1753341170549318
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 87200
x-goog-hash: crc32c=o5u9kw==, md5=WCvWqemYXPUMv2CtCqs2iA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Fri, 01 Aug 2025 15:01:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 24 Jul 2025 07:12:50 GMT
etag: W/"582bd6a9e9985cf50cbf60ad0aab3688"
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 946
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 9685de0abae2b505-OSL
content-encoding: gzip
server-timing: cfExtPri
GET toonitalia.xyz/wp-content/uploads/2024/03/Calendar-Men-150x150.jpg
200 OK 10 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2024/03/Calendar-Men-150x150.jpg
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 150x150, components 3
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 10 kB (10407 bytes)
MD5 d3f3bb7d2108cae5eb52a07b43a63762
SHA1 3683e4f91a12aa4243b4cfa3146a6f083bf45df3
SHA256 c212bf6bf346ff8368d084df3a444829ce7b58f5d7011924a16264883cd932e4
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2024/03/Calendar-Men-150x150.jpg HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/jpeg
content-length: 10407
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rivQj1Zb%2F2iLhY8Wy0NrRLNvGqxMdVd0RFzTAaOHp0mtJqvfOJNJVZzHhl%2BBaWv1a5%2FMyA3U1NP%2BMEE9%2FkVWSZ5YSHmYHWZwjtHMiyv%2BmiELzbSWXCOTEebljV9GLk9%2BmA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: MISS
last-modified: Fri, 08 Mar 2024 21:17:16 GMT
etag: "28a7-6132cb75e9e59"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0ae9550b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1167&min_rtt=0&rtt_var=721&sent=297&recv=214&lost=0&retrans=1&sent_bytes=270037&recv_bytes=13189&delivery_rate=7260306&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=28122&unsent_bytes=0&cid=00802a8f80661eb4&ts=1358&inflight_dur=174&x=40"
GET toonitalia.xyz/wp-content/uploads/2023/08/sfondo2.jpg
200 OK 511 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2023/08/sfondo2.jpg
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 1080x1920, components 3
First Seen 2024-06-06
Last Seen 2025-08-01
Times Seen 5
Size 511 kB (511203 bytes)
MD5 43f290c61bc5d19b689d2459a4fc138f
SHA1 2b60d14c48576ed7d01f79b541f9bcd2796f0b10
SHA256 88f29a8cd354a52153dd530a405d17b46cbd238300fcee4a3b953337a2182a26
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2023/08/sfondo2.jpg HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/jpeg
content-length: 511203
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2EInl7Bc4PJuJaHcKtyzX4EYmFo5Ly3OIPF6MEwdFafczKvBw1lP1g2fsG17yV00VTR8vBMWnz4aJc0Jt%2BtFuZG%2Feh5Kt73y5HylXrXRe0FEBAGrUaEbcc6%2BiAE0o7T4dA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: MISS
last-modified: Thu, 17 Aug 2023 22:44:44 GMT
etag: "7cce3-603262893dfbe"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0ae9560b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1167&min_rtt=0&rtt_var=721&sent=297&recv=214&lost=0&retrans=1&sent_bytes=270037&recv_bytes=13189&delivery_rate=7260306&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=28122&unsent_bytes=0&cid=00802a8f80661eb4&ts=1357&inflight_dur=174&x=40"
GET c.adsco.re/#0.22014830636967608
200 OK 78 kB URL GET HTTPS
c.adsco.re/#0.22014830636967608
IP / ASN
104.17.166.186
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (689)
First Seen 2025-06-14
Last Seen 2025-08-04
Times Seen 2381
Size 78 kB (78356 bytes)
MD5 0baa53ba8a5ba5ee6833a629c3000d4e
SHA1 d5de057adc1eaa7888ca975199cf0a116b923aa0
SHA256 0679a036a8577f9592e070f780d06c6bb427a8f15f58008bdeaae2277ce607b4
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:27 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Mon, 01 Sep 2025 14:01:27 GMT
etag: W/"C6pTuopbpe5oM6YpwwANTg=="
cf-cache-status: HIT
age: 35606
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 9685de1c7d3e5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 69f0630890.fff3cd7d36.com/cd9d9598c2ba367a9801e37d02430bc5.js
200 OK 119 kB URL GET HTTPS
69f0630890.fff3cd7d36.com/cd9d9598c2ba367a9801e37d02430bc5.js
IP / ASN
45.133.44.52
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-07-31
Last Seen 2025-08-03
Times Seen 69
Size 119 kB (119368 bytes)
MD5 6d50fbd03274e51d60a333ebff397574
SHA1 eb86cd884fbfce539eae6220715b8acdc5016ba5
SHA256 ed26a7bd5d2f49d85ad1d5b3c27014427fa8c887ba5124e7ea45adc13f6fe7fd
Certificate Info
Issuer Let's Encrypt
Subject 69f0630890.fff3cd7d36.com
Fingerprint 80:7B:98:A8:F3:8D:4C:1A:8D:4C:62:FE:9F:16:46:3C:58:BE:9F:87
Validity Tue, 29 Jul 2025 02:15:00 GMT - Mon, 27 Oct 2025 02:14:59 GMT
Technology Fingerprints
Nginx:1.18.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /cd9d9598c2ba367a9801e37d02430bc5.js HTTP/1.1
Host: 69f0630890.fff3cd7d36.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:28 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 31 Jul 2025 16:39:58 GMT
etag: W/"688b9c5e-1d248"
content-encoding: gzip
expires: Fri, 01 Aug 2025 14:06:28 GMT
cache-control: max-age=300
x-cdn-host-id: ds8138
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET acscdn.com/script/aclib.js
200 OK 147 kB URL GET HTTPS
acscdn.com/script/aclib.js
IP / ASN
104.18.16.201
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65499), with no line terminators
First Seen 2025-07-24
Last Seen 2025-08-04
Times Seen 346
Size 147 kB (146956 bytes)
MD5 07af0b1a8e4bd1ec621f1ae4e3d3225a
SHA1 525071c1029ccfd93dfcaae42ec65344b463db47
SHA256 6fe3071e6050fb2764c5952b573c8b6bb194485070afb82a138afaa26a94674c
Certificate Info
Issuer Google Trust Services
Subject acscdn.com
Fingerprint 63:1A:7B:92:DA:D9:63:40:A3:A0:9C:C9:93:7F:79:CD:2E:FB:74:83
Validity Fri, 11 Jul 2025 17:47:20 GMT - Thu, 09 Oct 2025 18:47:00 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
Google Cloud Storage (Miscellaneous) Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
GET /script/aclib.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/javascript
x-guploader-uploadid: ABgVH88r75r228meV6Y0nNq1jnc8ueWV-yYmYwrbw4yscjC7g0oMUf0WpBjt8L_s6SHt0bqYI3p73po
x-goog-generation: 1753341003901755
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 146956
x-goog-hash: crc32c=hLpVoQ==, md5=B68LGo5L0exiHxrk49MiWg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Fri, 01 Aug 2025 15:01:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 24 Jul 2025 07:10:03 GMT
etag: W/"07af0b1a8e4bd1ec621f1ae4e3d3225a"
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2844
vary: Accept-Encoding
server: cloudflare
cf-ray: 9685de0518e10b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/themes/twentytwenty/print.css?ver=2.9
200 OK 2.7 kB URL GET HTTPS
toonitalia.xyz/wp-content/themes/twentytwenty/print.css?ver=2.9
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text
First Seen 2024-07-23
Last Seen 2025-08-02
Times Seen 119
Size 2.7 kB (2699 bytes)
MD5 96fcf2df63b61be32541d1f3a39a3a60
SHA1 b5ab4b60dfc1bce05979bf0f7e5e3fca0ba5553b
SHA256 4b6fce2852f5d45d45562c5ce8f33939058a7b26389005c561d82037691f122e
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/themes/twentytwenty/print.css?ver=2.9 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 1006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=crq8BomIj9RctYe1ZCgRhGYxXP1PFW9V%2FEl%2FNZWSnw6SOVcSRIuJHQvM2Mf0U6UT1%2FA2htMmEap%2BEwm3OuEC5s3t1gZgm5U2FrtfIX02dtaF8ZPteIpgVqA%2F7c%2BPvUb5KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: EXPIRED
last-modified: Tue, 15 Apr 2025 19:19:34 GMT
etag: "a8b-632d60c7a7d5f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-ray: 9685de0669470b61-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2805&min_rtt=645&rtt_var=1712&sent=101&recv=158&lost=0&retrans=0&sent_bytes=9957&recv_bytes=9004&delivery_rate=586654&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=00802a8f80661eb4&ts=640&inflight_dur=58&x=40"
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNBq5WzSu7UkPV3nVRA018KZwfrs1uFuRABBLHV8IAwNj47lm-AyHL4SBpmDGGkys8uPu2a&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S708340886%3A1754056887031986
403 Forbidden 0 B URL GET HTTPS
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNBq5WzSu7UkPV3nVRA018KZwfrs1uFuRABBLHV8IAwNj47lm-AyHL4SBpmDGGkys8uPu2a&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S708340886%3A1754056887031986
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNBq5WzSu7UkPV3nVRA018KZwfrs1uFuRABBLHV8IAwNj47lm-AyHL4SBpmDGGkys8uPu2a&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S708340886%3A1754056887031986 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:27 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-qHAoymRbkynd3LZQKOs_ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.9JMNQUCSlVs.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET storage.multstorage.com/log/count.html
200 OK 882 B URL GET HTTPS
storage.multstorage.com/log/count.html
IP / ASN
172.67.174.51
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type HTML document, ASCII text, with very long lines (700)
First Seen 2023-09-18
Last Seen 2025-08-03
Times Seen 10105
Size 882 B (882 bytes)
MD5 b728ca9cd183d1b7c3f72116b19b22a3
SHA1 c1fd73f6b02cf00b8bc60b09cc99495e8494b739
SHA256 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
Certificate Info
Issuer Google Trust Services
Subject multstorage.com
Fingerprint 59:ED:1A:AB:95:92:38:D9:66:74:41:E4:8C:B2:05:19:44:EA:2C:F0
Validity Wed, 02 Jul 2025 05:46:27 GMT - Tue, 30 Sep 2025 06:45:00 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:28 GMT
content-type: text/html
server: cloudflare
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DWtuee1kp6xAAcEirGlaPXYF%2BfQgVAJF1XqbP6WRwbFCVZjS%2BMmQ6TCCeDtVFmNoEE2RjdPTQoJMap%2F0vNpVML4OG5MWPpnoOyLvYfWb6fXzAFHh%2Bw%3D%3D"}]}
vary: Accept-Encoding
x-request-id: 2bb96479a8e83ac0b8547ce7f4164fcd
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9685de207b2456ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
200 OK 28 kB URL GET HTTPS
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
IP / ASN
142.250.178.106
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (1572)
First Seen 2025-06-02
Last Seen 2025-08-03
Times Seen 430
Size 28 kB (27925 bytes)
MD5 8ce20b90f602eca81760f51e82ec3323
SHA1 4e3bcb53083c31091d592bad676a2f9745c9db25
SHA256 14f74125fcc00d0afabf2d2db11f273fccb72581fbbb0986895e12e06c3a831f
Certificate Info
Issuer Google Trust Services
Subject upload.video.google.com
Fingerprint DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC
Validity Mon, 07 Jul 2025 08:35:11 GMT - Mon, 29 Sep 2025 08:35:10 GMT
GET /css2?family=Roboto:wght@100;300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Aug 2025 14:01:29 GMT
date: Fri, 01 Aug 2025 14:01:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET HTTPS
fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP / ASN
142.250.74.35
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
First Seen 2025-01-08
Last Seen 2025-08-04
Times Seen 98966
Size 40 kB (40128 bytes)
MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD
Validity Mon, 07 Jul 2025 08:35:11 GMT - Mon, 29 Sep 2025 08:35:10 GMT
GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 31 Jul 2025 10:09:08 GMT
expires: Fri, 31 Jul 2026 10:09:08 GMT
cache-control: public, max-age=31536000
age: 100342
last-modified: Thu, 29 May 2025 23:30:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET preferencenail.com/sfp.js
200 OK 85 kB URL GET HTTPS
preferencenail.com/sfp.js
IP / ASN
185.196.197.71
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
First Seen 2025-07-08
Last Seen 2025-08-04
Times Seen 2273
Size 85 kB (85386 bytes)
MD5 46a6fef91632b94d14252fe324c1585f
SHA1 387cebbd261b8fe947fe9805875300f2ceeb5cfd
SHA256 36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5
Certificate Info
Issuer Let's Encrypt
Subject preferencenail.com
Fingerprint F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3
Validity Tue, 01 Jul 2025 15:11:38 GMT - Mon, 29 Sep 2025 15:11:37 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sfp.js HTTP/1.1
Host: preferencenail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:25 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28254
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: preferencenail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 0414a679cd073a6e7f78af97e17d744b
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET 6.adsco.re/
200 OK 45 B IP / ASN
104.17.167.186
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with no line terminators
First Seen 2023-04-05
Last Seen 2025-08-04
Times Seen 15611
Size 45 B (45 bytes)
MD5 5b41cb22f84f645a103acc7bfbf084ff
SHA1 bac3967b26d5ec4a0d09a580714e8219796816bd
SHA256 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:27 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
cf-ray: 9685de18d8e05693-OSL
access-control-allow-origin: https://toonitalia.xyz
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET df721ea323.0d22ca5caa.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDMxMzE0NDcwMDI0ODA1MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE0NS4wIiwidGFnX2lkIjoyNDY1NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42MSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
200 OK 0 B URL GET HTTPS
df721ea323.0d22ca5caa.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDMxMzE0NDcwMDI0ODA1MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE0NS4wIiwidGFnX2lkIjoyNDY1NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42MSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP / ASN
45.133.44.52
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject df721ea323.0d22ca5caa.com
Fingerprint C0:15:B9:0D:8F:AA:9B:17:3F:A1:3D:DF:DA:A4:F0:4E:BD:29:A9:C6
Validity Tue, 29 Jul 2025 02:47:53 GMT - Mon, 27 Oct 2025 02:47:52 GMT
Technology Fingerprints
Nginx:1.18.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDMxMzE0NDcwMDI0ODA1MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE0NS4wIiwidGFnX2lkIjoyNDY1NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42MSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: df721ea323.0d22ca5caa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:28 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
x-cdn-host-id: ah1742
X-Firefox-Spdy: h2
GET intelligenceadx.com/zgikhlvwzcghbx?IOEjHwao=BQOCAAAAAAAACZUAAqHaCs3wPAEOKbzGgT6HgjyNzirRk9tGs7XBURuVJv0vxOnzKXDWPCAwCQoCOxqn5-LMgRNOmKrbfLIAjM89uijzu4RURCtAfcFGhQ96c930Sw7Xw4nJ7u5rj3H_3cXhEZ_1fYfjKOEmmMoS_R3UKxpUn8IbcfGE4R9-Wv09SyfuRa8IxNznmD2SvDOEIHYgg3_rAg24hr-ab8xUKnsNKbSxA1ds1KdBtVprOOSNAaW9RMh5T1kYVfHGoLTS3RuMGTnIEbnwvH_IpZyfVpwmnViGy-0-Mq37IOplz33mQYeK0OPnuHqih-g1SwOxBTk1Tye3HG5yQGFQQ3JNXAR_dLyEui5mrDwDofvagQNtT7Xx8ToM-KN90a9nkVBywpcawb0qcP0rU9349R8NhZpRjNwDZqJ-lstlBTOmDtIKk0c7AMFlYJXGlvLq6_1TroeIz14xMlSYwaBLrV4MKOge1Dmfuj3hnn_Lpr4FfEjgBI6hJLMiVi0p0l9MeT3PMyp_4eEI39wsM9bkS49-m_EnHYPN1YYhHUcnnh0EVKpO2b7B8gNeGFf0MbUVLCzuvvEiawMLe5WsaxAmKNAWraT7L--Q7bOdKx_w9cYPSmuBAmrVzipjwKU-b7FKK_mzpfoc8FLvgsR1EVa3S8u1L6o8AV__QPLU14pu3Hjj0o16cCF1cy39Kf09D3EqDU9jzw5yMGtvWibReFFTXkc2k5cKnxfJUt5qLhCxwlfUI_dt9UHLrGROR_gcEQDgcdQByabymk9DXZWkwR_FOeS-Ms01CDv6GHy_-EseauNcu1gP7_Z2I_h2v8vh1DZBIfjZTwK14kYxTRdAfQkabciPqkLeiO5NugfAVlbMH2-zM4VctdRK1ajy6YyqBV1e31DwmSgryVa2XtMofFiXa_BIG0bEqkX0viQs0BZBVqVUuWV6m2YWRFzHlVeU85QAOsf-P8HbM8Y_bttQ9NCFN7CO9Wbc5XSiHjyvLSCS7iM-ZB-QwVzaIBD5ugrDGSG-jRzekWu4DTS33arGfgYOpMoRlYcKaxirD3Q14FzliLfevEU7GUrrFSbSstCVbq6ONhWfZgwaKrWH4GZ7P_pek43tLLu7goVnvYKMx3ancgFgeCKjfhmTjM7OkWiFzmxZvcQx4CkIZoxSbqcClVYlG4siL0_teSeGDwgVj-xrjnSAVHRCgg9V&jzYtOwTX=4&ZlaqmgCQ=4971392&YgunEvBU=&kZQXLmNY=0,0&wvPjUaGL=&TBQgAlsm=&lBLoktNV=1280,1024,1,1280,1024,0
200 OK 44 B URL GET HTTPS
intelligenceadx.com/zgikhlvwzcghbx?IOEjHwao=BQOCAAAAAAAACZUAAqHaCs3wPAEOKbzGgT6HgjyNzirRk9tGs7XBURuVJv0vxOnzKXDWPCAwCQoCOxqn5-LMgRNOmKrbfLIAjM89uijzu4RURCtAfcFGhQ96c930Sw7Xw4nJ7u5rj3H_3cXhEZ_1fYfjKOEmmMoS_R3UKxpUn8IbcfGE4R9-Wv09SyfuRa8IxNznmD2SvDOEIHYgg3_rAg24hr-ab8xUKnsNKbSxA1ds1KdBtVprOOSNAaW9RMh5T1kYVfHGoLTS3RuMGTnIEbnwvH_IpZyfVpwmnViGy-0-Mq37IOplz33mQYeK0OPnuHqih-g1SwOxBTk1Tye3HG5yQGFQQ3JNXAR_dLyEui5mrDwDofvagQNtT7Xx8ToM-KN90a9nkVBywpcawb0qcP0rU9349R8NhZpRjNwDZqJ-lstlBTOmDtIKk0c7AMFlYJXGlvLq6_1TroeIz14xMlSYwaBLrV4MKOge1Dmfuj3hnn_Lpr4FfEjgBI6hJLMiVi0p0l9MeT3PMyp_4eEI39wsM9bkS49-m_EnHYPN1YYhHUcnnh0EVKpO2b7B8gNeGFf0MbUVLCzuvvEiawMLe5WsaxAmKNAWraT7L--Q7bOdKx_w9cYPSmuBAmrVzipjwKU-b7FKK_mzpfoc8FLvgsR1EVa3S8u1L6o8AV__QPLU14pu3Hjj0o16cCF1cy39Kf09D3EqDU9jzw5yMGtvWibReFFTXkc2k5cKnxfJUt5qLhCxwlfUI_dt9UHLrGROR_gcEQDgcdQByabymk9DXZWkwR_FOeS-Ms01CDv6GHy_-EseauNcu1gP7_Z2I_h2v8vh1DZBIfjZTwK14kYxTRdAfQkabciPqkLeiO5NugfAVlbMH2-zM4VctdRK1ajy6YyqBV1e31DwmSgryVa2XtMofFiXa_BIG0bEqkX0viQs0BZBVqVUuWV6m2YWRFzHlVeU85QAOsf-P8HbM8Y_bttQ9NCFN7CO9Wbc5XSiHjyvLSCS7iM-ZB-QwVzaIBD5ugrDGSG-jRzekWu4DTS33arGfgYOpMoRlYcKaxirD3Q14FzliLfevEU7GUrrFSbSstCVbq6ONhWfZgwaKrWH4GZ7P_pek43tLLu7goVnvYKMx3ancgFgeCKjfhmTjM7OkWiFzmxZvcQx4CkIZoxSbqcClVYlG4siL0_teSeGDwgVj-xrjnSAVHRCgg9V&jzYtOwTX=4&ZlaqmgCQ=4971392&YgunEvBU=&kZQXLmNY=0,0&wvPjUaGL=&TBQgAlsm=&lBLoktNV=1280,1024,1,1280,1024,0
IP / ASN
208.95.114.100
#53334 TUT-AS
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with no line terminators
First Seen 2023-03-07
Last Seen 2025-08-03
Times Seen 12109
Size 44 B (44 bytes)
MD5 d5f0a25e4d3522d56d48ce7bc3e518fb
SHA1 86794caff58f7fee6e684c2ba7195f970a8d6f4c
SHA256 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
Certificate Info
Issuer Sectigo Limited
Subject intelligenceadx.com
Fingerprint BB:72:94:6A:70:D1:57:77:77:94:C0:B2:5D:D9:4B:21:50:01:A9:EA
Validity Fri, 04 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT
GET /zgikhlvwzcghbx?IOEjHwao=BQOCAAAAAAAACZUAAqHaCs3wPAEOKbzGgT6HgjyNzirRk9tGs7XBURuVJv0vxOnzKXDWPCAwCQoCOxqn5-LMgRNOmKrbfLIAjM89uijzu4RURCtAfcFGhQ96c930Sw7Xw4nJ7u5rj3H_3cXhEZ_1fYfjKOEmmMoS_R3UKxpUn8IbcfGE4R9-Wv09SyfuRa8IxNznmD2SvDOEIHYgg3_rAg24hr-ab8xUKnsNKbSxA1ds1KdBtVprOOSNAaW9RMh5T1kYVfHGoLTS3RuMGTnIEbnwvH_IpZyfVpwmnViGy-0-Mq37IOplz33mQYeK0OPnuHqih-g1SwOxBTk1Tye3HG5yQGFQQ3JNXAR_dLyEui5mrDwDofvagQNtT7Xx8ToM-KN90a9nkVBywpcawb0qcP0rU9349R8NhZpRjNwDZqJ-lstlBTOmDtIKk0c7AMFlYJXGlvLq6_1TroeIz14xMlSYwaBLrV4MKOge1Dmfuj3hnn_Lpr4FfEjgBI6hJLMiVi0p0l9MeT3PMyp_4eEI39wsM9bkS49-m_EnHYPN1YYhHUcnnh0EVKpO2b7B8gNeGFf0MbUVLCzuvvEiawMLe5WsaxAmKNAWraT7L--Q7bOdKx_w9cYPSmuBAmrVzipjwKU-b7FKK_mzpfoc8FLvgsR1EVa3S8u1L6o8AV__QPLU14pu3Hjj0o16cCF1cy39Kf09D3EqDU9jzw5yMGtvWibReFFTXkc2k5cKnxfJUt5qLhCxwlfUI_dt9UHLrGROR_gcEQDgcdQByabymk9DXZWkwR_FOeS-Ms01CDv6GHy_-EseauNcu1gP7_Z2I_h2v8vh1DZBIfjZTwK14kYxTRdAfQkabciPqkLeiO5NugfAVlbMH2-zM4VctdRK1ajy6YyqBV1e31DwmSgryVa2XtMofFiXa_BIG0bEqkX0viQs0BZBVqVUuWV6m2YWRFzHlVeU85QAOsf-P8HbM8Y_bttQ9NCFN7CO9Wbc5XSiHjyvLSCS7iM-ZB-QwVzaIBD5ugrDGSG-jRzekWu4DTS33arGfgYOpMoRlYcKaxirD3Q14FzliLfevEU7GUrrFSbSstCVbq6ONhWfZgwaKrWH4GZ7P_pek43tLLu7goVnvYKMx3ancgFgeCKjfhmTjM7OkWiFzmxZvcQx4CkIZoxSbqcClVYlG4siL0_teSeGDwgVj-xrjnSAVHRCgg9V&jzYtOwTX=4&ZlaqmgCQ=4971392&YgunEvBU=&kZQXLmNY=0,0&wvPjUaGL=&TBQgAlsm=&lBLoktNV=1280,1024,1,1280,1024,0 HTTP/1.1
Host: intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
popads-node: wb9
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Fri, 01 Aug 2025 14:01:28 GMT
X-Firefox-Spdy: h2
GET praystakeinstinct.com/impr.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vdaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55DA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W3dl0rRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNma_GJxu9WTLd14IobvqvNN4U6bZeCf3A9wM_aKxLIzLdWzlkIYsHSdBM_GYcNoNWjJ75L7alB0s98O4BOQ7JJ_9_kr0LmY6Rd746K-y208Wr5zqlok4bdPne9Xw711WOzqLNjIcs35vfhrYTQj5dgs735hNAd0ezCcDkhCydeAyW781lgnXvPVPKFEQOxv-HqjuGUGNIOkaqb0HyXwmQcly8hLxz_6I2Fd15xtIZOyFHn_4JWU3I0cfPIe88PKNkr3FVq9JJnVv0shqyN4bcHKMo9-H6S5DVPlL3EST_haw8vYC8M7pklYbk05fWWrTVYqK9HAVhuBzTtL2ciDhYpixhIRV-xNqtQ4tkNga1Syith1J6KDMPZeGhw6eN2G_HaUCj1Szh6Zof0zjmgvlJO_R9mqRrKNOZ9gFcMUCqBkjNTRTmJrbl3Qkhf_8FU34Pu1XDcg_WEXR5jUoQVJagogSVJKgcQdWt73FlQ1vf58qWLJjXcF6jeqjd5i69p92myAmoGcDweiSLD-wtpO7IsJ9ZPtSzRJn7Zv3c6WvXr5y7uhxGa8mGE9ZthBvBkDI-0sVGsFsckGMz173P7ryObTFtBBGLk4TzjLbDkCX-asDWEhZmLG6HSZiswsoa0i6BWg99OSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBt2r084dO61w6qiRt9nb64LpG4Y7C7Xi76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwqW4Pr-iKjK7oypKvLxVOdmSfzrbiqqNOHPniLbFTacPPn7WDz0-nM2LWPrgmrLtAcy7zTUu-PCM5F2Zdm1SQ787bG4JdLu3WmdLkZXHh8hvr5zuFEdZKnY9B5YR4fxikckKO_zQ93Pho-T1IM4Ypa3TKR2QeSIubsMVCu9UERi14VnioynpoQrY4VJJAiQWmrIb9F2aLfmjo7DWV9a69jU3jgbpbyDs1uqZGV9WgagBbHhm6wjw69dtcBlPekCnjjZgy6u4zi62cNrJIhKnvt9dWg6idiSCKeZq12nHCV6kfRQLOTrbu_PztPwEAAP__QLnmU88EAAA=
200 OK 0 B URL GET HTTPS
praystakeinstinct.com/impr.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vdaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55DA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W3dl0rRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNma_GJxu9WTLd14IobvqvNN4U6bZeCf3A9wM_aKxLIzLdWzlkIYsHSdBM_GYcNoNWjJ75L7alB0s98O4BOQ7JJ_9_kr0LmY6Rd746K-y208Wr5zqlok4bdPne9Xw711WOzqLNjIcs35vfhrYTQj5dgs735hNAd0ezCcDkhCydeAyW781lgnXvPVPKFEQOxv-HqjuGUGNIOkaqb0HyXwmQcly8hLxz_6I2Fd15xtIZOyFHn_4JWU3I0cfPIe88PKNkr3FVq9JJnVv0shqyN4bcHKMo9-H6S5DVPlL3EST_haw8vYC8M7pklYbk05fWWrTVYqK9HAVhuBzTtL2ciDhYpixhIRV-xNqtQ4tkNga1Syith1J6KDMPZeGhw6eN2G_HaUCj1Szh6Zof0zjmgvlJO_R9mqRrKNOZ9gFcMUCqBkjNTRTmJrbl3Qkhf_8FU34Pu1XDcg_WEXR5jUoQVJagogSVJKgcQdWt73FlQ1vf58qWLJjXcF6jeqjd5i69p92myAmoGcDweiSLD-wtpO7IsJ9ZPtSzRJn7Zv3c6WvXr5y7uhxGa8mGE9ZthBvBkDI-0sVGsFsckGMz173P7ryObTFtBBGLk4TzjLbDkCX-asDWEhZmLG6HSZiswsoa0i6BWg99OSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBt2r084dO61w6qiRt9nb64LpG4Y7C7Xi76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwqW4Pr-iKjK7oypKvLxVOdmSfzrbiqqNOHPniLbFTacPPn7WDz0-nM2LWPrgmrLtAcy7zTUu-PCM5F2Zdm1SQ787bG4JdLu3WmdLkZXHh8hvr5zuFEdZKnY9B5YR4fxikckKO_zQ93Pho-T1IM4Ypa3TKR2QeSIubsMVCu9UERi14VnioynpoQrY4VJJAiQWmrIb9F2aLfmjo7DWV9a69jU3jgbpbyDs1uqZGV9WgagBbHhm6wjw69dtcBlPekCnjjZgy6u4zi62cNrJIhKnvt9dWg6idiSCKeZq12nHCV6kfRQLOTrbu_PztPwEAAP__QLnmU88EAAA=
IP / ASN
172.240.108.68
#7979 SERVERS-COM
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject praystakeinstinct.com
Fingerprint 08:B9:39:D3:1C:E2:4B:34:21:BC:02:6F:17:3E:89:73:97:AC:E1:C9
Validity Sat, 28 Jun 2025 22:08:16 GMT - Fri, 26 Sep 2025 22:08:15 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Envoy (Reverse proxies) Envoy is an open-source edge and service proxy, designed for cloud-native applications.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vdaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55DA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W3dl0rRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNma_GJxu9WTLd14IobvqvNN4U6bZeCf3A9wM_aKxLIzLdWzlkIYsHSdBM_GYcNoNWjJ75L7alB0s98O4BOQ7JJ_9_kr0LmY6Rd746K-y208Wr5zqlok4bdPne9Xw711WOzqLNjIcs35vfhrYTQj5dgs735hNAd0ezCcDkhCydeAyW781lgnXvPVPKFEQOxv-HqjuGUGNIOkaqb0HyXwmQcly8hLxz_6I2Fd15xtIZOyFHn_4JWU3I0cfPIe88PKNkr3FVq9JJnVv0shqyN4bcHKMo9-H6S5DVPlL3EST_haw8vYC8M7pklYbk05fWWrTVYqK9HAVhuBzTtL2ciDhYpixhIRV-xNqtQ4tkNga1Syith1J6KDMPZeGhw6eN2G_HaUCj1Szh6Zof0zjmgvlJO_R9mqRrKNOZ9gFcMUCqBkjNTRTmJrbl3Qkhf_8FU34Pu1XDcg_WEXR5jUoQVJagogSVJKgcQdWt73FlQ1vf58qWLJjXcF6jeqjd5i69p92myAmoGcDweiSLD-wtpO7IsJ9ZPtSzRJn7Zv3c6WvXr5y7uhxGa8mGE9ZthBvBkDI-0sVGsFsckGMz173P7ryObTFtBBGLk4TzjLbDkCX-asDWEhZmLG6HSZiswsoa0i6BWg99OSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBt2r084dO61w6qiRt9nb64LpG4Y7C7Xi76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwqW4Pr-iKjK7oypKvLxVOdmSfzrbiqqNOHPniLbFTacPPn7WDz0-nM2LWPrgmrLtAcy7zTUu-PCM5F2Zdm1SQ787bG4JdLu3WmdLkZXHh8hvr5zuFEdZKnY9B5YR4fxikckKO_zQ93Pho-T1IM4Ypa3TKR2QeSIubsMVCu9UERi14VnioynpoQrY4VJJAiQWmrIb9F2aLfmjo7DWV9a69jU3jgbpbyDs1uqZGV9WgagBbHhm6wjw69dtcBlPekCnjjZgy6u4zi62cNrJIhKnvt9dWg6idiSCKeZq12nHCV6kfRQLOTrbu_PztPwEAAP__QLnmU88EAAA= HTTP/1.1
Host: praystakeinstinct.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Cookie: uid_id2=75a55be8-3122-4ac8-9e41-ab9b2ae03b85:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971197=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:30 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: iprc_l+18b00c1800c4c78bf513fb86a867f60e=5929864; expires=Mon, 25 Aug 2025 14:01:30 GMT; path=/; secure; SameSite=None
iprc_l:5929864=3; expires=Mon, 25 Aug 2025 14:01:30 GMT; path=/; secure; SameSite=None
x-envoy-upstream-service-time: 13
Host: praystakeinstinct.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 29d8de612c95a389550d3447dbbde503
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.popcash.net/show.js
200 OK 111 kB URL GET HTTPS
cdn.popcash.net/show.js
IP / ASN
194.242.11.186
#34989 ServeTheWorld AS
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65387)
First Seen 2025-07-08
Last Seen 2025-08-03
Times Seen 36
Size 111 kB (110984 bytes)
MD5 da3204e8f404fb09aa5390b5a70b5001
SHA1 5ca75d8640b28a49e9e617f6db6c7ce28d456850
SHA256 a7970dadc60cc4eb82b7de197096cd93d24f92e140168acbb847eca6f7a47f74
Certificate Info
Issuer Let's Encrypt
Subject cdn.popcash.net
Fingerprint F5:06:2F:1B:5B:06:8F:C8:55:7E:F7:54:AA:68:86:A3:19:6F:CF:21
Validity Fri, 27 Jun 2025 11:18:25 GMT - Thu, 25 Sep 2025 11:18:24 GMT
Technology Fingerprints
Amazon Web Services (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.
Bunny (CDN) N/A
GET /show.js HTTP/1.1
Host: cdn.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 1818418
cdn-uid: 81f0ee8a-6b19-463e-a8be-46c199377685
cdn-requestcountrycode: NO
vary: Accept-Encoding
cache-control: public, max-age=2592000
content-encoding: br
etag: "da3204e8f404fb09aa5390b5a70b5001"
last-modified: Mon, 07 Jul 2025 13:30:11 GMT
x-amz-id-2: 5Jap3OETNy0FZSeugp6pGDBz7cZqGsuXiI2rTJOpnNXhNYIwB2NTIxWxC9BzqSqDxWO7o+vNJvwAhopw98J9BAAd6H4jNQ1yrMbT84yZzRo=
x-amz-request-id: 401H0P2YTTNDK90E
x-amz-server-side-encryption: AES256
cdn-proxyver: 1.33
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/28/2025 13:50:40
cdn-edgestorageid: 830
cdn-requestid: 479bc826e8b9f92d02b6866670cab690
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 0
X-Firefox-Spdy: h2
GET adexchangeclear.com/script/suurl5.php?r=8489070&atag=1&cbur=0.8289477401496633&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=Benvenuto%20su%20Toonitalia&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref=&cbdescription=Toonitalia.xyz%20%C3%A8%20l%27unico%20sito%20ufficiale%2C%20il%20dominio%20.green%20%C3%A8%20un%20FAKE%2C%20sfrutta%20il%20nostro%20nome%20per%20ingannarvi!%20Fate%20Attenzione!!!&cbkeywords=&cbcdn=acscdn.com&ts=1754056884764&atv=63.0&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=923eaa74e116324ad20965e311125624&aggr=3&czid=5o1v8jdbc&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0
200 OK 1.3 kB URL GET HTTPS
adexchangeclear.com/script/suurl5.php?r=8489070&atag=1&cbur=0.8289477401496633&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=Benvenuto%20su%20Toonitalia&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref=&cbdescription=Toonitalia.xyz%20%C3%A8%20l%27unico%20sito%20ufficiale%2C%20il%20dominio%20.green%20%C3%A8%20un%20FAKE%2C%20sfrutta%20il%20nostro%20nome%20per%20ingannarvi!%20Fate%20Attenzione!!!&cbkeywords=&cbcdn=acscdn.com&ts=1754056884764&atv=63.0&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=923eaa74e116324ad20965e311125624&aggr=3&czid=5o1v8jdbc&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0
IP / ASN
104.21.78.155
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 1.3 kB (1313 bytes)
MD5 bb5b5174b10e048a366ad7e95d8f26c2
SHA1 f7336f4daeb1e9adecea2b6bfc06b06ad0e4aceb
SHA256 f48f317a188f7093ce48c307a44271a23fd482b0787d033ffb1eb87788c6b0c2
Certificate Info
Issuer Google Trust Services
Subject adexchangeclear.com
Fingerprint 33:F7:89:37:41:BF:FA:59:BF:98:36:E9:5A:74:20:54:A0:1D:C0:76
Validity Thu, 12 Jun 2025 11:57:50 GMT - Wed, 10 Sep 2025 12:56:28 GMT
Technology Fingerprints
Google Cloud CDN (CDN) Cloud CDN uses Google's global edge network to serve content closer to users.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /script/suurl5.php?r=8489070&atag=1&cbur=0.8289477401496633&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=Benvenuto%20su%20Toonitalia&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref=&cbdescription=Toonitalia.xyz%20%C3%A8%20l%27unico%20sito%20ufficiale%2C%20il%20dominio%20.green%20%C3%A8%20un%20FAKE%2C%20sfrutta%20il%20nostro%20nome%20per%20ingannarvi!%20Fate%20Attenzione!!!&cbkeywords=&cbcdn=acscdn.com&ts=1754056884764&atv=63.0&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&srs=923eaa74e116324ad20965e311125624&aggr=3&czid=5o1v8jdbc&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cap=0 HTTP/1.1
Host: adexchangeclear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: application/json; charset=utf-8
server: cloudflare
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=B%2B33vTBr%2F2BoDH3OC4keptG%2FYa0JBTr2MKLb3GCjLqzP5CKlUxkN96IBj8wAiScBey%2FtET%2FyL9i8aCRILw7EIWiLdxfpTksI26geIN%2BntwmX"}]}
cf-ray: 9685de0ac8b5569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/uploads/2024/04/Calimero-150x150.jpg
200 OK 9.9 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2024/04/Calimero-150x150.jpg
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 150x150, components 3
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 9.9 kB (9871 bytes)
MD5 e154fee89e6792e6f1b74cc2281b39cf
SHA1 c95d7106a9df7beebf008e9d276078f2163b5001
SHA256 7e47e7abc02389f029227403ecd13c86d87835dd6213b1cf13750620435d8736
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2024/04/Calimero-150x150.jpg HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/jpeg
content-length: 9871
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fbLHD4r%2BOUKF9fY%2F9MV2TcH0tK2Pfo038gBpZd8evcPq6kTFPD4N7SWDIWg%2BSNq0OBveAhPMPmGXdjL%2FWnk7XQNaOXbouI5QtuWL5YjNtUtrd1t2pKtB88ovZ7MjDQMZzg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: MISS
last-modified: Thu, 04 Apr 2024 19:07:11 GMT
etag: "268f-6154a0be35da1"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0ae9540b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1167&min_rtt=0&rtt_var=721&sent=276&recv=214&lost=0&retrans=1&sent_bytes=241915&recv_bytes=13189&delivery_rate=7260306&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=28122&unsent_bytes=0&cid=00802a8f80661eb4&ts=1350&inflight_dur=171&x=40"
GET toonitalia.xyz/wp-content/uploads/2023/08/Detective-Conan-150x150.png
200 OK 48 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2023/08/Detective-Conan-150x150.png
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 48 kB (47785 bytes)
MD5 2cee85e28ab00dfcd617fcd07abb555e
SHA1 7e46b720eb364e1be9023838cd76fbd193bcb93f
SHA256 c28d25f96e1e9b8d9de7284f75d40f359b464a727140a92e603fcfa12a9622cd
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2023/08/Detective-Conan-150x150.png HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/png
content-length: 47785
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ejy7KbTx3%2B8XBTiEEW3kns53Wknu7%2FkhEPem7qjzE7qR5KwvaiPsvcTWxB7QoWYMsDWB45NOzp09abBx8reJw8Bdsy3nObwdZ5Xg6nDCmOQh4Bwu52Kbwqc%2BqIJXlnGVBw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
last-modified: Mon, 21 Aug 2023 17:02:21 GMT
etag: "baa9-60371d77e0cd2"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0ae9570b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1167&min_rtt=0&rtt_var=721&sent=284&recv=214&lost=0&retrans=1&sent_bytes=252662&recv_bytes=13189&delivery_rate=7260306&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=28122&unsent_bytes=0&cid=00802a8f80661eb4&ts=1351&inflight_dur=171&x=40"
GET dcba.popcash.net/znWaa3gu
204 No Content 0 B URL GET HTTPS
dcba.popcash.net/znWaa3gu
IP / ASN
44.213.19.201
#14618 AMAZON-AES
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer GlobalSign nv-sa
Subject *.popcash.net
Fingerprint 03:27:7B:09:DE:F3:E3:0C:3E:59:D3:6A:54:EB:F4:02:EA:20:BC:A7
Validity Thu, 11 Jul 2024 15:13:45 GMT - Tue, 12 Aug 2025 15:13:44 GMT
GET /znWaa3gu HTTP/1.1
Host: dcba.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Fri, 01 Aug 2025 14:01:25 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/uploads/2023/08/cropped-Majintoon-32x32.jpg
200 OK 1.0 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2023/08/cropped-Majintoon-32x32.jpg
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 32x32, components 3
First Seen 2024-06-06
Last Seen 2025-08-01
Times Seen 5
Size 1.0 kB (1030 bytes)
MD5 a4fdae092ee0fce3abceb09dfb2555e4
SHA1 5c38b19a39eddb5f77181d4492e8ccca6f6ae9f0
SHA256 95969d2bb58c723b37edeb27ca21198b15d6c4bd18a6a679aba0fc623dd6038d
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2023/08/cropped-Majintoon-32x32.jpg HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=75a55be8-3122-4ac8-9e41-ab9b2ae03b85; pp_main_e2be4504dce870fcc41510596c5c0ce0=1; bVerison=75a55be8-3122-4ac8-9e41-ab9b2ae03b85
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/jpeg
content-length: 1030
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FzmXsh9c%2BhJSbmhqMQukCi%2Bbo8LPeNXZYOeHaSM%2FYebi1Kmq9ya%2FsJ3WDCDR787LVCQ046BIEgDw30Aho9CWIZgswWRTjSait4ghwcCYSE%2FWeWmFYTy2lVOr7YZXq7SpHw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: MISS
last-modified: Thu, 17 Aug 2023 21:40:43 GMT
etag: "406-60325439b62e4"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0fa96c0b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=880&min_rtt=0&rtt_var=444&sent=1870&recv=456&lost=0&retrans=2&sent_bytes=2397358&recv_bytes=26730&delivery_rate=29093553&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=30017&unsent_bytes=0&cid=00802a8f80661eb4&ts=2110&inflight_dur=424&x=40"
GET d1pk6uu6wqrpce.cloudfront.net/fQnJIZm8hHSYAUDYbLFtecEJ8V1h2VDgUCiRPPAkALBs8BwMrE2YeFjhUIhUALAJ1DQ4qETIRORo4Ei0BZAYyAlJyVCQHASVPbgMBIU95QA4mEHVWSTYCJw1SMQswFx8tHzERG2QHKVsCLQghCgMjV3ogWmxCbVRfagUhCAstBTtDXXIcPENdckN4SF9nQQ-pDXXIFIQhZdld7JEpwQjBQW2dBCkNdcgA+Q1wDQ3tSQXJbbVRfJRcrDQBnQA5UX3NCeFdfc1d6VgkrAC0AADpXeiBecUZmVkk3T3lfXnNCf1BadEN8XltwSng
200 OK 736 B URL GET HTTPS
d1pk6uu6wqrpce.cloudfront.net/fQnJIZm8hHSYAUDYbLFtecEJ8V1h2VDgUCiRPPAkALBs8BwMrE2YeFjhUIhUALAJ1DQ4qETIRORo4Ei0BZAYyAlJyVCQHASVPbgMBIU95QA4mEHVWSTYCJw1SMQswFx8tHzERG2QHKVsCLQghCgMjV3ogWmxCbVRfagUhCAstBTtDXXIcPENdckN4SF9nQQ-pDXXIFIQhZdld7JEpwQjBQW2dBCkNdcgA+Q1wDQ3tSQXJbbVRfJRcrDQBnQA5UX3NCeFdfc1d6VgkrAC0AADpXeiBecUZmVkk3T3lfXnNCf1BadEN8XltwSng
IP / ASN
18.165.142.47
#16509 AMAZON-02
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (736), with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 736 B (736 bytes)
MD5 4a80be6ba678715de2095ab8543bf79c
SHA1 3508cc866149c6e04f69c985df523e8b6283bf5d
SHA256 ce6ab6dfb7fdb924916a035ebd43699da90db64ec6f356c30419fe4f7b9cb97d
Certificate Info
Issuer Amazon
Subject *.cloudfront.net
Fingerprint 8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72
Validity Mon, 05 May 2025 00:00:00 GMT - Thu, 23 Apr 2026 23:59:59 GMT
Technology Fingerprints
Amazon CloudFront (CDN) Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.
Amazon Web Services (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.
GET /fQnJIZm8hHSYAUDYbLFtecEJ8V1h2VDgUCiRPPAkALBs8BwMrE2YeFjhUIhUALAJ1DQ4qETIRORo4Ei0BZAYyAlJyVCQHASVPbgMBIU95QA4mEHVWSTYCJw1SMQswFx8tHzERG2QHKVsCLQghCgMjV3ogWmxCbVRfagUhCAstBTtDXXIcPENdckN4SF9nQQ-pDXXIFIQhZdld7JEpwQjBQW2dBCkNdcgA+Q1wDQ3tSQXJbbVRfJRcrDQBnQA5UX3NCeFdfc1d6VgkrAC0AADpXeiBecUZmVkk3T3lfXnNCf1BadEN8XltwSng HTTP/1.1
Host: d1pk6uu6wqrpce.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 541
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
date: Fri, 01 Aug 2025 14:01:25 GMT
x-cache: Miss from cloudfront
via: 1.1 8a7b11c8a73c9363e6dd587e2c39686e.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: KWqQCDZI93Czj-BOl4UlQyg7R5TN498tQMM1XAC7Rlc6HmqeDyCWtA==
X-Firefox-Spdy: h2
POST iy6nmegcrggt.l4.adsco.re/
200 OK 0 B URL POST HTTPS
iy6nmegcrggt.l4.adsco.re/
IP / ASN
185.200.118.62
#9009 M247 Europe SRL
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject *.l4.adsco.re
Fingerprint 89:17:D6:F2:7A:24:C5:33:57:EE:DE:EE:8A:24:F2:17:17:F4:D3:82
Validity Fri, 18 Jul 2025 09:55:04 GMT - Thu, 16 Oct 2025 09:55:03 GMT
POST / HTTP/1.1
Host: iy6nmegcrggt.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:27 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css
200 OK 79 kB URL GET HTTPS
cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text
First Seen 2024-01-20
Last Seen 2025-08-03
Times Seen 4125
Size 79 kB (78689 bytes)
MD5 3d4123dbfb33d27a5cfdfcfa91df6783
SHA1 e7d0eeeec54b848f0bc3da8685fa3bc88429d660
SHA256 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/ssp/interstitial/bottom_banner/1/css/animate.css HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: W/"65aa8501-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OMR8OUHW29fZK%2Bab9VATc7pstgQjVBsuo3A9TQde9vzYo0j%2Bv5Xe5YZ2kHMITpdXnm%2BevDrSl3AN6SMV0oiwAffYSJodlS6FCoM%2BuvpTfnkMIw%3D%3D"}]}
cf-ray: 9685de26aa5d7130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/themes/twentytwenty/assets/js/index.js?ver=2.9
200 OK 28 kB URL GET HTTPS
toonitalia.xyz/wp-content/themes/twentytwenty/assets/js/index.js?ver=2.9
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text
First Seen 2025-04-18
Last Seen 2025-08-02
Times Seen 64
Size 28 kB (27908 bytes)
MD5 72bfb507aa935bb9ea66bdecd24ce6c6
SHA1 4305ac5162d4cb7a38998bc8dfdab29864aa8bcc
SHA256 b70740dc871cb331dda551c0129f78e377e52b5fb72c92dc499b2df4bcaced0f
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/themes/twentytwenty/assets/js/index.js?ver=2.9 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: application/javascript
content-length: 7384
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 15 Apr 2025 19:19:33 GMT
etag: "6d04-632d60c7a4e7f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=a8KYStOPGpaNZ0%2F9WJKBqg2qLmRZlVyU9TxKdwaXIcqOgOYPjqJUCx17wgWYz3GN%2FY5cabhbiYGPLkSEStuQdKzb%2Fyyavc2DCxlyzw%3D%3D"}]}
cf-ray: 9685de04f8b50b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ukankingwithea.com/
200 OK 27 B URL GET HTTPS
ukankingwithea.com/
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 27 B (27 bytes)
MD5 dbda575c1cd7064ccb03022cb1665a3e
SHA1 6b2e7138aad9e74bf4c6c8a2ce6de0c4f149e07c
SHA256 af363396f331ae3fa3c7aeaf2341eea39c5616f49579eba960e7aa888f6fc192
Certificate Info
Issuer Google Trust Services
Subject ukankingwithea.com
Fingerprint BC:D9:DE:23:19:C0:7C:2B:35:05:12:80:A3:22:F2:D2:D2:6F:1F:B3
Validity Fri, 27 Jun 2025 13:58:09 GMT - Thu, 25 Sep 2025 14:56:56 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/plain
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-origin: https://toonitalia.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IcJ5PSz8sCISsTOTjRAu3dZedcgkQNim95Ew4FRmuibjiaPNkI5PfCkOq2wzGl5avRqdFDlGesKrQEy5AcUc04LLQOiDfFJNtcN0Pl7grco%3D"}]}
content-encoding: br
set-cookie: csu=1911076561484280@1@1754056884; SameSite=None; Secure; Max-Age=31104000
cf-ray: 9685de06fd8eb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET professionaltrafficmonitor.com/stats
200 OK 40 B URL GET HTTPS
professionaltrafficmonitor.com/stats
IP / ASN
18.198.92.123
#16509 AMAZON-02
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 40 B (40 bytes)
MD5 8421873c2c35e516448e4825794a31c0
SHA1 c25f4eca01b14473756c88fdcfd7fb6a60ea6125
SHA256 38cb6b4fd43b9fbcc9339aa3a509d7fbb312b0f169c0bda7711c78093e48ffb2
Certificate Info
Issuer Amazon
Subject protrafficinspector.com
Fingerprint 5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
Validity Tue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT
GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://toonitalia.xyz
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b0b4701b-034c-4ff7-81a2-ce1b46c1e223:2:1; expires=Mon, 30 Jul 2035 14:01:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiOy02rR4GnaKtzmJpaaruNUncijYZ2b4WdQJGtg23Qb0ugwtH3Wm_SCknlbLdHKzt6j8axn3Q
302 Found 0 B URL GET HTTPS
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiOy02rR4GnaKtzmJpaaruNUncijYZ2b4WdQJGtg23Qb0ugwtH3Wm_SCknlbLdHKzt6j8axn3Q
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
Technology Fingerprints
OpenGSE (Web servers) OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.
Java (Programming languages) Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiOy02rR4GnaKtzmJpaaruNUncijYZ2b4WdQJGtg23Qb0ugwtH3Wm_SCknlbLdHKzt6j8axn3Q HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:gSH4bC1W0wEYBw7cEyNC3TEuOzQhZg:pHWBOoa9GDAnfT1Q;Path=/;Expires=Sun, 01-Aug-2027 14:01:27 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:27 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNBq5WzSu7UkPV3nVRA018KZwfrs1uFuRABBLHV8IAwNj47lm-AyHL4SBpmDGGkys8uPu2a&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S708340886%3A1754056887031986
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-R9r2ZAXNHJg1tn3EaA7UYQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 415
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST iy6nmegcrggt.s4.adsco.re/
200 OK 0 B URL POST HTTPS
iy6nmegcrggt.s4.adsco.re/
IP / ASN
185.200.116.60
#9009 M247 Europe SRL
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject *.s4.adsco.re
Fingerprint 83:C7:27:CC:F1:15:7A:E0:86:E4:6A:42:8E:8B:4B:D6:F0:81:BE:78
Validity Fri, 18 Jul 2025 09:54:45 GMT - Thu, 16 Oct 2025 09:54:44 GMT
POST / HTTP/1.1
Host: iy6nmegcrggt.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:28 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
GET praystakeinstinct.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTPS
praystakeinstinct.com/pixel/sbs?c=1
IP / ASN
172.240.253.132
#7979 SERVERS-COM
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject praystakeinstinct.com
Fingerprint 08:B9:39:D3:1C:E2:4B:34:21:BC:02:6F:17:3E:89:73:97:AC:E1:C9
Validity Sat, 28 Jun 2025 22:08:16 GMT - Fri, 26 Sep 2025 22:08:15 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: praystakeinstinct.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Cookie: uid_id2=75a55be8-3122-4ac8-9e41-ab9b2ae03b85:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971197=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:30 GMT
Content-Length: 0
Connection: keep-alive
Host: praystakeinstinct.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET adexchangeclear.com/script/i.php?t=1&c=23992846&stamat=m%257C%252C%252Cg3Y_4iNitGU3Bv_GH0dEdHP3xP.54c%252CJW0E6F4Xdae-WrhTxnlEb2v8Ta86BkVzzi_1AtnK1-K4yeZQUDXOZ-fnia-zKAssX5Bvd0_tYAohQI1jdKSY_CLeGPlOFhHSp6oEll5peV0SQd7md19rU1J-OJglKd7sXLDXZDbNEswrGbck1wqEp4r3MAa6XUrPJe7ap7kjuEJA1fPkCKQJsdRQ4nQXL5PUsrwf2lZc1Z0tZcx8geBnUQ2i-v299kiw1cp5OLOKxsr-xOdPGmjBx604fXbb-OoPCJ5wbvBwpk2wJ1hhIik-FhjJsxqqQXeBDs_uBSer2L11pkGlbuhEJQdAMsOps9cRz45tBjBqR-YI8mxtwNRVWjCWZ8D9gYIgPJG1HaMkn2Y0TxlAd83Qg6XmyjqbpM_ckU5zP1chmXjSUbp1YSxT-Tt12zAokLKX5Q0Uh1fHzjhcZH3BpUdSicLBrmuozOGYFrS0jrWhUNhwr3VGofg_S5c-vHJDayiNkwU2vZhk3bE1negnzv0Vw-GCN9HEH14KDAi_x7YXlGj2Uzg0SfQAnkyvcZ6j97punJDAylS3RohdA_l_01Gfg211DJzISpl8dh7BvyHM__WrwfjoESaCI3hhe7uW1JOu20q6p-NEcXmF_g62xYjg5yUQRu5zTwOuJ53cW-_p7g6VYL0_8ZM_RtHlpZPpfWjCWd0ONwykd48har96uC-4UjziDQCGwOUuUISlcFDwoXaTe2KlcgbNoeaEisgIJpe0W00tisNmGkaU48R15mdTlYU0yLAadkLV&utsid=923eaa74e116324ad20965e311125624&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref=
204 No Content 0 B URL GET HTTPS
adexchangeclear.com/script/i.php?t=1&c=23992846&stamat=m%257C%252C%252Cg3Y_4iNitGU3Bv_GH0dEdHP3xP.54c%252CJW0E6F4Xdae-WrhTxnlEb2v8Ta86BkVzzi_1AtnK1-K4yeZQUDXOZ-fnia-zKAssX5Bvd0_tYAohQI1jdKSY_CLeGPlOFhHSp6oEll5peV0SQd7md19rU1J-OJglKd7sXLDXZDbNEswrGbck1wqEp4r3MAa6XUrPJe7ap7kjuEJA1fPkCKQJsdRQ4nQXL5PUsrwf2lZc1Z0tZcx8geBnUQ2i-v299kiw1cp5OLOKxsr-xOdPGmjBx604fXbb-OoPCJ5wbvBwpk2wJ1hhIik-FhjJsxqqQXeBDs_uBSer2L11pkGlbuhEJQdAMsOps9cRz45tBjBqR-YI8mxtwNRVWjCWZ8D9gYIgPJG1HaMkn2Y0TxlAd83Qg6XmyjqbpM_ckU5zP1chmXjSUbp1YSxT-Tt12zAokLKX5Q0Uh1fHzjhcZH3BpUdSicLBrmuozOGYFrS0jrWhUNhwr3VGofg_S5c-vHJDayiNkwU2vZhk3bE1negnzv0Vw-GCN9HEH14KDAi_x7YXlGj2Uzg0SfQAnkyvcZ6j97punJDAylS3RohdA_l_01Gfg211DJzISpl8dh7BvyHM__WrwfjoESaCI3hhe7uW1JOu20q6p-NEcXmF_g62xYjg5yUQRu5zTwOuJ53cW-_p7g6VYL0_8ZM_RtHlpZPpfWjCWd0ONwykd48har96uC-4UjziDQCGwOUuUISlcFDwoXaTe2KlcgbNoeaEisgIJpe0W00tisNmGkaU48R15mdTlYU0yLAadkLV&utsid=923eaa74e116324ad20965e311125624&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref=
IP / ASN
104.21.78.155
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject adexchangeclear.com
Fingerprint 33:F7:89:37:41:BF:FA:59:BF:98:36:E9:5A:74:20:54:A0:1D:C0:76
Validity Thu, 12 Jun 2025 11:57:50 GMT - Wed, 10 Sep 2025 12:56:28 GMT
Technology Fingerprints
Google Cloud CDN (CDN) Cloud CDN uses Google's global edge network to serve content closer to users.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /script/i.php?t=1&c=23992846&stamat=m%257C%252C%252Cg3Y_4iNitGU3Bv_GH0dEdHP3xP.54c%252CJW0E6F4Xdae-WrhTxnlEb2v8Ta86BkVzzi_1AtnK1-K4yeZQUDXOZ-fnia-zKAssX5Bvd0_tYAohQI1jdKSY_CLeGPlOFhHSp6oEll5peV0SQd7md19rU1J-OJglKd7sXLDXZDbNEswrGbck1wqEp4r3MAa6XUrPJe7ap7kjuEJA1fPkCKQJsdRQ4nQXL5PUsrwf2lZc1Z0tZcx8geBnUQ2i-v299kiw1cp5OLOKxsr-xOdPGmjBx604fXbb-OoPCJ5wbvBwpk2wJ1hhIik-FhjJsxqqQXeBDs_uBSer2L11pkGlbuhEJQdAMsOps9cRz45tBjBqR-YI8mxtwNRVWjCWZ8D9gYIgPJG1HaMkn2Y0TxlAd83Qg6XmyjqbpM_ckU5zP1chmXjSUbp1YSxT-Tt12zAokLKX5Q0Uh1fHzjhcZH3BpUdSicLBrmuozOGYFrS0jrWhUNhwr3VGofg_S5c-vHJDayiNkwU2vZhk3bE1negnzv0Vw-GCN9HEH14KDAi_x7YXlGj2Uzg0SfQAnkyvcZ6j97punJDAylS3RohdA_l_01Gfg211DJzISpl8dh7BvyHM__WrwfjoESaCI3hhe7uW1JOu20q6p-NEcXmF_g62xYjg5yUQRu5zTwOuJ53cW-_p7g6VYL0_8ZM_RtHlpZPpfWjCWd0ONwykd48har96uC-4UjziDQCGwOUuUISlcFDwoXaTe2KlcgbNoeaEisgIJpe0W00tisNmGkaU48R15mdTlYU0yLAadkLV&utsid=923eaa74e116324ad20965e311125624&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&cbref= HTTP/1.1
Host: adexchangeclear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Fri, 01 Aug 2025 14:01:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Kxb62dg8DRXW89ZwdeuqGV%2B5dD2N04rSmiFaiaJn%2FyqAQGtD60ki%2BonSszDxFk6KcRVe%2FsIdbYNf6UCLEvpL6TZE%2F4cudkcGmSKOGobfDguVCfBiD932GagOaxRlZMAn38OWi0m"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 9685de1e9b965691-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3263&min_rtt=680&rtt_var=2363&sent=48&recv=65&lost=0&retrans=0&sent_bytes=7024&recv_bytes=4872&delivery_rate=630799&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18079&unsent_bytes=0&cid=65f408be280d20fb&ts=3834&inflight_dur=28&x=40"
POST enrtx.com/get/
200 OK 7.4 kB URL POST HTTPS
enrtx.com/get/
IP / ASN
94.130.197.239
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 7.4 kB (7384 bytes)
MD5 5b83ea98cae198ce235bb6d3cbaf2aa1
SHA1 f9fd97101576211eefbd4b6de3081faad32f6581
SHA256 68fb4f3e692976e18022fa0d33856e8d796debc8a0ed02177c5f475c4c9d8980
Certificate Info
Issuer Let's Encrypt
Subject popunder-base.infrapu.sh
Fingerprint D1:0E:8E:F9:D2:2D:16:E4:51:52:3C:0F:A6:8D:A3:35:C2:6B:C1:1A
Validity Mon, 26 May 2025 07:34:47 GMT - Sun, 24 Aug 2025 07:34:46 GMT
Technology Fingerprints
Nginx:1.16.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
POST /get/ HTTP/1.1
Host: enrtx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1975
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 01 Aug 2025 14:01:30 GMT
content-type: application/json
content-length: 7384
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
GET torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=555
200 OK 0 B URL GET HTTPS
torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=555
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject torchfriendlypay.com
Fingerprint C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F
Validity Sat, 28 Jun 2025 22:31:57 GMT - Fri, 26 Sep 2025 22:31:56 GMT
Technology Fingerprints
Nginx:1.19.5 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=555 HTTP/1.1
Host: torchfriendlypay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Aug 2025 14:01:30 GMT
Content-Length: 0
Connection: keep-alive
Host: torchfriendlypay.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=515
200 OK 0 B URL GET HTTPS
torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=515
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject torchfriendlypay.com
Fingerprint C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F
Validity Sat, 28 Jun 2025 22:31:57 GMT - Fri, 26 Sep 2025 22:31:56 GMT
Technology Fingerprints
Nginx:1.19.5 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=515 HTTP/1.1
Host: torchfriendlypay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Aug 2025 14:01:30 GMT
Content-Length: 0
Connection: keep-alive
Host: torchfriendlypay.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET toonitalia.xyz/wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.5.5
200 OK 1.1 kB URL GET HTTPS
toonitalia.xyz/wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.5.5
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (1058), with no line terminators
First Seen 2024-06-21
Last Seen 2025-08-04
Times Seen 1141
Size 1.1 kB (1058 bytes)
MD5 6f71106c7a6d664e95df0b3381ab7a53
SHA1 3aa8ddcec63fdd455bd8a4ccb34da371dc17b10b
SHA256 0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.5.5 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 440
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 04 Jun 2025 20:16:00 GMT
etag: "422-636c4aa5fb471-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2ykBs%2BA34seHyND0yHX%2F52cUM5LWC1EhvrKlA7MRRlygZRVV92%2Fo8qE7zWXck140pHYyThvNRAwcc1efyRnD1q%2FE4nxKiqS0YaANHw%3D%3D"}]}
cf-ray: 9685de04e88d0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.8.2
200 OK 116 kB URL GET HTTPS
toonitalia.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.8.2
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (55654)
First Seen 2025-07-15
Last Seen 2025-08-04
Times Seen 3179
Size 116 kB (116345 bytes)
MD5 a06b3af98203ddc303997e0e0caaff83
SHA1 04c3e7de74a890d18014588c4e1f077a52d79acc
SHA256 838ede31a58a3cdb411d6dd7f13cbe65d4a26193d9fa31882854e63938f12bac
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.2 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 15315
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 15 Jul 2025 18:04:49 GMT
etag: "1c679-639fb9cbedbbe-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GzKNr9jBTHc74HI3aAUz4rc3V2Ugj34EPIAfZOzSzghDeFujVAXhBuN%2FGm3u5qi%2BO2Uo7yZxqMXDfSGGu5CU%2BNBd0uWo8Ui7oQmFhg%3D%3D"}]}
cf-ray: 9685de04e8970b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/themes/twentytwenty/style.css?ver=2.9
200 OK 123 kB URL GET HTTPS
toonitalia.xyz/wp-content/themes/twentytwenty/style.css?ver=2.9
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type Unicode text, UTF-8 text, with very long lines (2955)
First Seen 2025-04-18
Last Seen 2025-08-02
Times Seen 56
Size 123 kB (123346 bytes)
MD5 80600ef6ba7dfbb80b46af129ac5bb9b
SHA1 09669118eb2293306546f84286ebc2d162e5fe4a
SHA256 8bd704817aa5ccbfde80762d506927bfdf35bb3a9d75dde64457de24e49b99ce
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/themes/twentytwenty/style.css?ver=2.9 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 23205
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 15 Apr 2025 19:19:34 GMT
etag: "1e1d2-632d60c7a8cff-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0ye7Tih61GoJDcfMm%2FfOvV3SezbhjGMv%2Bqg9XHZbjD4vHZg5jDyZnVu0jXPf1WCai4fYTE2bsG8k2b%2FGGmNwlcZF%2B3JIAMDdvmOnpA%3D%3D"}]}
cf-ray: 9685de04e89d0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg
200 OK 1.3 kB URL GET HTTPS
cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type SVG Scalable Vector Graphics image
First Seen 2023-04-07
Last Seen 2025-08-04
Times Seen 2049
Size 1.3 kB (1279 bytes)
MD5 369850b9873659adf0951d845f57dba1
SHA1 a64257186daa33b6b318943a457b6cf8d80b26b6
SHA256 9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/ssp/interstitial/bottom_banner/1/img/close.svg HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: image/svg+xml
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dPbn95vzwxzXw3BqKSgHzfOKf58NOZ4wjSaTJnLLoPQwhbyTHIyVKqXqCvhSg0o7IagYjI%2BuHD%2FV6f8x2UmQI6WAYu5P8cPAECV%2Ff2g%2F1MlWYw%3D%3D"}]}
age: 27668
cf-cache-status: HIT
etag: W/"65aa8501-4ff"
content-encoding: br
cf-ray: 9685de273afd7130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.storageimagedisplay.com/si/79/2e/e8/792ee83e80b5394e4d3a5125e432eb70/1701650147.png
200 OK 14 kB URL GET HTTPS
cdn.storageimagedisplay.com/si/79/2e/e8/792ee83e80b5394e4d3a5125e432eb70/1701650147.png
IP / ASN
45.133.44.2
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
First Seen 2023-12-04
Last Seen 2025-08-03
Times Seen 656
Size 14 kB (13731 bytes)
MD5 b39effc8e82a1a83041a3282200f2d32
SHA1 4dd606913c72d9728485151e85d6f4a431f6215b
SHA256 e5375e1f3bac974f8fed58b80f75290dd66b7d71873f9c489aefab684f725fdf
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /si/79/2e/e8/792ee83e80b5394e4d3a5125e432eb70/1701650147.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: image/png
content-length: 13731
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 00:35:56 GMT
etag: "656d1eec-35a3"
expires: Sun, 03 Aug 2025 14:01:29 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET skinnycrawlinglax.com/pixel/purst?dl=0&th=0&sc=0&rs=1145&rd=1145&fd=593&bv=25.7.3790&tmpl=70
200 OK 0 B URL GET HTTPS
skinnycrawlinglax.com/pixel/purst?dl=0&th=0&sc=0&rs=1145&rd=1145&fd=593&bv=25.7.3790&tmpl=70
IP / ASN
192.243.61.225
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1145&rd=1145&fd=593&bv=25.7.3790&tmpl=70 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:25 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET 69f0630890.fff3cd7d36.com/906e5c17f27bd8df2c931d7649dae977.js
200 OK 132 kB URL GET HTTPS
69f0630890.fff3cd7d36.com/906e5c17f27bd8df2c931d7649dae977.js
IP / ASN
45.133.44.52
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
First Seen 2025-07-18
Last Seen 2025-08-03
Times Seen 544
Size 132 kB (132054 bytes)
MD5 9b49dd7034d35eab8b2a08dc86493068
SHA1 9f6866aaad162c1249aab6d1703806af005e1db8
SHA256 c5abbe1a3cd8f8874bfd4ef48a98b3efa57e91c877f67a9e5de028aa4458e668
Certificate Info
Issuer Let's Encrypt
Subject 69f0630890.fff3cd7d36.com
Fingerprint 80:7B:98:A8:F3:8D:4C:1A:8D:4C:62:FE:9F:16:46:3C:58:BE:9F:87
Validity Tue, 29 Jul 2025 02:15:00 GMT - Mon, 27 Oct 2025 02:14:59 GMT
Technology Fingerprints
Nginx:1.18.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /906e5c17f27bd8df2c931d7649dae977.js HTTP/1.1
Host: 69f0630890.fff3cd7d36.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 18 Jul 2025 10:55:07 GMT
etag: W/"687a280b-203d6"
content-encoding: gzip
expires: Fri, 01 Aug 2025 14:06:25 GMT
cache-control: max-age=300
x-cdn-host-id: ds8138
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOCtw-LbKfokb04MjCmfohdxb7kOazPKHAYUcMknpoZITRzPzPkAnNX6KjCzMT0TNllxQZ15Q
302 Found 0 B URL GET HTTPS
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOCtw-LbKfokb04MjCmfohdxb7kOazPKHAYUcMknpoZITRzPzPkAnNX6KjCzMT0TNllxQZ15Q
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
Technology Fingerprints
OpenGSE (Web servers) OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.
Java (Programming languages) Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOCtw-LbKfokb04MjCmfohdxb7kOazPKHAYUcMknpoZITRzPzPkAnNX6KjCzMT0TNllxQZ15Q HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:6HYqX8u65Yw_LboWYdLTmE-OLjhJiw:kJ2LTaMMlA1s2SlU;Path=/;Expires=Sun, 01-Aug-2027 14:01:27 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:27 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNSjsb2RsyptKv6T14_D-CrTEDDENjPk6mXvpJ8Ign_82FvVC6TmPtO024U1XcGO8Gm3wWP&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S841423991%3A1754056887034970
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-sRhqkDxg8zFYqfteHgElQg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 414
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNSjsb2RsyptKv6T14_D-CrTEDDENjPk6mXvpJ8Ign_82FvVC6TmPtO024U1XcGO8Gm3wWP&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S841423991%3A1754056887034970
403 Forbidden 0 B URL GET HTTPS
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNSjsb2RsyptKv6T14_D-CrTEDDENjPk6mXvpJ8Ign_82FvVC6TmPtO024U1XcGO8Gm3wWP&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S841423991%3A1754056887034970
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiNSjsb2RsyptKv6T14_D-CrTEDDENjPk6mXvpJ8Ign_82FvVC6TmPtO024U1XcGO8Gm3wWP&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S841423991%3A1754056887034970 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:27 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-niSntU0UMqa-LPGHxeFknA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.9JMNQUCSlVs.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET skinnycrawlinglax.com/13/b4/99/13b499ddfa822b9061b79b2fb4829296.js
200 OK 67 kB URL GET HTTPS
skinnycrawlinglax.com/13/b4/99/13b499ddfa822b9061b79b2fb4829296.js
IP / ASN
192.243.61.225
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 67 kB (67062 bytes)
MD5 6eabd7351719795261b21e6b6dca6611
SHA1 f68c64c9e8448e0d540f2952a473ab1b5a731672
SHA256 2f94feed663d6a9077f2c86b4dffc7a138efc98c0bf34bb7916cf0d90073a1ac
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /13/b4/99/13b499ddfa822b9061b79b2fb4829296.js HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:25 GMT
Content-Type: application/javascript
Content-Length: 24052
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_FEATURES-2379_test_2=1; expires=Fri, 01 Aug 2025 14:01:25 GMT; secure; SameSite=None
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 85c9900e1dd5631d3269017b05ca8acd
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET js.capndr.com/advertising.js
200 OK 0 B URL GET HTTPS
js.capndr.com/advertising.js
IP / ASN
45.133.44.52
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject js.capndr.com
Fingerprint 1D:CA:E2:9B:97:B0:05:1D:68:0D:AC:F5:2D:CD:88:3A:1C:EA:0F:EA
Validity Sun, 15 Jun 2025 02:32:24 GMT - Sat, 13 Sep 2025 02:32:23 GMT
Technology Fingerprints
Nginx:1.18.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Fri, 01 Aug 2025 14:06:26 GMT
cache-control: max-age=300
x-cdn-host-id: ah1742
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTPS
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:VtjH1trkHMi1bncaz3eCgI597q9B1w:9Q8zxfTnckdrQsvT; Expires=Sun, 01-Aug-2027 14:01:29 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:29 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiO_Mhg-gAwK98JnQ4qQjyrafVum5GnRcQtZznbs4fV1wYhsqtFGIM3o9Qe7EwuZfJ7SFDw-
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-2Cq8xqFC86iRjliWlWYQOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiPJf8vZy-oz3y7dTofHPEadGRLEbR2S0RKGIWodKi5JccFl2olrLcDWSvesCdDl31SDYY9W&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1780850019%3A1754056889170166
403 Forbidden 0 B URL GET HTTPS
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiPJf8vZy-oz3y7dTofHPEadGRLEbR2S0RKGIWodKi5JccFl2olrLcDWSvesCdDl31SDYY9W&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1780850019%3A1754056889170166
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiPJf8vZy-oz3y7dTofHPEadGRLEbR2S0RKGIWodKi5JccFl2olrLcDWSvesCdDl31SDYY9W&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1780850019%3A1754056889170166 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:29 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-UfnWnUsfjQPBulzuuTw9bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.9JMNQUCSlVs.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET cdn.storageimagedisplay.com/si/12/ab/10/12ab108f88bbf690f7dfa0aa15d8991418e7a27ae5633065f44706309f2bb1c4.png
200 OK 413 kB URL GET HTTPS
cdn.storageimagedisplay.com/si/12/ab/10/12ab108f88bbf690f7dfa0aa15d8991418e7a27ae5633065f44706309f2bb1c4.png
IP / ASN
45.133.44.2
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced
First Seen 2025-06-23
Last Seen 2025-08-03
Times Seen 170
Size 413 kB (412673 bytes)
MD5 ad0ac8306dd51692a7addf682d523d8b
SHA1 bd94fe15a26178adbd3102a0e3679736005775ce
SHA256 2aa24dc61a5b6e7e98008a5399b77567f556d48c7314a2eae512b11358cfe904
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /si/12/ab/10/12ab108f88bbf690f7dfa0aa15d8991418e7a27ae5633065f44706309f2bb1c4.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: image/png
content-length: 412673
server: nginx/1.21.6
last-modified: Mon, 23 Jun 2025 03:11:37 GMT
etag: "6858c5e9-64c01"
expires: Sun, 03 Aug 2025 14:01:29 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET 4.adsco.re:2087/
0 B URL GET HTTPS
4.adsco.re:2087/
IP / ASN
162.252.214.5
#53334 TUT-AS
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
GET / HTTP/1.1
Host: 4.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET praystakeinstinct.com/sbar.json?key=13b499ddfa822b9061b79b2fb4829296&abtd=op_1&abt=FEATURES-2379_test_2_1&uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85
200 OK 6.9 kB URL GET HTTPS
praystakeinstinct.com/sbar.json?key=13b499ddfa822b9061b79b2fb4829296&abtd=op_1&abt=FEATURES-2379_test_2_1&uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85
IP / ASN
172.240.108.68
#7979 SERVERS-COM
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 6.9 kB (6854 bytes)
MD5 fb90a487fb9b9d61ba95c7d81c823828
SHA1 2d6ae2bf3fd3c47aa67c5c92f0fff073f927fd4b
SHA256 801a71968d01dbe153b529e00b385da52ccff733395e81ff1e180dece29c7440
Certificate Info
Issuer Let's Encrypt
Subject praystakeinstinct.com
Fingerprint 08:B9:39:D3:1C:E2:4B:34:21:BC:02:6F:17:3E:89:73:97:AC:E1:C9
Validity Sat, 28 Jun 2025 22:08:16 GMT - Fri, 26 Sep 2025 22:08:15 GMT
Technology Fingerprints
Envoy (Reverse proxies) Envoy is an open-source edge and service proxy, designed for cloud-native applications.
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=13b499ddfa822b9061b79b2fb4829296&abtd=op_1&abt=FEATURES-2379_test_2_1&uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85 HTTP/1.1
Host: praystakeinstinct.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
access-control-allow-origin: https://toonitalia.xyz
access-control-allow-credentials: true
set-cookie: uid_id2=75a55be8-3122-4ac8-9e41-ab9b2ae03b85:2:1; expires=Fri, 08 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
uncs=1; expires=Sat, 02 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
pdhtkv29=true; expires=Sat, 02 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
uncs29=1; expires=Sat, 02 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
u_pl26971197=1; expires=Sat, 02 Aug 2025 14:01:28 GMT; path=/; secure; SameSite=None
x-envoy-upstream-service-time: 227
Host: praystakeinstinct.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: e001a602a3bee042076524f7f6b74a72
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html
200 OK 1.5 kB URL GET HTTPS
cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html
IP / ASN
172.67.170.115
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type HTML document, ASCII text
First Seen 2023-12-18
Last Seen 2025-08-03
Times Seen 359
Size 1.5 kB (1544 bytes)
MD5 972f68410d9349904f897739b33e12cc
SHA1 e41130dbad60e81ad2665bb7407a50888aae8150
SHA256 90c062931018d386488b555fd261405457f9744db31512ff5780d49769d7b0d0
Certificate Info
Issuer Google Trust Services
Subject show-sb.com
Fingerprint DF:A8:5A:11:E9:7E:8B:0E:2E:08:20:FB:02:FE:C4:E3:E7:97:E8:3A
Validity Thu, 12 Jun 2025 07:26:41 GMT - Wed, 10 Sep 2025 08:25:04 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html HTTP/1.1
Host: cdn.show-sb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: text/html
server: cloudflare
last-modified: Fri, 11 Apr 2025 14:28:57 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bDAmfPGYsvGaK%2BByGn5RXCUXtLjLbqawebdQXVxhPR1b3rvN4uEDrWBj%2FMC0x3ZBJfd%2B25IlSmVXAaoWG8n5thA0jEhdnQ1%2FBRxamQU%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9685de22da3656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiO_Mhg-gAwK98JnQ4qQjyrafVum5GnRcQtZznbs4fV1wYhsqtFGIM3o9Qe7EwuZfJ7SFDw-
302 Found 0 B URL GET HTTPS
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiO_Mhg-gAwK98JnQ4qQjyrafVum5GnRcQtZznbs4fV1wYhsqtFGIM3o9Qe7EwuZfJ7SFDw-
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject *.google.com
Fingerprint 60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8
Validity Mon, 07 Jul 2025 08:34:14 GMT - Mon, 29 Sep 2025 08:34:13 GMT
Technology Fingerprints
OpenGSE (Web servers) OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.
Java (Programming languages) Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiO_Mhg-gAwK98JnQ4qQjyrafVum5GnRcQtZznbs4fV1wYhsqtFGIM3o9Qe7EwuZfJ7SFDw- HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Rda4U93mw5gcFn9LY16CYFcjg6wyvg:ceb5VO-mCwr6A8kR;Path=/;Expires=Sun, 01-Aug-2027 14:01:29 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:29 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdBytiPJf8vZy-oz3y7dTofHPEadGRLEbR2S0RKGIWodKi5JccFl2olrLcDWSvesCdDl31SDYY9W&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1780850019%3A1754056889170166
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-fkj_keJNWHaZsOqCY_1odQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js
200 OK 957 B URL GET HTTPS
cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text
First Seen 2023-12-07
Last Seen 2025-08-03
Times Seen 354
Size 957 B (957 bytes)
MD5 41051a33fb99370ee2aeae5227abec51
SHA1 f1b81c1d24d27bea43a09f308ae28668453704fb
SHA256 67f07ddfdc4a81dc7ae4f83c332eb76107442caf0230e307d6398bae7663aa0d
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/ssp/interstitial/bottom_banner/1/js/script.js HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:30 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6TKhpbRDbwZIB8R56n7Ck1AHV%2BO8mVrKANa3Jof1RQz%2Bp4ONvQzIcPfJBgAcMBm90p7hZTaSFjFDLbVhuZeHfB1DtTTrKWFSTONA7Vi11sl8nA%3D%3D"}]}
cf-cache-status: MISS
etag: W/"65aa8501-3bd"
content-encoding: br
cf-ray: 9685de27cbc37130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=524
200 OK 0 B URL GET HTTPS
torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=524
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject torchfriendlypay.com
Fingerprint C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F
Validity Sat, 28 Jun 2025 22:31:57 GMT - Fri, 26 Sep 2025 22:31:56 GMT
Technology Fingerprints
Nginx:1.19.5 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=524 HTTP/1.1
Host: torchfriendlypay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Aug 2025 14:01:29 GMT
Content-Length: 0
Connection: keep-alive
Host: torchfriendlypay.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET toonitalia.xyz/wp-includes/css/dashicons.min.css?ver=6.8.2
200 OK 59 kB URL GET HTTPS
toonitalia.xyz/wp-includes/css/dashicons.min.css?ver=6.8.2
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (58981)
First Seen 2023-04-05
Last Seen 2025-08-04
Times Seen 55867
Size 59 kB (59016 bytes)
MD5 d68d6bf519169d86e155bad0bed833f8
SHA1 27ba9c67d0e775fc4e6dd62011daf4c3902698fc
SHA256 c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-includes/css/dashicons.min.css?ver=6.8.2 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 35730
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Thu, 17 Aug 2023 18:08:02 GMT
etag: "e688-603224b014c91-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8hNo7ROPUEqXFYs702E92ZdBPtvowPJA%2FuIfoE9%2BB75Bl7oQcplAS66fJxJP5LkeKqGU9wWvkCCkevW7jdamMEMq4fdn3EH%2BGRp2Wg%3D%3D"}]}
cf-ray: 9685de04d8850b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET adexchangeclear.com/ad/czcf.php?cz=5o1v8jdbc&atv=63.0
200 OK 1.2 kB URL GET HTTPS
adexchangeclear.com/ad/czcf.php?cz=5o1v8jdbc&atv=63.0
IP / ASN
104.21.78.155
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 1.2 kB (1159 bytes)
MD5 e924958976699a05b052894fafe8ddbb
SHA1 af4806baaa218927f4e041dd54f739dab6aeead1
SHA256 0481a57b87c072567d0f9dd2d4a09b900d9403f5cdd9d776c736bf0147896eaa
Certificate Info
Issuer Google Trust Services
Subject adexchangeclear.com
Fingerprint 33:F7:89:37:41:BF:FA:59:BF:98:36:E9:5A:74:20:54:A0:1D:C0:76
Validity Thu, 12 Jun 2025 11:57:50 GMT - Wed, 10 Sep 2025 12:56:28 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
Google Cloud CDN (CDN) Cloud CDN uses Google's global edge network to serve content closer to users.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
GET /ad/czcf.php?cz=5o1v8jdbc&atv=63.0 HTTP/1.1
Host: adexchangeclear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/html; charset=utf-8
server: cloudflare
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aAosblNSCz0h4Kcty0O9hSyJ0zbDkJhhnmcCQ5LglJKx6FvCQXFxfDRgwMSwMi52BrIBdUvK0D9iV1HzabWa8Vd8pRPNW9sdtcUwFf9tsaDd"}]}
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 9685de065aca569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET preferencenail.com/sfp.js
200 OK 85 kB URL GET HTTPS
preferencenail.com/sfp.js
IP / ASN
185.196.197.71
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
First Seen 2025-07-08
Last Seen 2025-08-04
Times Seen 2273
Size 85 kB (85386 bytes)
MD5 46a6fef91632b94d14252fe324c1585f
SHA1 387cebbd261b8fe947fe9805875300f2ceeb5cfd
SHA256 36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5
Certificate Info
Issuer Let's Encrypt
Subject preferencenail.com
Fingerprint F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3
Validity Tue, 01 Jul 2025 15:11:38 GMT - Mon, 29 Sep 2025 15:11:37 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sfp.js HTTP/1.1
Host: preferencenail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:24 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28254
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: preferencenail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f08dadf4a88efe6f4789013fb4a69117
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 0 B URL GET HTTPS
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject accounts.google.com
Fingerprint 9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2
Validity Mon, 07 Jul 2025 08:36:02 GMT - Mon, 29 Sep 2025 08:36:01 GMT
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:FRzJATz3q-ZlvOYs1Eb5nBYZWxgbTw:0cYs8LYCrxc9m6zX; Expires=Sun, 01-Aug-2027 14:01:25 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:25 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOCtw-LbKfokb04MjCmfohdxb7kOazPKHAYUcMknpoZITRzPzPkAnNX6KjCzMT0TNllxQZ15Q
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-O4p8su-PRUWJ2O2cx41adw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET 69f0630890.fff3cd7d36.com/bca353ca821870558177a93d7fc2b760/246579?version_name=d&domain=toonitalia.xyz
200 OK 1.5 kB URL GET HTTPS
69f0630890.fff3cd7d36.com/bca353ca821870558177a93d7fc2b760/246579?version_name=d&domain=toonitalia.xyz
IP / ASN
45.133.44.52
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 1.5 kB (1450 bytes)
MD5 f4fcc09787a40f841769087b5bed4882
SHA1 444b4cb6331e57d4a5fb9d99e2e206b95465ee7a
SHA256 f7b90431523f12a6d80938629cf2b71d9b9bae4feda71136b811f0737ff28cd7
Certificate Info
Issuer Let's Encrypt
Subject 69f0630890.fff3cd7d36.com
Fingerprint 80:7B:98:A8:F3:8D:4C:1A:8D:4C:62:FE:9F:16:46:3C:58:BE:9F:87
Validity Tue, 29 Jul 2025 02:15:00 GMT - Mon, 27 Oct 2025 02:14:59 GMT
Technology Fingerprints
Nginx:1.18.0 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /bca353ca821870558177a93d7fc2b760/246579?version_name=d&domain=toonitalia.xyz HTTP/1.1
Host: 69f0630890.fff3cd7d36.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:26 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 01 Aug 2025 14:06:26 GMT
x-cdn-host-id: ds8138
x-proxy-cache: MISS
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET nereserv.com/in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4
200 OK 0 B URL GET HTTPS
nereserv.com/in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4
IP / ASN
167.235.163.216
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject inpage.infrapu.sh
Fingerprint 48:AE:73:C9:A8:E5:B5:9E:C6:92:02:16:78:6B:D4:29:9C:F8:AF:BA
Validity Fri, 27 Jun 2025 06:05:31 GMT - Thu, 25 Sep 2025 06:05:30 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 01 Aug 2025 14:01:29 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
GET fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET HTTPS
fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP / ASN
142.250.74.35
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
First Seen 2025-01-08
Last Seen 2025-08-04
Times Seen 98966
Size 40 kB (40128 bytes)
MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD
Validity Mon, 07 Jul 2025 08:35:11 GMT - Mon, 29 Sep 2025 08:35:10 GMT
GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 31 Jul 2025 10:09:08 GMT
expires: Fri, 31 Jul 2026 10:09:08 GMT
cache-control: public, max-age=31536000
age: 100342
last-modified: Thu, 29 May 2025 23:30:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/themes/twentytwenty/assets/css/font-inter.css?ver=2.9
200 OK 674 B URL GET HTTPS
toonitalia.xyz/wp-content/themes/twentytwenty/assets/css/font-inter.css?ver=2.9
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text
First Seen 2024-04-14
Last Seen 2025-08-02
Times Seen 151
Size 674 B (674 bytes)
MD5 e6f251e669f2595623f05b4f938a747a
SHA1 fd2a812b2e0b61633f56c095b960c48197aebe5b
SHA256 af996e402ba3d70c6deec406671e21d0b23dc44df374f3d95f3fdc0d757774f9
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/themes/twentytwenty/assets/css/font-inter.css?ver=2.9 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 268
server: cloudflare
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 15 Apr 2025 19:19:33 GMT
etag: "2a2-632d60c7a2f3f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qYBOmgWh0TKPKmSP7taQxic5qu0vaBtV4YQLS9BSKrNGgjdwJvIASi%2BPXyvCC348DUzDC69fxS7Y560vEf2VU6ALAMjGqu5yyl1rVQ%3D%3D"}]}
cf-ray: 9685de04e8a30b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET weirdopt.com/ad/advertisers.js
200 OK 0 B URL GET HTTPS
weirdopt.com/ad/advertisers.js
IP / ASN
185.196.197.71
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject weirdopt.com
Fingerprint 1A:27:71:C0:8E:44:D4:6B:F5:AA:49:F0:F1:AF:E5:5F:30:23:A4:D4
Validity Tue, 01 Jul 2025 15:18:37 GMT - Mon, 29 Sep 2025 15:18:36 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ad/advertisers.js HTTP/1.1
Host: weirdopt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: e0f2f8650f0dd84040c33f2b0723c69d
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET toonitalia.xyz/wp-content/uploads/2024/06/450x450.gif
200 OK 1.5 MB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2024/06/450x450.gif
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type GIF image data, version 89a, 450 x 450
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 1.5 MB (1519260 bytes)
MD5 9f39dd8796aebc70b349d2e4957fc94d
SHA1 1f548063c8da90925c4673f4194930c77eb8a156
SHA256 4de865ae3d9532b3d176697e992f04593036e62ab8c226ec1a979742ceabd4e8
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2024/06/450x450.gif HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/gif
content-length: 1519260
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8tV0anN%2Fs9hKFnzR50Loyzf79oWbpKGBAZmh1OJc3nrgEoN%2B%2FnEgAADEI1%2BZhwWbj%2BSEpC%2Bo6BtOwDTUjEjb6w8qsJc9C6bBwSmp%2BOG6d7MGtFPY6xzDabcsyw6F2nRQ8g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
last-modified: Thu, 06 Jun 2024 13:13:23 GMT
etag: "172e9c-61a3872a096cb"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0ae9530b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1167&min_rtt=0&rtt_var=721&sent=297&recv=214&lost=0&retrans=1&sent_bytes=270037&recv_bytes=13189&delivery_rate=7260306&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=28122&unsent_bytes=0&cid=00802a8f80661eb4&ts=1360&inflight_dur=174&x=40"
POST usrpubtrk.com/ut/hb.php?cb=0.5795688579622527&v=1
204 No Content 0 B URL POST HTTPS
usrpubtrk.com/ut/hb.php?cb=0.5795688579622527&v=1
IP / ASN
104.21.92.33
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject usrpubtrk.com
Fingerprint 73:D3:CF:85:0F:63:93:DD:FC:EC:C6:A5:AD:25:E8:9F:46:71:26:ED
Validity Mon, 16 Jun 2025 11:32:07 GMT - Sun, 14 Sep 2025 12:30:39 GMT
Technology Fingerprints
Google Cloud CDN (CDN) Cloud CDN uses Google's global edge network to serve content closer to users.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /ut/hb.php?cb=0.5795688579622527&v=1 HTTP/1.1
Host: usrpubtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 1000
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 01 Aug 2025 14:01:25 GMT
server: cloudflare
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=EmOJt%2BFTy3W6y0wjQsDfQmiajg7GJdhlWUnZTsZ3d9RM39970ijzkDzcKxv4TYkcrLD4jm8e9TWz5TZ044fVNzaqHAaukjJQ5uiK"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9685de0b4ef9712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET adexchangeclear.com/script/push.php?r=8489066&ipp=1&mads=2&position=top&czid=5o1v8jdbc&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=923eaa74e116324ad20965e311125624&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&atv=63.0&cbref=
200 OK 2.0 kB URL GET HTTPS
adexchangeclear.com/script/push.php?r=8489066&ipp=1&mads=2&position=top&czid=5o1v8jdbc&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=923eaa74e116324ad20965e311125624&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&atv=63.0&cbref=
IP / ASN
104.21.78.155
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 2.0 kB (2017 bytes)
MD5 56c5638f20d244e8871f484f68a69438
SHA1 2479ebc2ceb2bfd919ab8fba421b01785f3d8c35
SHA256 446c6fef3b3641e13fbca4dac8b5dbb086014f34ed88aeb142613f8c54713813
Certificate Info
Issuer Google Trust Services
Subject adexchangeclear.com
Fingerprint 33:F7:89:37:41:BF:FA:59:BF:98:36:E9:5A:74:20:54:A0:1D:C0:76
Validity Thu, 12 Jun 2025 11:57:50 GMT - Wed, 10 Sep 2025 12:56:28 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
Google Cloud CDN (CDN) Cloud CDN uses Google's global edge network to serve content closer to users.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
GET /script/push.php?r=8489066&ipp=1&mads=2&position=top&czid=5o1v8jdbc&atag=1&aggr=3&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&srs=923eaa74e116324ad20965e311125624&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Ftoonitalia.xyz%2F&atv=63.0&cbref= HTTP/1.1
Host: adexchangeclear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: application/json; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egSprGGuu9afB7vGehRt19buv%2BP%2F%2FCp5%2Fl6tX92GVmYkviKq64Yg6dgYPZ92BFX%2BYHS5fmAouBjG1pfIgXc7fsBEKKv9iZAi3yaGNq5hyO2pfm7hz9dGfO5kG3gpz1IoLGGPihhO"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
cf-ray: 9685de0cd87956ba-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7762&min_rtt=3165&rtt_var=5583&sent=13&recv=11&lost=0&retrans=0&sent_bytes=5171&recv_bytes=1537&delivery_rate=452942&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18085&unsent_bytes=0&cid=d40dd2ad427c4a24&ts=512&inflight_dur=58&x=40"
GET toonitalia.xyz/wp-content/uploads/2023/08/cropped-Majintoon-192x192.jpg
200 OK 4.7 kB URL GET HTTPS
toonitalia.xyz/wp-content/uploads/2023/08/cropped-Majintoon-192x192.jpg
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 192x192, components 3
First Seen 2024-06-06
Last Seen 2025-08-01
Times Seen 5
Size 4.7 kB (4665 bytes)
MD5 d66fbfc7d10e0375e9b15449236a7718
SHA1 243c34a1567fc122877785d5243ff979c8a5e8f5
SHA256 8f0ffcd17fbb1ff24af672bf7ef09fa960479b98a6912add56a7d925a5c928f9
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/uploads/2023/08/cropped-Majintoon-192x192.jpg HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=75a55be8-3122-4ac8-9e41-ab9b2ae03b85; pp_main_e2be4504dce870fcc41510596c5c0ce0=1; bVerison=75a55be8-3122-4ac8-9e41-ab9b2ae03b85
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:25 GMT
content-type: image/jpeg
content-length: 4665
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aAdQL2VeiWqN4HwsULvJSoyB3VIKLUtjI%2FfBQJFJzRYu4N7GvGeJxkiswGukQF425uL85ljWDmT2c7HrHB%2BDoyFD%2F1fZ%2BEl0cZeXyEZJx88bwjEvIvFFXIb3f61gFqS6lg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
last-modified: Thu, 17 Aug 2023 21:40:42 GMT
etag: "1239-60325438cebcc"
accept-ranges: bytes
cache-control: max-age=14400
cf-ray: 9685de0fa96b0b61-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=880&min_rtt=0&rtt_var=444&sent=1866&recv=456&lost=0&retrans=2&sent_bytes=2391920&recv_bytes=26730&delivery_rate=29093553&ss_exit_cwnd=14919&ss_exit_reason=2&cwnd=30017&unsent_bytes=0&cid=00802a8f80661eb4&ts=2108&inflight_dur=424&x=40"
POST adsco.re/p
200 OK 1.2 kB IP / ASN
162.252.214.5
#53334 TUT-AS
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (1212), with no line terminators
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 1.2 kB (1212 bytes)
MD5 c6680ada3b78f24ffa1dcbf8b0144a8a
SHA1 af21c4efd67682c7bda0a3fbe14ad8f6a78ed71a
SHA256 442c4105999538c7f2f088e200deb4e93245ae014f52269549db9737a124d543
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1634
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK nyc123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://toonitalia.xyz
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
OPTIONS ntvpforever.com/keywords
204 No Content 0 B URL OPTIONS HTTPS
ntvpforever.com/keywords
IP / ASN
167.235.163.216
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject inpage.infrapu.sh
Fingerprint 48:AE:73:C9:A8:E5:B5:9E:C6:92:02:16:78:6B:D4:29:9C:F8:AF:BA
Validity Fri, 27 Jun 2025 06:05:31 GMT - Thu, 25 Sep 2025 06:05:30 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
OPTIONS /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 01 Aug 2025 14:01:28 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
GET flushpersist.com/pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=e2be4504dce870fcc41510596c5c0ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
200 OK 0 B URL GET HTTPS
flushpersist.com/pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=e2be4504dce870fcc41510596c5c0ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP / ASN
192.243.61.227
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject flushpersist.com
Fingerprint 9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A
Validity Tue, 01 Jul 2025 15:12:33 GMT - Mon, 29 Sep 2025 15:12:32 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=e2be4504dce870fcc41510596c5c0ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: flushpersist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: flushpersist.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bed0dfedcf5baa1bb49be0ee19ebc662
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
POST fp.metricswpsh.com/fp?tag_id=246579
200 OK 58 B URL POST HTTPS
fp.metricswpsh.com/fp?tag_id=246579
IP / ASN
157.90.84.242
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-07-26
Last Seen 2025-08-03
Times Seen 334
Size 58 B (58 bytes)
MD5 c4efc1d6d16235d9433cd2565d887460
SHA1 22d069a5f536640e46122475c79db933e82d7f2e
SHA256 f0a6b8c736b7d8c5d3304a9ccd10d2114a0f25f2ba946cce62204df3384a131f
Certificate Info
Issuer Let's Encrypt
Subject notification.tubecup.net
Fingerprint 7E:67:6E:60:DA:54:65:A6:A2:F7:52:44:8A:5F:F2:EF:60:96:4D:A7
Validity Mon, 16 Jun 2025 02:50:45 GMT - Sun, 14 Sep 2025 02:50:44 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
POST /fp?tag_id=246579 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1971
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://toonitalia.xyz
Set-Cookie: id=4576713145194874123; Expires=Sat, 01 Aug 2026 14:01:28 GMT; Secure; SameSite=None
Vary: Origin
GET nereserv.com/in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4
200 OK 0 B URL GET HTTPS
nereserv.com/in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4
IP / ASN
167.235.163.216
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject inpage.infrapu.sh
Fingerprint 48:AE:73:C9:A8:E5:B5:9E:C6:92:02:16:78:6B:D4:29:9C:F8:AF:BA
Validity Fri, 27 Jun 2025 06:05:31 GMT - Thu, 25 Sep 2025 06:05:30 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /in/dip?event_id=ec5dd51c-e272-4894-8506-e70f63e91317&subid=192017948&spot_id=1420133&created_at=2025-08-01&timezone=0&ver=1.167.4 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 01 Aug 2025 14:01:28 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css
200 OK 3.5 kB URL GET HTTPS
cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text
First Seen 2024-09-26
Last Seen 2025-08-03
Times Seen 343
Size 3.5 kB (3487 bytes)
MD5 f9f1955433320a3b43c5741f2bde9a3d
SHA1 3b70c2a57fad02833bf227d8b6a0391ac8b98432
SHA256 cbb99d697521db3b645225c1b50873e6aa8a39c91afcc7c8dd756746b8bf2645
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/ssp/interstitial/bottom_banner/1/css/style.css HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: W/"65aa8501-d9f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ffsYU7Jf5TKkJJsroxvlmGKhlopR95sWuHr10pyyz4WrUt0qHa%2Ftj%2FbjiSdf1jqyhY4z3P2C0OKfH8bKRpd6iRKQQr0EkagfjUtrVfkTnqWFvg%3D%3D"}]}
cf-ray: 9685de26aa657130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js
200 OK 90 kB URL GET HTTPS
cdn.creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65451)
First Seen 2023-03-07
Last Seen 2025-08-04
Times Seen 3039
Size 90 kB (89492 bytes)
MD5 561acb3e541133bbdd2c0c19f8ee35a1
SHA1 ffd1353cf3f77d25f801c84d8208613eb0d3d548
SHA256 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:29 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lvnHEHyNUZGnAGQTmr%2BqhZaC09T4TlDiUHUuxEs9GQs42mmOROFusOl8a0Ja%2FUi1auWKnViRFMXEpZoERnPMQpC7acPHDH207TSf2Amtrl5lRA%3D%3D"}]}
age: 1170115
cf-cache-status: HIT
etag: W/"65aa8501-15d94"
content-encoding: br
cf-ray: 9685de274b0f7130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
200 OK 384 kB URL User Request GET HTTPS
toonitalia.xyz/
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Resource Info
File type HTML document, Unicode text, UTF-8 text, with very long lines (35309)
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 384 kB (384061 bytes)
MD5 b7c9fc4d330936771d9b2b01fae33687
SHA1 aaf674f2f7745dc1409033ac4450e7285c528342
SHA256 956cce4d8d646b0f625e4b2cd3dd25058d784fa68914ca1f4e1363d70429682a
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
MySQL (Databases) MySQL is an open-source relational database management system.
Twenty Twenty (WordPress themes) Twenty Twenty is the default WordPress theme for 2020.
PHP (Programming languages) PHP is a general-purpose scripting language used for web development.
Yoast SEO:25.6 (SEO, WordPress plugins) Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.
WordPress Super Cache (Caching, WordPress plugins) WordPress Super Cache is a static caching plugin for WordPress.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
WordPress:6.8.2 (CMS, Blogs) WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.
GET / HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:23 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding,Cookie
cache-control: max-age=3, must-revalidate
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=O%2Fr9MluT0%2FtL92EsOdwuUnA4x%2B5UIErohONvSHLCQp1XqS%2FPdm93Zw6qyvZ%2FZHjnOy8hVm5%2BMCXJ6pzvVkcOWfu4nVKw1M4pOKN%2BZQ%3D%3D"}]}
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Fri, 01 Aug 2025 14:00:32 GMT
content-encoding: br
cf-ray: 9685de01ab6d0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET toonitalia.xyz/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1
200 OK 1.5 kB URL GET HTTPS
toonitalia.xyz/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1
IP / ASN
172.67.220.81
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with very long lines (404)
First Seen 2024-06-06
Last Seen 2025-08-01
Times Seen 6
Size 1.5 kB (1482 bytes)
MD5 55ec5e9b4134ca6afbd168dd9bb7a1c7
SHA1 1f39a50db2d5207686fd3a8e05fed1a91f56d91c
SHA256 71001bb82d80ed4aa26dc055c3ca95f1c6178450639d0d90b79aef5719828930
Certificate Info
Issuer Google Trust Services
Subject toonitalia.xyz
Fingerprint BA:21:F8:2B:2C:15:BA:86:8E:59:5E:C9:95:CD:5D:13:6E:A5:83:4E
Validity Sat, 14 Jun 2025 10:38:31 GMT - Fri, 12 Sep 2025 11:37:07 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1 HTTP/1.1
Host: toonitalia.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/css
content-length: 531
server: cloudflare
cf-cache-status: EXPIRED
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Mon, 28 Aug 2023 21:39:26 GMT
etag: "5ca-60402874b3c1e-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cWTds1JWk%2FfmJ3eXm9kQPLqR4glTjFMx7ApDhViTexsdHPjMRXMxHJ53RWpg9u95ypkyI2DP8%2B%2FRVYmLNI7QksXNw0heCBsBiIyo8A%3D%3D"}]}
cf-ray: 9685de04f8ae0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
OPTIONS fp.metricswpsh.com/fp?tag_id=246579
204 No Content 0 B URL OPTIONS HTTPS
fp.metricswpsh.com/fp?tag_id=246579
IP / ASN
157.90.84.242
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject notification.tubecup.net
Fingerprint 7E:67:6E:60:DA:54:65:A6:A2:F7:52:44:8A:5F:F2:EF:60:96:4D:A7
Validity Mon, 16 Jun 2025 02:50:45 GMT - Sun, 14 Sep 2025 02:50:44 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
OPTIONS /fp?tag_id=246579 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://toonitalia.xyz/
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 01 Aug 2025 14:01:28 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://toonitalia.xyz
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
GET praystakeinstinct.com/ren.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vZaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55LA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W09kErRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNmbfjk43-LJnea0EUN_1XGm-KdEuvhH7g-4EfNNakEZnurxyykMWDJGgmfjMOm0ErRt_8F9vSg6UeeO-AHIfkk_8_yd6FTMfIu1-dFXbL6eLVc91SUacNenzver6V6ypHd9FmxkOW781vQ9sJIZ8uQed78wmge6PZBGByQpZOPAbL9-YywXr3nillCiIH4_9D1RtDqDEkHSPVtyD5rwRIOS5eQt69f1Gbim4_Y-mMnZCjT_-ErCbk6OPnkHcfnlGy37iqVemkzi36WQ3ZH0NujFGU-3CDJchqH6n7CJL_QlaeXkDeHV2ySkPy6UurLdpqMdFZjoIwXI5p2llORBwsU5awkAo_Yp3WoUUyG4PaJZTWQyk9lJmHsvDQ5dNG7HfiNKBRO0t4uurHNI65YH7SCX2fJukqynSmfQeu2EGqdpCamyjMTWzJuxNC_v4LpvwedrOG5R6sI-jxGpUgqCxBRQkqSVA5gqpX3-PKhra-z5UtWTCv4bxG9VC7jV16T7sNkRNQswPD65EsPrC3kLojw0Fm-VDPEmXum7Vzp69dv3Lu6nIYrSbrTli3Hq4HQ8r4SBfrwW5xQI7NXPc-u_M6tsS0EUQsThLOM9oJQ5b47YCtJizMWNwJkzBpw8oa0i6BWg8DOSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBN2sM8odO61w6qiRt9rcH4LpG4Y7CbXu76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwoW4Pr-iKjK7oypKvLxVOduWAzrbiqqNOHPniLbFdacPPn7U7n59OZ8SsfXBNWHeB5lzmG5Z8eUZyLsyaNqkg3523NwS7XNrNM6XJy-LC5TfWzncLI6yVOh-Dygnx_jBI5YQc_2l6uPHR8nuQZgxT1uiWj8g8kBY3YYuFdqsJjFrwrPBQlfXQhGxxqCSBEgtMWQ37L8wW_dDQ2Wsq6117GxvGA3W3kHdr9EyNnqpB1Q5seWToCvPo1G9zGUx5Q6aMN2LKqLvPLLZy2miFLGp3Om2RtXkW8SiMeNLyRRLTpB0ncQvOTjbv_PztPwEAAP__vNF2jc8EAAA=
200 OK 0 B URL GET HTTPS
praystakeinstinct.com/ren.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vZaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55LA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W09kErRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNmbfjk43-LJnea0EUN_1XGm-KdEuvhH7g-4EfNNakEZnurxyykMWDJGgmfjMOm0ErRt_8F9vSg6UeeO-AHIfkk_8_yd6FTMfIu1-dFXbL6eLVc91SUacNenzver6V6ypHd9FmxkOW781vQ9sJIZ8uQed78wmge6PZBGByQpZOPAbL9-YywXr3nillCiIH4_9D1RtDqDEkHSPVtyD5rwRIOS5eQt69f1Gbim4_Y-mMnZCjT_-ErCbk6OPnkHcfnlGy37iqVemkzi36WQ3ZH0NujFGU-3CDJchqH6n7CJL_QlaeXkDeHV2ySkPy6UurLdpqMdFZjoIwXI5p2llORBwsU5awkAo_Yp3WoUUyG4PaJZTWQyk9lJmHsvDQ5dNG7HfiNKBRO0t4uurHNI65YH7SCX2fJukqynSmfQeu2EGqdpCamyjMTWzJuxNC_v4LpvwedrOG5R6sI-jxGpUgqCxBRQkqSVA5gqpX3-PKhra-z5UtWTCv4bxG9VC7jV16T7sNkRNQswPD65EsPrC3kLojw0Fm-VDPEmXum7Vzp69dv3Lu6nIYrSbrTli3Hq4HQ8r4SBfrwW5xQI7NXPc-u_M6tsS0EUQsThLOM9oJQ5b47YCtJizMWNwJkzBpw8oa0i6BWg8DOSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBN2sM8odO61w6qiRt9rcH4LpG4Y7CbXu76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwoW4Pr-iKjK7oypKvLxVOduWAzrbiqqNOHPniLbFdacPPn7U7n59OZ8SsfXBNWHeB5lzmG5Z8eUZyLsyaNqkg3523NwS7XNrNM6XJy-LC5TfWzncLI6yVOh-Dygnx_jBI5YQc_2l6uPHR8nuQZgxT1uiWj8g8kBY3YYuFdqsJjFrwrPBQlfXQhGxxqCSBEgtMWQ37L8wW_dDQ2Wsq6117GxvGA3W3kHdr9EyNnqpB1Q5seWToCvPo1G9zGUx5Q6aMN2LKqLvPLLZy2miFLGp3Om2RtXkW8SiMeNLyRRLTpB0ncQvOTjbv_PztPwEAAP__vNF2jc8EAAA=
IP / ASN
172.240.108.68
#7979 SERVERS-COM
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject praystakeinstinct.com
Fingerprint 08:B9:39:D3:1C:E2:4B:34:21:BC:02:6F:17:3E:89:73:97:AC:E1:C9
Validity Sat, 28 Jun 2025 22:08:16 GMT - Fri, 26 Sep 2025 22:08:15 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Envoy (Reverse proxies) Envoy is an open-source edge and service proxy, designed for cloud-native applications.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RST4gcxReu3uT2O_xIkBwEYRAPCu5s_5vZaYOExGQlGJOQPwRUWKq6qnfLrelqq6qnZ8dLMCA55LA5CIKX3m8mWdQQ9CJeBJ0VFAKC42kO2UvOXlRy8iCzGRh9h_feV18VfO-r9_FueUAilHR6-W09kErRlVbTb7x8Q-ZcV7Zx8Voj8Jv-ycYNmbfjk43-LJnea0EUN_1XGm-KdEuvhH7g-4EfNNakEZnurxyykMWDJGgmfjMOm0ErRt_8F9vSg6UeeO-AHIfkk_8_yd6FTMfIu1-dFXbL6eLVc91SUacNenzver6V6ypHd9FmxkOW781vQ9sJIZ8uQed78wmge6PZBGByQpZOPAbL9-YywXr3nillCiIH4_9D1RtDqDEkHSPVtyD5rwRIOS5eQt69f1Gbim4_Y-mMnZCjT_-ErCbk6OPnkHcfnlGy37iqVemkzi36WQ3ZH0NujFGU-3CDJchqH6n7CJL_QlaeXkDeHV2ySkPy6UurLdpqMdFZjoIwXI5p2llORBwsU5awkAo_Yp3WoUUyG4PaJZTWQyk9lJmHsvDQ5dNG7HfiNKBRO0t4uurHNI65YH7SCX2fJukqynSmfQeu2EGqdpCamyjMTWzJuxNC_v4LpvwedrOG5R6sI-jxGpUgqCxBRQkqSVA5gqpX3-PKhra-z5UtWTCv4bxG9VC7jV16T7sNkRNQswPD65EsPrC3kLojw0Fm-VDPEmXum7Vzp69dv3Lu6nIYrSbrTli3Hq4HQ8r4SBfrwW5xQI7NXPc-u_M6tsS0EUQsThLOM9oJQ5b47YCtJizMWNwJkzBpw8oa0i6BWg8DOSGnf_gdhZyQF499Akb3YdU-UnkCtHwBtKpBN2sM8odO61w6qiRt9rcH4LpG4Y7CbXu76oA8f_jz73x4GyJ9dOpJdBhITY3C1Hhf_kiwoW4Pr-iKjK7oypKvLxVOduWAzrbiqqNOHPniLbFdacPPn7U7n59OZ8SsfXBNWHeB5lzmG5Z8eUZyLsyaNqkg3523NwS7XNrNM6XJy-LC5TfWzncLI6yVOh-Dygnx_jBI5YQc_2l6uPHR8nuQZgxT1uiWj8g8kBY3YYuFdqsJjFrwrPBQlfXQhGxxqCSBEgtMWQ37L8wW_dDQ2Wsq6117GxvGA3W3kHdr9EyNnqpB1Q5seWToCvPo1G9zGUx5Q6aMN2LKqLvPLLZy2miFLGp3Om2RtXkW8SiMeNLyRRLTpB0ncQvOTjbv_PztPwEAAP__vNF2jc8EAAA= HTTP/1.1
Host: praystakeinstinct.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Cookie: uid_id2=75a55be8-3122-4ac8-9e41-ab9b2ae03b85:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971197=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 1
Host: praystakeinstinct.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6b963a7eba324b9a7b6e5684dce56550
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET www.intelligenceadx.com/nlMq/Q/ujRespond.min.js
200 OK 42 kB URL GET HTTPS
www.intelligenceadx.com/nlMq/Q/ujRespond.min.js
IP / ASN
95.173.205.15
#60068 Datacamp Limited
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, ASCII text, with very long lines (1568)
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 42 kB (41946 bytes)
MD5 79bebd5b3506153dd5859bd5e727a0db
SHA1 42f4a9914cf0fe6803183ee4f2657e47ddfeca0c
SHA256 b862c766d9897bcf38b10ba602f1072ec736bc0711c0a81171d7c73f34535b0b
Certificate Info
Issuer Let's Encrypt
Subject 1868349309.rsc.cdn77.org
Fingerprint 02:22:4B:7B:42:E3:B6:94:B6:4A:88:29:CA:E2:14:3D:8A:34:A8:A7
Validity Wed, 25 Jun 2025 08:31:00 GMT - Tue, 23 Sep 2025 08:30:59 GMT
Technology Fingerprints
CDN77 (CDN) CDN77 is a content delivery network (CDN).
GET /nlMq/Q/ujRespond.min.js HTTP/1.1
Host: www.intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: application/x-javascript
popads-node: wb5
expires: Wed, 06 Aug 2025 18:33:15 GMT
access-control-allow-origin: https://toonitalia.xyz
link: <https://intelligenceadx.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwgBX63NDQFBDAG5TAoBAffFYQIADAGKxyXEAbeEAQAA
x-77-nzt-ray: 2a494a155dbc516dd9c88c68a1678515
x-77-cache: HIT
x-77-age: 156101
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: osloNO
X-Firefox-Spdy: h2
GET acscdn.com/script/atagv2.js
200 OK 105 kB URL GET HTTPS
acscdn.com/script/atagv2.js
IP / ASN
104.18.16.201
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
First Seen 2025-07-24
Last Seen 2025-08-02
Times Seen 28
Size 105 kB (104737 bytes)
MD5 b0d8cb499a5f3a03c0ac43d3f6b96cf0
SHA1 95149de3723f8ac070b4403ae58ca564c804013e
SHA256 6ed603ac883041bd8d7e1a7de2dd233ca6b78748b8b05af983cf3b2887b922f1
Certificate Info
Issuer Google Trust Services
Subject acscdn.com
Fingerprint 63:1A:7B:92:DA:D9:63:40:A3:A0:9C:C9:93:7F:79:CD:2E:FB:74:83
Validity Fri, 11 Jul 2025 17:47:20 GMT - Thu, 09 Oct 2025 18:47:00 GMT
Technology Fingerprints
Google Cloud Storage (Miscellaneous) Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.
Google Cloud (IaaS) Google Cloud is a suite of cloud computing services.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /script/atagv2.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Aug 2025 14:01:24 GMT
content-type: text/javascript
x-guploader-uploadid: ABgVH885_RNFrjf9_zHD-LRoWTvwUrrZ03j9ef8nJCkmOHdVqLVQx4MDoeAmwb9s0aIhaNs
expires: Fri, 01 Aug 2025 15:01:24 GMT
cache-control: public, max-age=3600
last-modified: Thu, 24 Jul 2025 07:10:49 GMT
etag: W/"b0d8cb499a5f3a03c0ac43d3f6b96cf0"
x-goog-generation: 1753341048967079
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 104737
x-goog-hash: crc32c=HMiIvg==, md5=sNjLSZpfOgPArEPT9rls8A==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1085
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 9685de08a83ab505-OSL
content-encoding: gzip
server-timing: cfExtPri
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTPS
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP / ASN
64.233.161.84
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject accounts.google.com
Fingerprint 9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2
Validity Mon, 07 Jul 2025 08:36:02 GMT - Mon, 29 Sep 2025 08:36:01 GMT
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:2_aaPl8Vj5XDhsp-Q_ONwRQ_8her0A:qS_cjGfnAohnakM0; Expires=Sun, 01-Aug-2027 14:01:25 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Aug 2025 14:01:25 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdBytiOy02rR4GnaKtzmJpaaruNUncijYZ2b4WdQJGtg23Qb0ugwtH3Wm_SCknlbLdHKzt6j8axn3Q
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-JlLVePb4z0IfSX3kTwQucg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET 4.adsco.re/
0 B IP / ASN
162.252.214.5
#53334 TUT-AS
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET 6.adsco.re:2087/
200 OK 45 B URL GET HTTPS
6.adsco.re:2087/
IP / ASN
104.17.167.186
#13335 CLOUDFLARENET
Requested by https://toonitalia.xyz/
Resource Info
File type ASCII text, with no line terminators
First Seen 2023-04-05
Last Seen 2025-08-04
Times Seen 15611
Size 45 B (45 bytes)
MD5 5b41cb22f84f645a103acc7bfbf084ff
SHA1 bac3967b26d5ec4a0d09a580714e8219796816bd
SHA256 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
Certificate Info
Issuer Sectigo Limited
Subject *.adsco.re
Fingerprint 3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
Validity Mon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET / HTTP/1.1
Host: 6.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:27 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://toonitalia.xyz
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 9685de18dd90b500-OSL
alt-svc: h3=":2087"; ma=86400
X-Firefox-Spdy: h2
POST iy6nmegcrggt.n4.adsco.re/
200 OK 0 B URL POST HTTPS
iy6nmegcrggt.n4.adsco.re/
IP / ASN
38.132.109.126
#9009 M247 Europe SRL
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject *.n4.adsco.re
Fingerprint E8:50:0E:37:80:04:3C:5C:59:CD:8C:24:F1:FE:D8:F1:FF:1A:B2:40
Validity Fri, 18 Jul 2025 09:54:44 GMT - Thu, 16 Oct 2025 09:54:43 GMT
POST / HTTP/1.1
Host: iy6nmegcrggt.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 01 Aug 2025 14:01:27 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
POST ntvpforever.com/keywords
200 OK 29 B URL POST HTTPS
ntvpforever.com/keywords
IP / ASN
167.235.163.216
#24940 Hetzner Online GmbH
Requested by https://toonitalia.xyz/
Resource Info
File type JSON text data
First Seen 2025-08-01
Last Seen 2025-08-01
Times Seen 1
Size 29 B (29 bytes)
MD5 dd3b000050fab14468de5919e91db47f
SHA1 cee8c3b741e6fe75f4414798a484e6f8a8ef1106
SHA256 095fe5f8a24c0c972bfce59de1ae0db8a9fefe97507b00b399d6e5e0e13f34e0
Certificate Info
Issuer Let's Encrypt
Subject inpage.infrapu.sh
Fingerprint 48:AE:73:C9:A8:E5:B5:9E:C6:92:02:16:78:6B:D4:29:9C:F8:AF:BA
Validity Fri, 27 Jun 2025 06:05:31 GMT - Thu, 25 Sep 2025 06:05:30 GMT
Technology Fingerprints
Nginx:1.20.1 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
POST /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 249
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 01 Aug 2025 14:01:28 GMT
content-type: application/json
content-length: 29
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
GET flushpersist.com/pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=13b499ddfa822b9061b79b2fb4829296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
200 OK 0 B URL GET HTTPS
flushpersist.com/pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=13b499ddfa822b9061b79b2fb4829296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP / ASN
192.243.61.227
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject flushpersist.com
Fingerprint 9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A
Validity Tue, 01 Jul 2025 15:12:33 GMT - Mon, 29 Sep 2025 15:12:32 GMT
Technology Fingerprints
Nginx:1.21.6 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
GET /pxf.gif?uuid=75a55be8-3122-4ac8-9e41-ab9b2ae03b85&eb=bff3d6bf6d16c0bb5e58232c1a99ef63&te=fe015aeda515c30449c87b1701cc307f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=13b499ddfa822b9061b79b2fb4829296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: flushpersist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Aug 2025 14:01:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: flushpersist.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f7af309bd956cac2c9dc31e02099f7ba
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=707
200 OK 0 B URL GET HTTPS
torchfriendlypay.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=707
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://toonitalia.xyz/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-04
Times Seen 5648445
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject torchfriendlypay.com
Fingerprint C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F
Validity Sat, 28 Jun 2025 22:31:57 GMT - Fri, 26 Sep 2025 22:31:56 GMT
Technology Fingerprints
Nginx:1.19.5 (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=707 HTTP/1.1
Host: torchfriendlypay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://toonitalia.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Aug 2025 14:01:29 GMT
Content-Length: 0
Connection: keep-alive
Host: torchfriendlypay.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET HTTPS
fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP / ASN
142.250.74.35
#15169 GOOGLE
Requested by https://toonitalia.xyz/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
First Seen 2025-01-08
Last Seen 2025-08-04
Times Seen 98966
Size 40 kB (40128 bytes)
MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD
Validity Mon, 07 Jul 2025 08:35:11 GMT - Mon, 29 Sep 2025 08:35:10 GMT
GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://toonitalia.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 31 Jul 2025 10:09:08 GMT
expires: Fri, 31 Jul 2026 10:09:08 GMT
cache-control: public, max-age=31536000
age: 100342
last-modified: Thu, 29 May 2025 23:30:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
