Report - transfigurationretreat.org/

Report Overview

Submitted URL
transfigurationretreat.org/
IP
119.18.54.32
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2022-10-25 04:48:05
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
74

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	758 B	2.8 kB	143.204.55.36
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.6 kB	4.4 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401 B	5.8 kB	34.160.144.191
www.htrcretreat.com	unknown			19 kB	2.8 MB	119.18.54.32
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-10T08:04:05Z	384 B	28 kB	104.17.25.14
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	1.3 kB	12 kB	142.250.74.10
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	58 kB	34.120.237.76
transfigurationretreat.org	unknown			346 B	632 B	119.18.54.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	987 B	2.0 kB	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594 B	127 B	35.162.35.244
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	2.3 kB	4.9 kB	142.250.74.35
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T13:37:03Z	2.9 kB	56 kB	216.58.207.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-25	medium	transfigurationretreat.org	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed
2022-10-25	medium	htrcretreat.com	Sinkholed

JavaScript (10)

	URL	Size	First Seen	Last Seen
	www.htrcretreat.com/	90 B	2023-03-10	2023-11-27
Pretty URL www.htrcretreat.com/ IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:49 Last Seen2023-11-27 10:52:29 Times Seen5 Hash 74f54a429a7401d1ee9dcaf194559bb6 c8797db41a491e00c058e8616da3b5fe2a8a9c8f 38802fdba1a01343727aeb42da2979675a9c2a1df6bc0d7742860571c461a3be Loading...

	www.htrcretreat.com/	157 B	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/ IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:34:07 Last Seen2023-03-10 15:07:21 Times Seen1 Hash 49b118152957aa2ccf6465adb3e5568d e0f9c968fd0a7accbaf46a8c8925ecb5e2fd1580 19ad7f8bed9e6a41c2af39d6745324338df78a78b1126fc4adfa1d077eb3d4e2 Loading...

	www.htrcretreat.com/	221 B	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/ IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:56 Last Seen2023-03-10 14:40:56 Times Seen1 Hash 54a01cabfd48cd6068f8aae4c38eb249 105813f5c236aeb70294579fd7baeb9d9d7bd815 c65d10fa04907a1a6b389555379f41df17aab7ee3fe295c17b004781096fa427 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-26 22:55:05 Times Seen263984 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	www.htrcretreat.com/assets/users/js/simple-lightbox.js?v2.2.1	64 kB	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/assets/users/js/simple-lightbox.js?v2.2.1 IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:56 Last Seen2023-03-10 14:40:56 Times Seen1 Hash 6452ef7da0893e84858cc8e13014cc5e 20aaca5334a4c1dfc4f0562acb10b727549173e7 cb8d8777653876c75976292b341a3a6c2e67159e934f535eff7a0f0021b9e265 Loading...

	www.htrcretreat.com/assets/users/js/tiny-slider.js	88 kB	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/assets/users/js/tiny-slider.js IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:56 Last Seen2023-03-10 16:14:13 Times Seen1 Hash 9de7f4fd51697d9b84c373fadb8bcbb6 897cc4d4e3fa5933374f878c5f4d72e15d068e5f 291df2d9d42d799c609a371d9c944fb58648490f139281fa08aad2955f7df4c4 Loading...

	www.htrcretreat.com/assets/users/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-26
Pretty URL www.htrcretreat.com/assets/users/js/bootstrap.min.js IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-26 23:04:30 Times Seen19716 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	www.htrcretreat.com/assets/users/js/options.js	1.3 kB	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/assets/users/js/options.js IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:56 Last Seen2023-03-10 14:40:56 Times Seen1 Hash cac237018221bb44e3b55739d44c8251 1f3d44e226bf0eecaf489c8120feaa92b452f6a5 4d102cc06781e51d0862d3d614ad62315feb846c6895b7e94f41680a49bea518 Loading...

	www.htrcretreat.com/assets/users/js/touchSwipe.min.js	20 kB	2023-03-10	2024-01-29
Pretty URL www.htrcretreat.com/assets/users/js/touchSwipe.min.js IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:49 Last Seen2024-01-29 14:26:47 Times Seen3 Hash 843fb5a095ccc34ac22a8d9a440d9558 3a8a83c297ec0de436346407ed5b09432365bd61 43d6d2cb00c653f37d37540341bcc085bdc31d67039228e37c3f38cb12f3c4fb Loading...

	www.htrcretreat.com/assets/users/js/themeScript.js	6.1 kB	2023-03-10	2023-03-10
Pretty URL www.htrcretreat.com/assets/users/js/themeScript.js IP 119.18.54.32 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:40:56 Last Seen2023-03-10 16:14:13 Times Seen1 Hash 01efe55cb4fafa6fb6712d5e065563a8 d89f64e499f56ff3adfec1bffaaffb7c001e16d9 8b7b5c1503f658a861f8e9f7063b8df40f9302da835c091c99dc7708d33d4433 Loading...

HTTP Transactions (73)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
cd8d0809aa5948f2a6ee41d2158861af
098cd24ac587cdc70137af412678526de4d43969
88e6741d6bf076bf7132c7cf98456702cc775476095aafd839888edff52fb03e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 03:53:05 GMT
Expires: Tue, 25 Oct 2022 04:32:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D6lXYmwuudIJUu8a9gBL6GknC-A7QPcEVq35WpGCJ-ltrUkNV6E3tA==
Age: 3289

transfigurationretreat.org/

119.18.54.32

200 OK

320 B

URL HTTP/1.1
transfigurationretreat.org/
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
320 B (320 bytes)
Hash
5cf81ecb23564779d1763ed442b115c3
f83efb6c1af9141a623417cf105ff6af8c02530f
f97cb542ca399cd4879330a53a9f9c373012dfd8ea5961a022ef81d97461ff74

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: transfigurationretreat.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 04:47:59 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 11 Jul 2022 04:24:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 320
Keep-Alive: timeout=5, max=75
Content-Type: text/html

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3537658770790ad6cf0d727f0c0acd2
8365cadda05ef27b2ebd627d545e31886b512bde
df992311f130f15459739841de925c7eec2604d5a68ca6b2a67b6dc8d229212c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12012
Expires: Tue, 25 Oct 2022 08:08:06 GMT
Date: Tue, 25 Oct 2022 04:47:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7077
Expires: Tue, 25 Oct 2022 06:45:51 GMT
Date: Tue, 25 Oct 2022 04:47:54 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: z8dkSsj7oK+k1cCUF/ByClGP4wv1ZzH20gAzKpLn8Ykom+lOModc6XR69xtx3+81infubEMtQUs=
x-amz-request-id: E6N7S7GEN6NPP9JS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 04:08:47 GMT
age: 2347
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 04:47:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 25 Oct 2022 04:33:32 GMT
Expires: Tue, 25 Oct 2022 05:03:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oTQkgmvRR7Bkd_DcZ_mmIQlBwzw1AOytLBiF0rQZxxbn-I5GPfdTjA==
Age: 862

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7c6fdc8e76ef5875b5c965ade2df503e
45d548aa2a9d7ede163743274790700878eaea62
d2ff6eacd48af4892a2642e5d7bb925ca683062139f5a5cb4047f6f706830618

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2787
Cache-Control: max-age=101117
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:55 GMT
Etag: "63564795-1d7"
Expires: Wed, 26 Oct 2022 08:53:12 GMT
Last-Modified: Mon, 24 Oct 2022 08:06:45 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0951a493b7f96ffd0cf6ab08c18ac195
eef03b83e3554751fcba63e9950c1db8268cce2b
e4a855cd34c3f2985006c8cd8819bcd5fe9e38d17d787c75d37a06e66f2aa337

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4A855CD34C3F2985006C8CD8819BCD5FE9E38D17D787C75D37A06E66F2AA337"
Last-Modified: Tue, 25 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 25 Oct 2022 10:47:55 GMT
Date: Tue, 25 Oct 2022 04:47:55 GMT
Connection: keep-alive

push.services.mozilla.com/

35.162.35.244

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.35.244:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XdXVVxIHnfyv9X1FoD+1OQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rMPkaCpkRmHrnZeIbUMe6FZj9w4=

www.htrcretreat.com/

119.18.54.32

200 OK

6.7 kB

URL HTTP/2
www.htrcretreat.com/
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (640), with CRLF, LF line terminators
Size
6.7 kB (6662 bytes)
Hash
d40c03dc7dda8ac8b782f052e6076aa7
0e3ccaaab0e45dbf907a6b7a96d82d75ab1b0228
f77809ef71fa87ad031c38f2ac1539201d9400f8a61bd5d6a806f7e4b9008fac

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; expires=Tue, 25-Oct-2022 06:48:00 GMT; Max-Age=7200; path=/
ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1; expires=Tue, 25-Oct-2022 06:48:00 GMT; Max-Age=7200; path=/; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
content-length: 6662
content-type: text/html; charset=UTF-8
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
6f8923631d6f6f443fb0cb48eb719ad3
dc3cd4693ab796392aa172ad765d422091283f5d
6333ac05f2b0fead32009387e072e7a59b4f380cbf7a382f44b0d5137e9e2bb8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5659
Cache-Control: max-age=144684
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:55 GMT
Etag: "6356e68c-117"
Expires: Wed, 26 Oct 2022 20:59:19 GMT
Last-Modified: Mon, 24 Oct 2022 19:25:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

104.17.25.14

200 OK

27 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32030)
Size
27 kB (27192 bytes)
Hash
92a5ff32a622bce0ca55d5644bdd4076
ad3c2861d6216aaf07b6ba1a0eb3b1a4eaa1ae91
1811f05ec81d0f3d900617e8760efb623e1a0f5ca0e8e424124181581653dbf5

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 25 Oct 2022 04:47:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 27192
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-152b5"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 11853633
expires: Sun, 15 Oct 2023 04:47:55 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75f851259dda1bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
6f8923631d6f6f443fb0cb48eb719ad3
dc3cd4693ab796392aa172ad765d422091283f5d
6333ac05f2b0fead32009387e072e7a59b4f380cbf7a382f44b0d5137e9e2bb8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5659
Cache-Control: max-age=144684
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:55 GMT
Etag: "6356e68c-117"
Expires: Wed, 26 Oct 2022 20:59:19 GMT
Last-Modified: Mon, 24 Oct 2022 19:25:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

www.htrcretreat.com/assets/users/css/tiny-slider.css

119.18.54.32

200 OK

1.1 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/tiny-slider.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.1 kB (1113 bytes)
Hash
caf91390f77a1e9ffb0774750a19953f
7f0336defd70830241b883ec08dc679f3d674f96
8306b05860485fcd1d7d3ca94a80adbd18e1e43700cf19dbeb7485a5196d32a8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/tiny-slider.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:10:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1113
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/responsive.css

119.18.54.32

200 OK

1.3 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/responsive.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1260 bytes)
Hash
4a8c80efaea8f456651d49923222d47c
254d8ae64354c086e10e99606da3ed4cc515adbe
7e60a7066febb8c591ad1c8252ef4414de5fcc368d7fa78604b5f5ddd04a0c3b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/responsive.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:10:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1260
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/simple-lightbox.css?v2.2.1

119.18.54.32

200 OK

1.3 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/simple-lightbox.css?v2.2.1
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text
Size
1.3 kB (1299 bytes)
Hash
e710db5c44d997803d89ed82ebf09335
78df582e63eb4df7618059e268f3905ea8f51fac
743df77d7d16e644d002eb08713f14a8f79d707eb649c8650583a757245dad52

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/simple-lightbox.css?v2.2.1 HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:10:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1299
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/css-animation.css

119.18.54.32

200 OK

5.0 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/css-animation.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (52592), with no line terminators
Size
5.0 kB (4963 bytes)
Hash
d6a73204fd996bc526ffd7d74d3c86a9
80066fc8ece6eae829d6d171c60b0dfcf67280a6
13abae9d5d6da86bbdaee53bee74659b3151c34eb6db4b73c3d10fc20f1f4935

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/css-animation.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:10:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4963
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/style.css

119.18.54.32

200 OK

15 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/style.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text
Size
15 kB (14847 bytes)
Hash
f5dd7979cfe8123adb92188f7b6a9479
ade9a5d952fbe4f5678ea69cc17296574a9e7548
0af93c1facbd2e66da7a3060b90fae9fa6c77046f04902d196a9343c01cd9d95

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/style.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 31 May 2022 11:44:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14847
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/header-logo.png

119.18.54.32

200 OK

4.1 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/header-logo.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 248 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4097 bytes)
Hash
693418bd130349caa2a9ba3a8fd2c750
c830a2955e0d7e77586079b4f785af585d348620
a0ddd3f71a9595c35d4c3927b3da28593524512400c1609e0062a7e72b9b9254

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/header-logo.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 17 May 2022 11:36:21 GMT
accept-ranges: bytes
content-length: 4097
content-type: image/png
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Sofia&display=swap

142.250.74.10

200 OK

744 B

URL HTTP/2
fonts.googleapis.com/css2?family=Sofia&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
744 B (744 bytes)
Hash
9352d2ef1cd11296e0203b7b18c9d4d2
2dd631282347326fdf3f472b1f2e0776fc3241ff
3261e25e2ff1b905f40982b777405fec1cb997bcd83484a8b022d676d26ff512

HTTP Headers

GET /css2?family=Sofia&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 04:47:56 GMT
date: Tue, 25 Oct 2022 04:47:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/font-awesome.css

119.18.54.32

200 OK

7.7 kB

URL HTTP/2
www.htrcretreat.com/assets/users/css/font-awesome.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
7.7 kB (7740 bytes)
Hash
c43ca97dd408d10eb34f8a4c31023010
d05fbdd029f8c8ae70290c7ba604bd1eba1a8383
654405b4519c9e599f6d08a322e05a8f84c4e933722f9518c3d7d7bb759d261d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/font-awesome.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:10:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7740
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/ads/stay-1652850682.jpg

119.18.54.32

200 OK

64 kB

URL HTTP/2
www.htrcretreat.com//uploads/ads/stay-1652850682.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 300x293, components 3\012- data
Size
64 kB (64281 bytes)
Hash
edfea96703f35f98a906a4c55e886b2f
86563624573525cba8fc454786c19407a45bd455
3d0aed6aad8fd1b1703f3367087c3bab5f65d261d7110501f00acb45da7954ad

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/ads/stay-1652850682.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 05:11:22 GMT
accept-ranges: bytes
content-length: 64281
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/ads/meet-1652850695.jpg

119.18.54.32

200 OK

77 kB

URL HTTP/2
www.htrcretreat.com//uploads/ads/meet-1652850695.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 300x293, components 3\012- data
Size
77 kB (76761 bytes)
Hash
44cd7249917962454ea3b9d417a88399
b08331e4ca27f4219fff502607e656c618dfff51
ae65c379a3fe3acb7d8a71205f8a951f07023082d2657cfdcd7954faee0cb005

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/ads/meet-1652850695.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 05:11:35 GMT
accept-ranges: bytes
content-length: 76761
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/options.js

119.18.54.32

200 OK

645 B

URL HTTP/2
www.htrcretreat.com/assets/users/js/options.js
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text
Size
645 B (645 bytes)
Hash
9cca9091fc0a622a5a864d73c4e79359
12207c907eeb8ff9b665e5b3f7c48be4da69652f
79d9d1c92fe6a9aceb2d3be884bd2a4f55eb46cab312f7312502c84e6a13f350

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/options.js HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 645
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/rating.png

119.18.54.32

200 OK

1.4 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/rating.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 154 x 31, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1432 bytes)
Hash
da91601ce7850e3e672d7d1b13a0dba3
a09eab5c2fd8257a0f0776794a7c206831ac3264
8490ca0fd362fe6953cf32b8eaf680d24fb29e043e3413c6c6569850ad579807

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/rating.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 11:02:48 GMT
accept-ranges: bytes
content-length: 1432
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/themeScript.js

119.18.54.32

200 OK

2.0 kB

URL HTTP/2
www.htrcretreat.com/assets/users/js/themeScript.js
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text
Size
2.0 kB (2046 bytes)
Hash
7db177183589c7bfc5a10664756207f1
17b980305d8ceaffde8fb7d840f27520a320b4f3
a2acada08ddd711d3255ead1df5d56255e72baf9c6a6ae82585142043ed91caf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/themeScript.js HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2046
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/user.png

119.18.54.32

200 OK

4.3 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/user.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 103 x 111, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4307 bytes)
Hash
551c1bc5450e817b72c449c8cb2ff648
884d5abb0ecc2a05560e36f2425b15da6dee75c9
5168d28d6eeddc6a3156d20d685cf81f5d4b478e89983bb536eb4aba9993ed20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/user.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 07:09:27 GMT
accept-ranges: bytes
content-length: 4307
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/user2.png

119.18.54.32

200 OK

4.3 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/user2.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 103 x 111, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4307 bytes)
Hash
551c1bc5450e817b72c449c8cb2ff648
884d5abb0ecc2a05560e36f2425b15da6dee75c9
5168d28d6eeddc6a3156d20d685cf81f5d4b478e89983bb536eb4aba9993ed20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/user2.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 07:10:05 GMT
accept-ranges: bytes
content-length: 4307
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/user4.png

119.18.54.32

200 OK

4.3 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/user4.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 103 x 111, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4307 bytes)
Hash
551c1bc5450e817b72c449c8cb2ff648
884d5abb0ecc2a05560e36f2425b15da6dee75c9
5168d28d6eeddc6a3156d20d685cf81f5d4b478e89983bb536eb4aba9993ed20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/user4.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 07:10:25 GMT
accept-ranges: bytes
content-length: 4307
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/user1.png

119.18.54.32

200 OK

4.3 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/user1.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 103 x 111, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4307 bytes)
Hash
551c1bc5450e817b72c449c8cb2ff648
884d5abb0ecc2a05560e36f2425b15da6dee75c9
5168d28d6eeddc6a3156d20d685cf81f5d4b478e89983bb536eb4aba9993ed20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/user1.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 07:09:11 GMT
accept-ranges: bytes
content-length: 4307
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com//uploads/boxs/user3.png

119.18.54.32

200 OK

4.3 kB

URL HTTP/2
www.htrcretreat.com//uploads/boxs/user3.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 103 x 111, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4307 bytes)
Hash
551c1bc5450e817b72c449c8cb2ff648
884d5abb0ecc2a05560e36f2425b15da6dee75c9
5168d28d6eeddc6a3156d20d685cf81f5d4b478e89983bb536eb4aba9993ed20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/boxs/user3.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 07:10:16 GMT
accept-ranges: bytes
content-length: 4307
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/touchSwipe.min.js

119.18.54.32

200 OK

6.4 kB

URL HTTP/2
www.htrcretreat.com/assets/users/js/touchSwipe.min.js
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (20000), with no line terminators
Size
6.4 kB (6392 bytes)
Hash
4bd8c1ed6d7088a708270507c081c382
ce40fe5daa9d9da0f369fafa38a80ca2e66fdf2c
68c06a0f8a7c2bda6f1b9f445cf40d76f50b1c808ba7453627b499d71e022305

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/touchSwipe.min.js HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6392
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/simple-lightbox.js?v2.2.1

119.18.54.32

200 OK

16 kB

URL HTTP/2
www.htrcretreat.com/assets/users/js/simple-lightbox.js?v2.2.1
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text, with very long lines (905)
Size
16 kB (16000 bytes)
Hash
d64ed24e32e958db663156718e55ec5f
da6e5ae82557fe6677ad4b39f8cfb504b71d0b79
8d2cfca97e4943af93b2288f2a2c5a906b459988db2f1a4711511915a5b2e9bb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/simple-lightbox.js?v2.2.1 HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:14 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16000
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/images/join-our-team.png

119.18.54.32

404 Not Found

618 B

URL HTTP/2
www.htrcretreat.com/images/join-our-team.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
618 B (618 bytes)
Hash
ef8d9e583dd419684657970a8235ca52
02e97d9f18e3296074627f2fbf15c75e09093d1f
e484e2cb6cfc55e50feefa9239bce648522d192b53cd3f40285e77d99b0b42f7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /images/join-our-team.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
set-cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; expires=Tue, 25-Oct-2022 06:48:01 GMT; Max-Age=7200; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 618
content-type: text/html; charset=UTF-8
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.htrcretreat.com//uploads/ads/play-1652850703.jpg

119.18.54.32

200 OK

103 kB

URL HTTP/2
www.htrcretreat.com//uploads/ads/play-1652850703.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 300x293, components 3\012- data
Size
103 kB (103409 bytes)
Hash
d5b2c10745c3496f60943a151da4373f
58affb11bbc8e5cf3572bc8646250e894204e38d
005b8a6f416f7037a4c68ed7b2138db995cd8e7efa269bce5bc904f3d402ed6d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/ads/play-1652850703.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 05:11:43 GMT
accept-ranges: bytes
content-length: 103409
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

216.58.207.195

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Size
7.8 kB (7840 bytes)
Hash
8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:31:04 GMT
expires: Thu, 19 Oct 2023 19:31:04 GMT
cache-control: public, max-age=31536000
age: 465412
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@600;700&display=swap

142.250.74.10

200 OK

8.7 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@600;700&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
8.7 kB (8650 bytes)
Hash
5a57a21ad273d80dd5eb4be46b785d21
0a3960f9cf9ea3687a26a46b2330e26fead1fdc9
c041e0abb28396ff43a32b85b5732029389e8df44342a1ddefa1bea7b85c3045

HTTP Headers

GET /css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 04:47:56 GMT
date: Tue, 25 Oct 2022 04:47:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/tiny-slider.js

119.18.54.32

200 OK

30 kB

URL HTTP/2
www.htrcretreat.com/assets/users/js/tiny-slider.js
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
30 kB (29785 bytes)
Hash
02c98f0024b995b5b468e92dc67eb9f6
9dfe6788e947038f6d66c9fe40be9cc79b406f09
4f847f5b01c87dd4b32f25e31a16c213b9f4834c3bf392b47ecd5af00b72d4d3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/tiny-slider.js HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/js/bootstrap.min.js

119.18.54.32

200 OK

24 kB

URL HTTP/2
www.htrcretreat.com/assets/users/js/bootstrap.min.js
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
24 kB (23821 bytes)
Hash
75abacce2b0f080f9af5333ec7f73d0f
247715034a8ee847b51f4be13b2585d91b63150b
5e0663ef833451f8dce76ab7d538b644c3e54bc45d4a3b98679bc687b0a4bb8f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/js/bootstrap.min.js HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sofia/v14/8QIHdirahM3j_su5uI0.woff2

216.58.207.195

200 OK

12 kB

URL HTTP/2
fonts.gstatic.com/s/sofia/v14/8QIHdirahM3j_su5uI0.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 11524, version 1.0\012- data
Size
12 kB (11524 bytes)
Hash
f4a7adcf8a6ed18bfd2535024b1650f7
96c6b1fedf4a5a13e2ccd0efcd057b8dac6bfb88
e3ac38d3450e1b34fc06a525f31cd6b99203b646292c6c393a3c588ffe46018f

HTTP Headers

GET /s/sofia/v14/8QIHdirahM3j_su5uI0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 06:45:39 GMT
expires: Fri, 20 Oct 2023 06:45:39 GMT
cache-control: public, max-age=31536000
age: 424937
last-modified: Wed, 27 Apr 2022 16:01:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

216.58.207.195

200 OK

7.7 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:31:00 GMT
expires: Thu, 19 Oct 2023 19:31:00 GMT
cache-control: public, max-age=31536000
age: 465416
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

216.58.207.195

200 OK

8.0 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:30:59 GMT
expires: Thu, 19 Oct 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 465417
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.195

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 21:48:50 GMT
expires: Thu, 19 Oct 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 457146
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

216.58.207.195

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.htrcretreat.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:30:59 GMT
expires: Thu, 19 Oct 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 465417
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 04:47:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9590
Expires: Tue, 25 Oct 2022 07:27:46 GMT
Date: Tue, 25 Oct 2022 04:47:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9590
Expires: Tue, 25 Oct 2022 07:27:46 GMT
Date: Tue, 25 Oct 2022 04:47:56 GMT
Connection: keep-alive

www.htrcretreat.com//uploads/banner/volunteer-1652851512.jpg

119.18.54.32

200 OK

311 kB

URL HTTP/2
www.htrcretreat.com//uploads/banner/volunteer-1652851512.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2022:05:18 10:53:53], progressive, precision 8, 449x420, components 3\012- data
Size
311 kB (311075 bytes)
Hash
f2684b5cec1b88ef592710204841d0a7
8adf831f3482d813c6bca33d139771561d2abf54
973e5360d26f006d5c7e778200cd7b14c3cd65dd6911c3499e7e18edc693822d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET //uploads/banner/volunteer-1652851512.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 05:25:12 GMT
accept-ranges: bytes
content-length: 311075
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/uploads/banner/donate(1)-1652871827.png

119.18.54.32

200 OK

526 kB

URL HTTP/2
www.htrcretreat.com/uploads/banner/donate(1)-1652871827.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 449 x 671, 8-bit/color RGB, non-interlaced\012- data
Size
526 kB (526299 bytes)
Hash
eb765f92ad2190806912b75295e728c6
a3bad73f6f40e24c95c91b11612f3145246fe24f
2f91073b32d2575325cbc7df2875fe494daf0da6799619cd5f00d23eb51ae30a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/banner/donate(1)-1652871827.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 11:03:47 GMT
accept-ranges: bytes
content-length: 526299
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8090 bytes)
Hash
531f350512ac7712d932234803aa4602
2fb4599ad3d513a160c1f29fefda27b45852c381
7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TkdgdFp1dXipnGokyVpkamtD5qLRUC7aNYJrX_OKkEujnQsplMsgXA==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 04:35:17 GMT
age: 759
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/contribute.png.png

119.18.54.32

200 OK

5.6 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/contribute.png.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 90 x 742, 8-bit/color RGBA, non-interlaced\012- data
Size
5.6 kB (5607 bytes)
Hash
1191d58cf09c5b265cfaf80cc64b529d
1a901facf5026845bbb778ff54c165afe0691852
930046aff8d756ee3fb720b8ca1a38726e9e4296361aa1be7ef014705a8fe022

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/contribute.png.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/style.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:02 GMT
accept-ranges: bytes
content-length: 5607
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5799e548-737d-43a5-ae0b-3ccb8e2f1daf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8031 bytes)
Hash
6977b5f01197ed4e914157b59ce56c2a
0c4bc06cb32bae6cdcbd61fde8b6289fa901a0c2
98ed9be1f79f4d1ff9acd3dc22aa64f7e0218d7c4854fc7cb71e70dd341dd7ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5799e548-737d-43a5-ae0b-3ccb8e2f1daf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8031
x-amzn-requestid: 39e6cba4-dc3b-4fe8-9f00-f9042b3dfb3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3D7E2SoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054c-541d3ed176c9176913844804;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3sV_Wswao5mW-vx2uno8kuZE0qTvTaJYVB8MeVi1dolnHblN_uYwQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:45:49 GMT
etag: "0c4bc06cb32bae6cdcbd61fde8b6289fa901a0c2"
content-type: image/jpeg
age: 25327
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/reg-ur-retreat-bg.png

119.18.54.32

200 OK

3.6 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/reg-ur-retreat-bg.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 80 x 259, 8-bit/color RGB, non-interlaced\012- data
Size
3.6 kB (3570 bytes)
Hash
95ae8d283312a5dcc73ab0eaa48c6497
440609a803c8202f30096ad1a0a97f76a3dd834f
69d77bb8805666c5e7c553e8477984ec5dacffcbfb4acc5bbaba80124917b090

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/reg-ur-retreat-bg.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/style.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:09 GMT
accept-ranges: bytes
content-length: 3570
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/join-our-team.png.png

119.18.54.32

200 OK

6.3 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/join-our-team.png.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 89 x 727, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6261 bytes)
Hash
1a51e5dc3f861491d2a3ce5aa2a5574a
0f2c9465480e336cafe3f474b7f8cfce56110a0f
e22d48b2d59d14a127db0c6b605454aeaf8277a7063890237650d5de4df0b7ad

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/join-our-team.png.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/style.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:06 GMT
accept-ranges: bytes
content-length: 6261
content-type: image/png
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/fonts/fontawesome-webfont.woff2?v=4.7.0

119.18.54.32

200 OK

77 kB

URL HTTP/2
www.htrcretreat.com/assets/users/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/font-awesome.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 08 Apr 2022 09:11:00 GMT
accept-ranges: bytes
content-length: 77160
content-type: font/woff2
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/about-us.jpg

119.18.54.32

200 OK

270 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/about-us.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2022:05:18 15:19:33], progressive, precision 8, 900x705, components 3\012- data
Size
270 kB (269664 bytes)
Hash
112203b83b5a86605af0318feb43b7aa
85c2ed7cf59404b3eb22451f1357cd96892bfcad
60ba6c6a92ac82b6dcf744a512901438f9014c157fbd901a41f70b1520390d33

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/about-us.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/style.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 10:25:55 GMT
accept-ranges: bytes
content-length: 269664
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
8502c90bf679dce29b1c2a87606bbb3e
7940c911dea3882ab8a7ff70240f4edc1b89a56d
ccc5ab3068b7f90276124148a812eb26951a95d7c146bdcf28a69a3d05f76ee2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: 51dfaabc-ee88-465f-8da7-fd6739cf7794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZSHjHeLIAMF8mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635396fc-1e4ad2d647a7f07a094574be;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 07:08:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dgxcF8hXUOo_WqQwpd0yctMNPuB-IfmSRxD1_TRG7zuV3b5EbpVIig==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 07:28:23 GMT
age: 76773
etag: "7940c911dea3882ab8a7ff70240f4edc1b89a56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49bb46dd-5578-4e72-9aed-dc70960d4c97.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7633 bytes)
Hash
edae4c2a51941f9d01ea6658430a95b8
ed419179e1460d655f14735e430cbbd76ab2a869
92f280cc9ad01c6901b08269a12908b927877082952ec52fe9a082910c181076

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49bb46dd-5578-4e72-9aed-dc70960d4c97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7633
x-amzn-requestid: e85011ac-422d-44b3-8af4-32d1c657597f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3D6EYXIAMFRlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054c-4f56cf37570dfcbe64ce4778;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NFDP9zPOwbHBAu0eMIt4sefrNehfkLPcEYn2CYKykM7qVZsMxiVnDw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:39:46 GMT
age: 25690
etag: "ed419179e1460d655f14735e430cbbd76ab2a869"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8239 bytes)
Hash
b3e41dda631c7f2ee5e664d43e48af31
5a8579a70d8791a19e0192995c46594e242e864d
c26bec6c4527220272777fe7b3209d8726c94105955ef15f05a584bae50ae719

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8239
x-amzn-requestid: c37a1abe-9823-4181-a64f-5cc074cfdf2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3OeGxOoAMFtJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357058f-10c7cfed331c043e00a600e0;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:37:19 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: W3FmIxKlIU9N0kCfbiIqszSpbnmBk5gVmAOZ_w5e7a116zrKEeUpMw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:45:49 GMT
etag: "5a8579a70d8791a19e0192995c46594e242e864d"
content-type: image/jpeg
age: 25327
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3694988-223c-4449-a1a5-28c1de7da771.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11051 bytes)
Hash
1970a25715283fecf7a05a199bf4cae6
3a3005e722d2e89c9218c34ba283bbcde72e4bbc
624f6f86abe8c7cb8b24669851103baf152802c3ea915dcdea88ce984d468361

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3694988-223c-4449-a1a5-28c1de7da771.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11051
x-amzn-requestid: 2eef9564-c660-421d-aff6-40644b72ffa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aFfupETyoAMF3qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634bacc3-48a6442d4ec030f50e8f8f13;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 07:03:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HgK4QTgdR6OSGV86ooPEJ0_jtGehzs1DHgeynAoCthtKlAAohrKVSg==
via: 1.1 912d83c7c9b4676eb19f09c9bfabda24.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 22:18:45 GMT
age: 23351
etag: "3a3005e722d2e89c9218c34ba283bbcde72e4bbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/experience.jpg

119.18.54.32

200 OK

1.2 MB

URL HTTP/2
www.htrcretreat.com/assets/users/images/experience.jpg
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2022:05:18 10:50:42], progressive, precision 8, 1920x705, components 3\012- data
Size
1.2 MB (1172956 bytes)
Hash
5ceb35a98976159d45de0c95c6254d6e
90f70656713bc1ca6b46b0b846bd13c10cce7f3e
6b9f7e6648e18d9682eaa6eb2bbe64136d60ab3f282468a9075cd75a052255cc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/experience.jpg HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 18 May 2022 06:38:11 GMT
accept-ranges: bytes
content-length: 1172956
content-type: image/jpeg
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/favicon.png

119.18.54.32

200 OK

6.2 kB

URL HTTP/2
www.htrcretreat.com/assets/users/images/favicon.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6172 bytes)
Hash
a7070e960c18846ca553db202f670c87
0240203596a110cd953b13210d041c682f8a9850
cf8e2d90723b40bb9202c69cbd405f8fd08cd114bf308fb873f5d8d6e5939677

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/favicon.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 23 May 2022 10:21:19 GMT
accept-ranges: bytes
content-length: 6172
content-type: image/png
date: Tue, 25 Oct 2022 04:48:02 GMT
server: Apache
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/images/register-your-retreat.png

119.18.54.32

409 Conflict

83 B

URL HTTP/2
www.htrcretreat.com/assets/users/images/register-your-retreat.png
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/images/register-your-retreat.png HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/assets/users/css/style.css
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/css/bootstrap.css

119.18.54.32

200 OK

0 B

URL HTTP/2
www.htrcretreat.com/assets/users/css/bootstrap.css
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/css/bootstrap.css HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 27 May 2022 10:05:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 25 Oct 2022 04:48:00 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@300;400;500&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@300;400;500&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Poppins:wght@100;200;300;400;500;600;700&family=Quicksand:wght@300;400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 04:47:56 GMT
date: Tue, 25 Oct 2022 04:47:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.htrcretreat.com/assets/users/video/home-video1.mp4

119.18.54.32

206 Partial Content

0 B

URL HTTP/2
www.htrcretreat.com/assets/users/video/home-video1.mp4
IP
119.18.54.32:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/users/video/home-video1.mp4 HTTP/1.1
Host: www.htrcretreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.htrcretreat.com/
Cookie: csrf_cookie_name=68dde9ee4341bb454a04a13ef56a7e01; ci_session=5d69b52e9e4e0bc6e92aaf90dbf6ece76e76dea1
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
last-modified: Fri, 27 May 2022 11:49:25 GMT
accept-ranges: bytes
content-length: 13086770
content-range: bytes 0-13086769/13086770
content-type: video/mp4
date: Tue, 25 Oct 2022 04:48:01 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations