Report - dxuroa.xyz/mdt.php?ns=1&tt=796499f7c8062c30af92fd7917d8f0f8

Report Overview

Submitted URL
dxuroa.xyz/mdt.php?ns=1&tt=796499f7c8062c30af92fd7917d8f0f8
IP
192.64.147.150
ASN
#19867 VOODOO1
Submitted
2022-10-02 20:31:52
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	423 B	38 kB	34.120.5.221
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	13.227.219.20
dxuroa.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.5 kB	42 kB	192.64.147.150
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	665 B	69 kB	142.250.74.42
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	59 kB	142.250.74.164
afs.googleusercontent.com	12123	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	1.8 kB	142.250.74.33
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	13.227.219.5
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.43.61.95
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
partner.googleadservices.com	798	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	432 B	843 B	172.217.21.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed
2022-10-02	medium	dxuroa.xyz	Sinkholed

JavaScript (14)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js	94 kB	2023-03-07	2024-04-22
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:53 Last Seen2024-04-22 21:21:41 Times Seen16226 Hash 3576a6e73c9dccdbbc4a2cf8ff544ad7 06e872300088b9ba8a08427d28ed0efcdf9c6ff5 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Loading...

	dxuroa.xyz/cf.php	10 B	2023-03-07	2023-03-26
Pretty URL dxuroa.xyz/cf.php IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-03-26 01:44:19 Times Seen3 Hash b0d55e736351a32810903d2009530817 d58769ab282c677c013d2e8a28b2ce1e32e2ac83 52171161d968ad02252ab3dd858f17ff11075d50444b007e03eb5b64dc69d593 Loading...

	dxuroa.xyz/js/caf.js	7.9 kB	2023-03-07	2023-11-24
Pretty URL dxuroa.xyz/js/caf.js IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-11-24 05:09:18 Times Seen26 Hash 376826c0853519fc9765512c60c8a3ce 699d7b74effc88890c22be602b878a2bfa5994e4 5cd5a07b3182874ae2d7c446f05de7543680eb02d7c516cf3942395cd92f076d Loading...

	dxuroa.xyz/cf.php	2.2 kB	2023-03-08	2023-03-08
Pretty URL dxuroa.xyz/cf.php IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:30 Last Seen2023-03-08 04:47:30 Times Seen1 Hash 53af6785c3c04637bad8b13696e58cd9 9bf73b4c52ac698ec7050bab8b74b67a44362082 0ce45bb2cfdf73848e3fa47356f40a74a3d568055b772d49fc7a0df08229b90c Loading...

	dxuroa.xyz/cf.php	195 B	2023-03-07	2023-03-26
Pretty URL dxuroa.xyz/cf.php IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-03-26 01:44:19 Times Seen3 Hash 443befc9c02917f7b6b6930d12bdab50 f280b9a36286ea4123d1fcaa3ece8c49063f58ff 69d806e60fda1ffff512182ef7f299a456d940d351b335f443020408f68dfa22 Loading...

	dxuroa.xyz/cf.php	42 B	2023-03-07	2023-03-26
Pretty URL dxuroa.xyz/cf.php IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-03-26 01:44:19 Times Seen3 Hash 00d5d233c50e1d6d7611b350dd2bfc9b 39a031fa923a9ca482ab2b21bf461765053ee5dd 04c926993f541d674a49230f2e6e9ac1211e2ea34542028bd17b599d639604fd Loading...

	www.google.com/afs/ads/i/iframe.html	1.3 kB	2023-03-07	2023-04-05
Pretty URL www.google.com/afs/ads/i/iframe.html IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2023-04-05 02:11:22 Times Seen1911 Hash 53a557946308585635eb80aec5326b9e 544b125203bfbb516566a63c9ef3dc57e9c06df9 eff95f5e15f8aa8c8b8c0f3aaeedba0091c1ec9732d78b6594c9ceb26c8eff28 Loading...

	www.google.com/afs/ads?adtest=off&channel=000811&domain_name=dxuroa.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301063%2C17301066%2C17301094%2C17301097&format=r5%7Cr5&nocache=9631664742704863&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1664742704883&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=476880816&rurl=http%3A%2F%2Fdxuroa.xyz%2Fcf.php&referer=http%3A%2F%2Fdxuroa.xyz%2F%3Fexses%3D1%26dt%3D%26dm%3D%26ch%3D%26et%3D&adbw=slave-1-1%3A480%2Cmaster-1%3A480	3.8 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/afs/ads?adtest=off&channel=000811&domain_name=dxuroa.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301063%2C17301066%2C17301094%2C17301097&format=r5%7Cr5&nocache=9631664742704863&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1664742704883&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=476880816&rurl=http%3A%2F%2Fdxuroa.xyz%2Fcf.php&referer=http%3A%2F%2Fdxuroa.xyz%2F%3Fexses%3D1%26dt%3D%26dm%3D%26ch%3D%26et%3D&adbw=slave-1-1%3A480%2Cmaster-1%3A480 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:30 Last Seen2023-03-08 04:47:30 Times Seen1 Hash cf2664d03a69e566f87bbe5d36894d0e ed66f101d8e95d13ba4ce190f00b2c9b568fd2c9 d07210a8961feb622b055cd4f27ea963c7968a4f036091dfcd3b7b400ce223af Loading...

	dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=	220 B	2023-03-07	2023-03-26
Pretty URL dxuroa.xyz/?exses=1&dt=&dm=&ch=&et= IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-03-26 03:55:11 Times Seen4 Hash 40d608c93cbeffe028d9f906419ca946 2108040193cd8fbf075d9f4ae466858a80b58eb5 ce77932d48f0e8407c3e45da78f21635b7d0414a9f91fbe39fe1f0f7aaea27e1 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js	95 kB	2023-03-07	2024-04-23
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-23 04:27:01 Times Seen13735 Hash b8d64d0bc142b3f670cc0611b0aebcae abcd2ba13348f178b17141b445bc99f1917d47af 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:32 Last Seen2023-03-08 05:14:11 Times Seen1 Hash ec52b1679ab8603c6a5093dbbede3240 ef42880ab250164e5e7021b54a4ba30fc7945915 0e97072507cac26ad796e8bf5b6e5a9134e3b757f9292eb0ffb1ccb88eae7c90 Loading...

	dxuroa.xyz/js/coza-banner.js	1.2 kB	2023-03-07	2023-11-24
Pretty URL dxuroa.xyz/js/coza-banner.js IP 192.64.147.150 ASN #19867 VOODOO1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2023-11-24 05:09:18 Times Seen25 Hash bd9ab0f2a2f79f0ccb8d8d48e4cc9c4e edc2e937cc8b1523da8f1df3b1c2993d74dabf81 b33e6ee26b1c2734b574d9c03c61a73c8398021f7d20480283ec57763961d0b6 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-03-08	2023-03-08
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:07:45 Last Seen2023-03-08 07:19:45 Times Seen1 Hash e4d386004ac65319b638986a412e0cc3 6b1740f1ab97022134b906ad3ac19192df8c3ea4 9a4ee5ed572a4b44d43235c80ebe8a0545d1a0973f7f2d93e603b9f2c4c392d6 Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=dxuroa.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie	187 B	2023-03-08	2023-03-08
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=dxuroa.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie IP 172.217.21.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:30 Last Seen2023-03-08 04:47:30 Times Seen1 Hash 8528287287f421c86d23da0da941ef4c e2a423e966ac0f141ea9c14c75283b3633c60849 ba01ca8779e2abf546316f1e4c8dc619c894156fd4b6a8cc5c1d4c04d36202c8 Loading...

HTTP Transactions (52)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3825
Expires: Sun, 02 Oct 2022 21:35:26 GMT
Date: Sun, 02 Oct 2022 20:31:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8cfbe56ba441e20a2a26e3bb14052756
448dba0520357156b5c7377ed63327992e254f42
967b310bb60acdbb06064a3cf9c7615745aaecab58818cf5ff156afd23482a88

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "967B310BB60ACDBB06064A3CF9C7615745AAECAB58818CF5FF156AFD23482A88"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2784
Expires: Sun, 02 Oct 2022 21:18:05 GMT
Date: Sun, 02 Oct 2022 20:31:41 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

37 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (36899 bytes)
Hash
dde5e181a859b3dbfc4e7863cb29b29b
d13f78b4f752637e1c09e1b99165f7f264b33f96
a2e8d23f7f1ed08c71a523ca22930e735e25ed2a5be3f6b9e6050a21c48c3563

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 2FAOe4aFk5mdO_0QMJZO3oiQzmFm-P6-tWUT-aJ9mft5EnVZi53bmw==
content-encoding: gzip
via: 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 20:24:15 GMT
content-type: application/json
content-length: 36899
age: 446
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

13.227.219.5

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
13.227.219.5:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 2b298af2bb6f21ab0dee9e764d8bcb28.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: 9XQXqfL2T_MdtcZi7U9kUgWukX4ym2ECcRkCR9V08iiF_RI3wN7egQ==
age: 54194
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

13.227.219.20

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
13.227.219.20:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 20:16:50 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 acf9ad664f94bee3e3cf93077b65edea.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: 58xkEqTy8zBjQg4RIzOEFu45clTuOUcHcP87asV5ItYWZXv4rewlSQ==
Age: 891

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 20:31:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

13.227.219.20

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
13.227.219.20:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 20:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 20:57:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 b8eaad25e4131c15c21d3d50aac2684c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: mbQ7mKIt3bHQ7iEzBS3PrAcKxc99cMDksGZaQhIyuoZDiDIu1iKc6Q==
Age: 129

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5993
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:42 GMT
Last-Modified: Sun, 02 Oct 2022 18:51:49 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.61.95

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.61.95:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sTDoY8xb2zkdJ6U7rI7hRA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Id6Cidh6xWeFZ4g8X7WAfXIrXbw=

dxuroa.xyz/mdt.php?ns=1&tt=796499f7c8062c30af92fd7917d8f0f8

192.64.147.150

302 Found

20 B

URL HTTP/1.1
dxuroa.xyz/mdt.php?ns=1&tt=796499f7c8062c30af92fd7917d8f0f8
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /mdt.php?ns=1&tt=796499f7c8062c30af92fd7917d8f0f8 HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2022 20:31:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Location: http://dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8

dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=

192.64.147.150

200 OK

498 B

URL HTTP/1.1
dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
498 B (498 bytes)
Hash
d6f8c7cde7faf5a2141b7ed587bde808
5e8bef962c1c526e988a4291a6ade3c1ca10f9c9
ddd6353ac3ae583259fe1faa1b5e665288e068aa1e49f7bb62cbaea883915381

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?exses=1&dt=&dm=&ch=&et= HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:43 GMT
Server: Apache
X-Powered-By: PHP/5.3.8
Set-Cookie: session=cf3bace2a6fd08895045ca8147ec811f; expires=Sun, 02-Oct-2022 21:01:43 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 498
Connection: close
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2302
Expires: Sun, 02 Oct 2022 21:10:06 GMT
Date: Sun, 02 Oct 2022 20:31:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2302
Expires: Sun, 02 Oct 2022 21:10:06 GMT
Date: Sun, 02 Oct 2022 20:31:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2302
Expires: Sun, 02 Oct 2022 21:10:06 GMT
Date: Sun, 02 Oct 2022 20:31:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2302
Expires: Sun, 02 Oct 2022 21:10:06 GMT
Date: Sun, 02 Oct 2022 20:31:44 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11083 bytes)
Hash
edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 81489
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9340 bytes)
Hash
6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 81861
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8602 bytes)
Hash
94d82ad8d70761f6ee1384b4183335f3
5d3389a965cfa45dab2202d89b40264368674e8a
ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:38 GMT
age: 81486
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4987 bytes)
Hash
463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:45 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 81419
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6315 bytes)
Hash
206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 57005
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
11f2e40823827b62bca89d18ee279cb2
fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38
c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: e83a86d3-f5ab-4645-92df-4b2da3d4afa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDgmFdlIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2d0-48c3fa150800475c790b95bd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: f1aqkuvCub_vq9gBDgA4VL8hNf16FXzXhQjSHC1yDLISm85uOqJF9w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:50 GMT
etag: "fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38"
content-type: image/jpeg
age: 81414
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
165b2dbf56e36edf32811cc7eea70f58
f9e101da2c4f0f6dcca9cb9d0b36a7b77ef3114e
fcd8956f2d96a85e696ee4ba5eb8d575ad3319bc84c543188f3997ea1079c4e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

142.250.74.42

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65483)
Size
34 kB (33593 bytes)
Hash
a54a444f20643b131117dc2112cca05f
074964746b12ff1d30f7656310d6154ae1cc98b5
aa3ca8485dd777d4d880b38c1cf3bc2fc290d28a79ba3e3e43cba1f653132830

HTTP Headers

GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dxuroa.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33593
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 09:37:50 GMT
expires: Sun, 01 Oct 2023 09:37:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 125634
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
165b2dbf56e36edf32811cc7eea70f58
f9e101da2c4f0f6dcca9cb9d0b36a7b77ef3114e
fcd8956f2d96a85e696ee4ba5eb8d575ad3319bc84c543188f3997ea1079c4e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dxuroa.xyz/favicon.ico

192.64.147.150

200 OK

356 B

URL HTTP/1.1
dxuroa.xyz/favicon.ico
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
356 B (356 bytes)
Hash
ed968d3582f43c1c0cd0b48a2287db8d
6dea034f724c7877365c03fb9f26ba7c56d1f99f
9a1195edbd318280e3a97d9994abb118df533a67434ce68b19f3d8990bea62ac

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:59:02 GMT
ETag: "47e-58ccb745c2980"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 356
Connection: close
Content-Type: text/plain; charset=UTF-8

dxuroa.xyz/bh.php?dm=dxuroa.xyz&kw=&tt=cf3bace2a6fd08895045ca8147ec811f&ty=false

192.64.147.150

200 OK

316 B

URL HTTP/1.1
dxuroa.xyz/bh.php?dm=dxuroa.xyz&kw=&tt=cf3bace2a6fd08895045ca8147ec811f&ty=false
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
316 B (316 bytes)
Hash
9439a69b18fde5630bf4e8a339637681
0414d2f1bccb0635e5d85243b1d70a7c2b9552b0
b7f670f4397c253d3aa3b4a3581030bb812d671d354566fc2aed66f903fe8921

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bh.php?dm=dxuroa.xyz&kw=&tt=cf3bace2a6fd08895045ca8147ec811f&ty=false HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=
Cookie: session=cf3bace2a6fd08895045ca8147ec811f
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 316
Connection: close
Content-Type: text/html; charset=UTF-8

dxuroa.xyz/cf.php

192.64.147.150

200 OK

2.2 kB

URL HTTP/1.1
dxuroa.xyz/cf.php
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (672)
Size
2.2 kB (2150 bytes)
Hash
a5b58b6221f55c2e7653a54d5b9ced07
558c1f4e3ee350b6f41a8f35907b8f17dc3bb159
ab98a4e35f1ae235ca9df92f9b1bcf90c2a55394aa95a6061f5ea9a455de3b0a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cf.php HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/?exses=1&dt=&dm=&ch=&et=
Cookie: session=cf3bace2a6fd08895045ca8147ec811f
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Set-Cookie: session=cf3bace2a6fd08895045ca8147ec811f; expires=Sun, 02-Oct-2022 21:01:44 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 2150
Connection: close
Content-Type: text/html; charset=UTF-8

ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

142.250.74.42

200 OK

34 kB

URL HTTP/1.1
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
34 kB (33845 bytes)
Hash
d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

HTTP Headers

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33845
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 01 Oct 2022 18:54:48 GMT
Expires: Sun, 01 Oct 2023 18:54:48 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 92216

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1885)
Size
54 kB (53830 bytes)
Hash
feab1629b3042ddbed055aef3d0f2ef9
0378e58efeb8e28145504014dc7203cf68428c5c
610ceafd499b48d306216e416db458962ea41caa8d799f38afb04974298b3162

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 02 Oct 2022 20:31:44 GMT
Expires: Sun, 02 Oct 2022 20:31:44 GMT
Cache-Control: private, max-age=3600
ETag: "17437533527054605513"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

dxuroa.xyz/js/caf.js

192.64.147.150

200 OK

2.5 kB

URL HTTP/1.1
dxuroa.xyz/js/caf.js
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text, with very long lines (390)
Size
2.5 kB (2533 bytes)
Hash
ce7bc6f83cf88ebd335559b06fb57cb2
d4798a6dd0641788c6d74bf26ced526a4024f359
002da0bcf2d07e07651107f65a306545939cc68d0024a9e33864224c1659f4dd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/caf.js HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 2533
Connection: close
Content-Type: text/html; charset=UTF-8

dxuroa.xyz/js/coza-banner.js

192.64.147.150

200 OK

675 B

URL HTTP/1.1
dxuroa.xyz/js/coza-banner.js
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text
Size
675 B (675 bytes)
Hash
a56c7279200906bac46672855a3b9036
132de8c49ba8409838cae874cb926e53dd91a7ca
a223be35e81d35a6d7875aa69fe742a3be1d6040d6bf8efec9086304918047a5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/coza-banner.js HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 675
Connection: close
Content-Type: text/html; charset=UTF-8

dxuroa.xyz/min/?b=css&f=v2_style_1.css

192.64.147.150

200 OK

4.0 kB

URL HTTP/1.1
dxuroa.xyz/min/?b=css&f=v2_style_1.css
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text, with very long lines (1981)
Size
4.0 kB (3954 bytes)
Hash
393e28948cab28549aa1f5fd89ab5630
66ab74fa60c1d2e988e019861b6063d4e33c5fda
85b3854e22afa6a2be53e0df18127577a6c5e7be4ac1a39999029b1191aff47a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /min/?b=css&f=v2_style_1.css HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.8
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Last-Modified: Wed, 03 Jul 2019 18:59:02 GMT
ETag: "pub1562180342;gz"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Content-Length: 3954
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Connection: close
Content-Type: text/css; charset=utf-8

dxuroa.xyz/style/master.css

192.64.147.150

200 OK

1.4 kB

URL HTTP/1.1
dxuroa.xyz/style/master.css
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text
Size
1.4 kB (1413 bytes)
Hash
bd89b7f89176d4c65f83923c0b0b99b9
556f3a43275b73b959337651ee258a8434c6d82f
37808f7d3175111a33705adefe262cd7d8bcec2998d5c86eab3e4587e0be2db9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /style/master.css HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 1413
Connection: close
Content-Type: text/css

dxuroa.xyz/style/960.css

192.64.147.150

200 OK

893 B

URL HTTP/1.1
dxuroa.xyz/style/960.css
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text
Size
893 B (893 bytes)
Hash
346d6aca736954ff788a959994b17538
a49a2a023cf3adf5ae3dfd57ce30612e6a1a1d5b
67e610e390ea004ad5d363f00ace0cd1af6aaf27dd937b6854bd5c17c152a4ca

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /style/960.css HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 893
Connection: close
Content-Type: text/css

dxuroa.xyz/style/reset.css

192.64.147.150

200 OK

403 B

URL HTTP/1.1
dxuroa.xyz/style/reset.css
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
ASCII text, with very long lines (368)
Size
403 B (403 bytes)
Hash
12a447ecb12d9820586e1ba1ff049caa
4dbc0ac1cb24dac51bac08a23b967c69ad6f1dea
91b9fd5f2b675cbf07aec75181f14b010eabab61194c923431c2753786dc9034

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /style/reset.css HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/style/master.css
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Content-Length: 403
Connection: close
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
53aa134dc3b33b709b6ccf39e549055f
2e85a28ef73d7c403ad693fc8602e95fe3d803f3
877de7cadd4fc848afaac488f89ed987929505b563a03eb79e4e9d8fa0b41a0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
53aa134dc3b33b709b6ccf39e549055f
2e85a28ef73d7c403ad693fc8602e95fe3d803f3
877de7cadd4fc848afaac488f89ed987929505b563a03eb79e4e9d8fa0b41a0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads/i/iframe.html

142.250.74.164

200 OK

729 B

URL HTTP/2
www.google.com/afs/ads/i/iframe.html
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1559)
Size
729 B (729 bytes)
Hash
0c9279fbfa89c4367cc8af36b89f7d8d
e2ea7145ad8681007081a1bc4d520c069c475145
b2ece215ff65121b416621fc77a707f8b7b8bfaa5e2b7c94928e3706353ba948

HTTP Headers

GET /afs/ads/i/iframe.html HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dxuroa.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-jpxb4CRsUQRtP_A8txKu5A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 729
date: Sun, 02 Oct 2022 20:31:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 18 Oct 2021 14:30:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c665d81a8995febfec300bd9f554c90
aa3599f282cff5e07d5681ec4854b70a82590f6d
57cd30b987eb23f54208b51c04daefd3657fdd84325f4035817b32e4ad5b5461

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/afs/ads?adtest=off&channel=000811&domain_name=dxuroa.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301063%2C17301066%2C17301094%2C17301097&format=r5%7Cr5&nocache=9631664742704863&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1664742704883&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=476880816&rurl=http%3A%2F%2Fdxuroa.xyz%2Fcf.php&referer=http%3A%2F%2Fdxuroa.xyz%2F%3Fexses%3D1%26dt%3D%26dm%3D%26ch%3D%26et%3D&adbw=slave-1-1%3A480%2Cmaster-1%3A480

142.250.74.164

200 OK

1.6 kB

URL HTTP/2
www.google.com/afs/ads?adtest=off&channel=000811&domain_name=dxuroa.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301063%2C17301066%2C17301094%2C17301097&format=r5%7Cr5&nocache=9631664742704863&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1664742704883&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=476880816&rurl=http%3A%2F%2Fdxuroa.xyz%2Fcf.php&referer=http%3A%2F%2Fdxuroa.xyz%2F%3Fexses%3D1%26dt%3D%26dm%3D%26ch%3D%26et%3D&adbw=slave-1-1%3A480%2Cmaster-1%3A480
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3663)
Size
1.6 kB (1603 bytes)
Hash
faf1319ab826720a6ae709beb049fdc1
a746837b9bd27e3d0b1e120bd35e66e0663eb4c8
014879143b8661d4bcf4f13322a69ab9afb6e42ad1476e822ab279c2b20a0947

HTTP Headers

GET /afs/ads?adtest=off&channel=000811&domain_name=dxuroa.xyz&client=dp-voodoo02&r=m&hl=no&max_radlink_len=32&type=3&uiopt=false&swp=as-drid-oo-1789003080427502&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301063%2C17301066%2C17301094%2C17301097&format=r5%7Cr5&nocache=9631664742704863&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1664742704883&u_w=1280&u_h=1024&biw=1280&bih=939&isw=1280&ish=939&psw=1280&psh=939&frm=1&uio=--&cont=related-1%7Crelated-2&jsid=caf&jsv=476880816&rurl=http%3A%2F%2Fdxuroa.xyz%2Fcf.php&referer=http%3A%2F%2Fdxuroa.xyz%2F%3Fexses%3D1%26dt%3D%26dm%3D%26ch%3D%26et%3D&adbw=slave-1-1%3A480%2Cmaster-1%3A480 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dxuroa.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 02 Oct 2022 20:31:45 GMT
expires: Sun, 02 Oct 2022 20:31:45 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 1603
x-xss-protection: 0
set-cookie: CONSENT=PENDING+074; expires=Tue, 01-Oct-2024 20:31:45 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

dxuroa.xyz/images/rightcap_springmorning_01.png

192.64.147.150

200 OK

1.3 kB

URL HTTP/1.1
dxuroa.xyz/images/rightcap_springmorning_01.png
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
PNG image data, 225 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1266 bytes)
Hash
b35ccb04db6693c14ac837746268c4f3
e4384880780abdaa6a5e96908204eab4e70154d5
c333e024cc6959c5182ea935d17df6a8186152e0270f024b1f20eb4a8f758968

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/rightcap_springmorning_01.png HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "4f2-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 1266
Cache-Control: max-age=2592000, public
Expires: Tue, 01 Nov 2022 20:31:45 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png

dxuroa.xyz/images/footer_slice_gradient.png

192.64.147.150

200 OK

221 B

URL HTTP/1.1
dxuroa.xyz/images/footer_slice_gradient.png
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
221 B (221 bytes)
Hash
4257f88a35d8650d4debafd3d2761a4b
3e8b2105c630407eaada05f290676f6fcaa5830c
e0ea43a448c963c42f1dd0bc3b2a79149bd7f91c27d525d9e250c28b11130b4f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/footer_slice_gradient.png HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "dd-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 221
Cache-Control: max-age=2592000, public
Expires: Tue, 01 Nov 2022 20:31:45 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png

dxuroa.xyz/images/bg_springmorning_01.png

192.64.147.150

200 OK

266 B

URL HTTP/1.1
dxuroa.xyz/images/bg_springmorning_01.png
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
PNG image data, 31 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
266 B (266 bytes)
Hash
f86977b7c2448a5aa4f1677c07fd2ebe
f38b629fa7078a5489feb8927bea29b63d63b7e8
a1ae809a918fdea575225aee27bf10e06f5cc67e6c407c51715a9cf68b565bec

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/bg_springmorning_01.png HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "10a-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 266
Cache-Control: max-age=2592000, public
Expires: Tue, 01 Nov 2022 20:31:45 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png

dxuroa.xyz/images/leftcap_springmorning_01.png

192.64.147.150

200 OK

1.2 kB

URL HTTP/1.1
dxuroa.xyz/images/leftcap_springmorning_01.png
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
PNG image data, 225 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1207 bytes)
Hash
01512b64e57a9e8e4b403bb47de6c1f1
5bd1475107e272d814c8342cbc97e6ca0161a57a
da0e73c09f0684527231269ab3606667838e0769e209a0e49e2f79de265dcbb2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/leftcap_springmorning_01.png HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/min/?b=css&f=v2_style_1.css
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache
Last-Modified: Wed, 03 Jul 2019 18:58:59 GMT
ETag: "4b7-58ccb742e62c0"
Accept-Ranges: bytes
Content-Length: 1207
Cache-Control: max-age=2592000, public
Expires: Tue, 01 Nov 2022 20:31:45 GMT
P3P: CP="CAO PSA OUR"
Connection: close
Content-Type: image/png

dxuroa.xyz/photos/750_150/cats.jpg

192.64.147.150

200 OK

19 kB

URL HTTP/1.1
dxuroa.xyz/photos/750_150/cats.jpg
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 750x150, components 3\012- data
Size
19 kB (19297 bytes)
Hash
078b7e0aee281cf92ff1420a63c6a6c3
83dfa5c413b2a6a3e9d31ccaf9f6f0433cf80b23
074994de2536b52111929c376a14439c6fbbb64be623b26ee1ea2dd30e892aa8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /photos/750_150/cats.jpg HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 19297
Connection: close
Content-Type: image/jpeg

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c13a9bf4003891ab621ca04b258f9880
8b0fb77ebf4d31235c62a8f10b1b8e4b4f77ad77
eb06a3da143e66c58a0e707ecd9b2b0818adc44b0f4e5244ac62545be8db4dd2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/dp-voodoo/bullet_doublearrow_orange.png

142.250.74.33

200 OK

896 B

URL HTTP/2
afs.googleusercontent.com/dp-voodoo/bullet_doublearrow_orange.png
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
896 B (896 bytes)
Hash
e92477c9562eb277fc583be65482872c
31d7013b359d20bdb459220f0b2eeab93c9d34a1
f51944cc7f8309ad0b375720813c3f17969701741b6315583b1d3faddedf482c

HTTP Headers

GET /dp-voodoo/bullet_doublearrow_orange.png HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 06:59:23 GMT
expires: Mon, 03 Oct 2022 05:59:23 GMT
cache-control: public, max-age=82800
age: 48742
last-modified: Wed, 10 Apr 2013 22:28:15 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b8bbcf8d1aa0bb18cc23dea324f56b77
6ed68a9b076fb1abd3c435ffc89a3ca8633e1a54
fe44bf96466d2c41c6c1efba56e6e2a29b98e1e33ebaabf18d95ef5901acfee2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

partner.googleadservices.com/gampad/cookie.js?domain=dxuroa.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie

172.217.21.162

200 OK

180 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=dxuroa.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
180 B (180 bytes)
Hash
6bb88634e8de4c100cae87df3d37ac53
9f056c4ec9427130918074df42a9d47a8afee21d
baab7f5adf6f09b4086b2d9045f46c7920418b7577dbb8e04a8e5a4fc9da3712

HTTP Headers

GET /gampad/cookie.js?domain=dxuroa.xyz&client=dp-voodoo02&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dxuroa.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 02 Oct 2022 20:31:45 GMT
server: cafe
cache-control: private
content-length: 180
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c13a9bf4003891ab621ca04b258f9880
8b0fb77ebf4d31235c62a8f10b1b8e4b4f77ad77
eb06a3da143e66c58a0e707ecd9b2b0818adc44b0f4e5244ac62545be8db4dd2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b8bbcf8d1aa0bb18cc23dea324f56b77
6ed68a9b076fb1abd3c435ffc89a3ca8633e1a54
fe44bf96466d2c41c6c1efba56e6e2a29b98e1e33ebaabf18d95ef5901acfee2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dxuroa.xyz/status.php?domain=dxuroa.xyz&trackingtoken=cf3bace2a6fd08895045ca8147ec811f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer=

192.64.147.150

200 OK

20 B

URL HTTP/1.1
dxuroa.xyz/status.php?domain=dxuroa.xyz&trackingtoken=cf3bace2a6fd08895045ca8147ec811f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer=
IP
192.64.147.150:0
ASN
#19867 VOODOO1

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /status.php?domain=dxuroa.xyz&trackingtoken=cf3bace2a6fd08895045ca8147ec811f&status=caf&u_his=1&u_h=1024&u_w=1280&d_h=939&d_w=1280&u_top=0&u_left=0&http_referrer= HTTP/1.1
Host: dxuroa.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dxuroa.xyz/cf.php
Cookie: session=cf3bace2a6fd08895045ca8147ec811f
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:31:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Set-Cookie: session=cf3bace2a6fd08895045ca8147ec811f; expires=Sun, 02-Oct-2022 21:01:45 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations