firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 16 Oct 2022 15:06:20 GMT
Expires: Sun, 16 Oct 2022 15:58:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Mh3wNdWxo5RFTBB72V9FZUgwo72ZfH4WZePyY8qTs5NWC2NysZil0A==
Age: 2835
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 10ab470535c002d333b4f27d38b51091
ed3b0850c5d75881de410f7e8ca35e012e38bd38
31d6655d048ec8a62e00125766fea65cde04beae0b11f12ce7f722c9a5f7e232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31D6655D048EC8A62E00125766FEA65CDE04BEAE0B11F12CE7F722C9A5F7E232"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16834
Expires: Sun, 16 Oct 2022 20:34:10 GMT
Date: Sun, 16 Oct 2022 15:53:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6789
Expires: Sun, 16 Oct 2022 17:46:45 GMT
Date: Sun, 16 Oct 2022 15:53:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: j7dDtZXdcYbEC83ekZqYYEWiTaJpZWLCT8V/KVktdbgBq+aM7ffOUg34SlZOis+5/Sh4ISxqNfs=
x-amz-request-id: 7PK958XVZETYAAT6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 16 Oct 2022 15:35:06 GMT
age: 1110
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 16 Oct 2022 15:07:43 GMT
Cache-Control: max-age=3600
Expires: Sun, 16 Oct 2022 15:16:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5brIHQsKXO51lBuoktDScL1HSg4TD_BotpXtUtT-gd0FYfrqRdeMmw==
Age: 2753
rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
142.132.250.25200 OK 31 kB URL HTTP/1.1 rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7671), with CRLF, LF line terminators
Hash 00ebe6808a19c3791dd84626245a3818
6e9a09c47cc650e70b4eef147a02c99ebf2f7c33
172c3ec721b32e63a3fead645020eb094e75d55f647a3d0bf50eaa7845b3858a
GET /mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/ HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: http://rbebooks.site/xmlrpc.php
Link: <https://rbebooks.site/wp-json/>; rel="https://api.w.org/", <https://rbebooks.site/wp-json/wp/v2/posts/9266>; rel="alternate"; type="application/json", <https://rbebooks.site/?p=9266>; rel=shortlink
X-Mod-Pagespeed: 1.13.35.2-0
Cache-Control: max-age=0, no-cache, s-maxage=10
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfc92c8f6ee7599505d969732542ac42
7f4804d49c8ccd76ccffa6b72d41b1df611eb090
406c057a8392b9fa0ab09efa8b3222a58ec5fc17fa73f55a1f093e3d1092b0e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4378
Cache-Control: max-age=149169
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:36 GMT
Etag: "634bbb97-1d7"
Expires: Tue, 18 Oct 2022 09:19:45 GMT
Last-Modified: Sun, 16 Oct 2022 08:06:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=G-CCWKBB1PCZ
142.250.74.168302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-CCWKBB1PCZ
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 97810e2062ea6c1fa4dbf7f184db405e
6fa70aea0e09afe7ae6344654cc35263fd978cfd
9678971a68add524e95ef0f64aa0ba8c7d35586ade694f5fd8c353a40ba297db
GET /gtag/js?id=G-CCWKBB1PCZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-CCWKBB1PCZ
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
rbebooks.site/wp-content/plugins/buymeacoffee/public/css/buy-me-a-coffee-public.css?ver=3.0
142.132.250.25200 OK 99 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/buymeacoffee/public/css/buy-me-a-coffee-public.css?ver=3.0
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 599e800a1c8642027bf9d6e121344994
c6b68e60840c9c2805e7888d54aa396ed08cbf65
1614f0cef6ccd70588e729d301766ef768f1aeaa1d93c2299f0f7654e5baa6f0
GET /wp-content/plugins/buymeacoffee/public/css/buy-me-a-coffee-public.css?ver=3.0 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Content-Length: 99
Connection: keep-alive
Last-Modified: Mon, 22 Aug 2022 13:11:52 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
rbebooks.site/wp-content/plugins/pdfjs-viewer-shortcode/blocks/dist/style.css?ver=2.1.7
142.132.250.25200 OK 363 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/pdfjs-viewer-shortcode/blocks/dist/style.css?ver=2.1.7
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (370)
Hash ae0d740d816cb8ae2627a8d6713dac33
ea91248c3352141eaf6b08111d97aefe7e774df4
b371178c4ab01c7c308ede99bbb163cb047219c934eac2399d425c663cf18f2a
GET /wp-content/plugins/pdfjs-viewer-shortcode/blocks/dist/style.css?ver=2.1.7 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 29 Apr 2022 07:12:28 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/marquee/jquery.marquee.js?ver=6.0.2
142.132.250.25200 OK 4.6 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/marquee/jquery.marquee.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 94aea8b944db3811110e78b30b2d10de
ad8b956c0dfca355e3c4b46f2ccd08384aae831f
58840de8bf969676e55b1b0227fc3b4bb964382ed0039cf255e228c03195c626
GET /wp-content/themes/chromenews/assets/marquee/jquery.marquee.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/font-awesome/css/all.min.css?ver=6.0.2
142.132.250.25200 OK 13 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/font-awesome/css/all.min.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (59158)
Hash 15f654c4aff00b5e1e5c547242050a93
81bcb3f52469eae64ad9493fd9bb499506797325
4329f344a3a01e60369de829d257efd941d0acec24ded4b24e00d80d2ea151cb
GET /wp-content/themes/chromenews/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/sidr/css/jquery.sidr.dark.css?ver=6.0.2
142.132.250.25200 OK 429 B URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/sidr/css/jquery.sidr.dark.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash e025998a07dd3a67b9e0810027a57003
faa78ac2c49c5f358553c191b598db29825f8044
58947c1e5de9f7fb407da160ec1e63fe43ab2b081d9932d9080e0a243f402b25
GET /wp-content/themes/chromenews/assets/sidr/css/jquery.sidr.dark.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:33 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/magnific-popup/magnific-popup.css?ver=6.0.2
142.132.250.25200 OK 1.8 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/magnific-popup/magnific-popup.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash eb4d2fa5bd4dca3cba4a1ec4045e913b
c004d7bd9a1c4e40ed1b1cb77dd6a94821ee8b16
d758aefd39bbfcc2225a6b8be1ba0ab6bdd09f402b342de5a4932d60d4879607
GET /wp-content/themes/chromenews/assets/magnific-popup/magnific-popup.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/slick/css/slick.min.css?ver=6.0.2
142.132.250.25200 OK 479 B URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/slick/css/slick.min.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1297), with no line terminators
Hash dccd4582f989e4502f589bbee430768b
74a54c10b7d3de27d692bf8cbbe93199c91c75f6
5548bf564e1afd4c6600b1fbdca874aee07e965a24dcaf6ce673624114e5bb3f
GET /wp-content/themes/chromenews/assets/slick/css/slick.min.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
142.132.250.25200 OK 212 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash db66de13c05ea53fcf76501102756efa
e124611eaa5ac52ad1ffa6d8e13bd54ec53f251b
bcc8b236b089f186585569d3128078fcc27eafe97a8d01b2075f6f8528779e07
GET /wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 04 Oct 2022 15:21:01 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
142.132.250.25200 OK 3.3 kB URL HTTP/1.1 rbebooks.site/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1577)
Hash 1dee6a3decb1139caa392ff5205a75c4
9b21fb4d7c6e20a737d6b9b66c46d309d864825f
bb462344602a86ec3cfef29a834c0a1a4d47ef80c1754c8fec5be54e88de14d7
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 11 Oct 2022 22:10:16 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/buymeacoffee/public/js/buy-me-a-coffee-public.js?ver=3.0
142.132.250.25200 OK 481 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/buymeacoffee/public/js/buy-me-a-coffee-public.js?ver=3.0
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash ef207c36e0fbaccd157f68eeff806315
bfd436d183577193494da0eaad406cb0bdd0c086
fc3dded98fd38d8fb072576b2a0743c22673d57ec0af0be9061efd2bc82b3e2f
GET /wp-content/plugins/buymeacoffee/public/js/buy-me-a-coffee-public.js?ver=3.0 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 22 Aug 2022 13:11:52 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/jquery.cookie.js?ver=6.0.2
142.132.250.25200 OK 1.4 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/jquery.cookie.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 6dd3cde18a3b5a9dde1b2b766137afa5
b5d2c2d5e6d9317c5f7bb97227d30e334e8f3b03
d32265fc59a99736a3bfeacb73fa40ed34d672cd396a6d8c95ef38af59343a89
GET /wp-content/themes/chromenews/assets/jquery.cookie.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/toggle-script.js?ver=20221215
142.132.250.25200 OK 459 B URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/toggle-script.js?ver=20221215
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 858ecfc9037450b3d288cd4087b87a81
d893123a6d04184289305131dd679192bb48d328
d705e65fa51020dbf098446f0a85e13d7740e3674108dde10762d648f3078be8
GET /wp-content/themes/chromenews/assets/toggle-script.js?ver=20221215 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
c0.wp.com/c/6.0.2/wp-includes/js/masonry.min.js
192.0.77.37200 OK 7.4 kB URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/masonry.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (23966)
Hash b1d7616fb456f4caa2865557d68f36c2
dc46e5e89bfe2a13c05cb7cbe1b7fcd53c3307f6
5bd69a79ee49243ec59c65eddbccbffdb82659e9421429aebdfa0f823fb24384
GET /c/6.0.2/wp-includes/js/masonry.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
rbebooks.site/wp-content/themes/chromenews/js/navigation.js?ver=20151215
142.132.250.25200 OK 1.1 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/js/navigation.js?ver=20151215
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash bbf0b6923019257667b4999aad3002c7
2511c93bf772db6bbdab10bcd3da1fc7a4531bbf
d8310a01180a019f08ecaf53f1051ffd14827f91e89225e731ab83f3a170d141
GET /wp-content/themes/chromenews/js/navigation.js?ver=20151215 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:32 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/js/skip-link-focus-fix.js?ver=20151215
142.132.250.25200 OK 417 B URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/js/skip-link-focus-fix.js?ver=20151215
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 73f7704398d8f6be9748d30791950984
3231f3786c364c7665cd7123d8fae0f42bbfd836
c1d9b23aff05fb52e5d6e68aff86d808097185c6dbaac6c3fc3ec6e5bea31ef4
GET /wp-content/themes/chromenews/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:32 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/slick/js/slick.min.js?ver=6.0.2
142.132.250.25200 OK 10 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/slick/js/slick.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32076)
Hash 2335ebc9d75d21335c2f4f24f66b48a6
40a402ea0f0f8b03ed04ec3e2a077b7e6c8a2bda
87513b04039b97d60f4873ef513790e28c77955bd47e17ded70031dfdcb1f194
GET /wp-content/themes/chromenews/assets/slick/js/slick.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/sidr/js/jquery.sidr.min.js?ver=6.0.2
142.132.250.25200 OK 2.6 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/sidr/js/jquery.sidr.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (6911)
Hash e1d8ea344d1917f9bc469a265326b152
daf3cc934edb3c1d89e715e86f1c75ee9da3f5da
4935b4d1de62da5048e79e2ca0c78c71c7c39fb3004f3a9c92e4d53aee26fca3
GET /wp-content/themes/chromenews/assets/sidr/js/jquery.sidr.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:33 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/style.css?ver=6.0.2
142.132.250.25200 OK 55 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/style.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1142)
Hash 2fd9bd43441fec1825d3a32964d1548e
08d45043ddcd72f499044829e09efd5e44ec4dd8
c3cf152e34c317d8427e84d0465f2bbc0a5a83c1e676b591f20eefe50cbd4db1
GET /wp-content/themes/chromenews/style.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:32 GMT
Expires: Tue, 15 Nov 2022 15:53:36 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/bootstrap/js/bootstrap.min.js?ver=6.0.2
142.132.250.25200 OK 16 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/bootstrap/js/bootstrap.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (57791)
Hash b49da897d0bf7089fd31386bb44dc581
231cbc4bc7905ca458ae932531b4f1362a24be84
d5543fdb436c315a99208393c17a0136493c10c7bdc63000af51dc5f47a13ef6
GET /wp-content/themes/chromenews/assets/bootstrap/js/bootstrap.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/theiaStickySidebar/theia-sticky-sidebar.min.js?ver=6.0.2
142.132.250.25200 OK 1.7 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/theiaStickySidebar/theia-sticky-sidebar.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (5370)
Hash bf4ffc4bde3b23f8cf1b4dc1b8eceb22
8e4b5998fa81e52f9b041b5ee339975adae6a140
f00ea856bb0e5e5048dc572feaa320895662008257b4daaed74e245a04afbb05
GET /wp-content/themes/chromenews/assets/theiaStickySidebar/theia-sticky-sidebar.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:36 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/jquery-match-height/jquery.matchHeight.min.js?ver=6.0.2
142.132.250.25200 OK 1.4 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/jquery-match-height/jquery.matchHeight.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (521)
Hash ead931d4b0da911c2b4f309d11bd3658
b0d0a9c50c058aa44ba679d15bca0818839b2641
c54d7bb9311371f47977c03c1bd7be0a407082411c67f66bc1cf1cb4a57e8749
GET /wp-content/themes/chromenews/assets/jquery-match-height/jquery.matchHeight.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/magnific-popup/jquery.magnific-popup.min.js?ver=6.0.2
142.132.250.25200 OK 7.4 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/magnific-popup/jquery.magnific-popup.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (20089)
Hash cafc6c8be8ba95cf4c1847c9fc5a9c9c
3c4763cfadeb20508a03479451873df1ffdb7b46
ed88ec33034896aede7740d8db2ab2dfae8d0dc0c0cfb473f1ca6186457763d7
GET /wp-content/themes/chromenews/assets/magnific-popup/jquery.magnific-popup.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/themes/chromenews/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
142.132.250.25200 OK 20 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65371)
Hash a8643ac2bb55fb711ad568077138092d
baa7c75af9a875bbeca8ca2d2482a7a15768e03c
3deb20fc65f8c4f74b68525e3a4fa25494e2b3c2c88f275675bd222f21d59184
GET /wp-content/themes/chromenews/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.1
142.132.250.25200 OK 1.5 kB URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.1
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2976)
Hash ef92f9c387fe31483aa1baa625d6f380
6af89e953cff5893779d1183467f89d6ea753b17
42bf5be4ace7a18492dc4fd2cbf563867812f799b7930021e648752e1e109e7a
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.1 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 04 Oct 2022 15:21:01 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.1
142.132.250.25200 OK 415 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.1
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 62e6439ea22c07d86674d88b688a9fb1
e499a5c06d34f838fc1a5b36a924ca5600f4f9cd
2e117cc65e06418d0232894884eb7b596ecc9d82c5c7c2c5ea6ee2c630af8e43
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.1 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 04 Oct 2022 15:21:01 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.1
142.132.250.25200 OK 764 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.1
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1533)
Hash 5482bab316d4745f945ceedf9a6a4a74
e19b9f0423ec7ea517fb3af8d04a08182e323da6
72be1dd2581dc327b485bb623a54884f951fa91ac86c39b534adf3ee80b87415
GET /wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.1 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 04 Oct 2022 15:21:01 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
rbebooks.site/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
142.132.250.25200 OK 5.1 kB URL HTTP/1.1 rbebooks.site/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (15660)
Hash 8592048ec656e41d4797240e7df5ac38
5ed5d9f50f67b9283dc78d0f0ad9e4ab53af595b
0865155ebddd7c505b677182ab113cc5f1ba66ccc7bd085c3aa8f94403fdc6cd
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 24 May 2022 20:16:24 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0efa623bed47d42f69be9e523e7725f4
b301c00ee9ab5778b326edea3bc274f8ae46da15
c7d4afc16dd19b5216a9c34cf3048b4e6dff056608666d6d40c9f5eeeae309a5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0fed321269b6c2e851bf6bd91f7531ae
7a0c76407c86716f881a73eef92c6c288da7b252
f89e9b55e07ee05f877116aa6615c3717e7c88bcd3c50995eddee7c06029ad06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2944
Cache-Control: max-age=164300
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Etag: "634bfc4d-117"
Expires: Tue, 18 Oct 2022 13:31:57 GMT
Last-Modified: Sun, 16 Oct 2022 12:42:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
c0.wp.com/c/6.0.2/wp-includes/js/comment-reply.min.js
192.0.77.37200 OK 1.7 kB URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/comment-reply.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (2946)
Hash d37aca22e2ddbc1b9ab9e22e002e3502
c43023f84a397bfac9a0c8215c3ff05e9a267087
2e55a3d1ecc854720dc888b93dac1c36daf151b88a16842159bf37e9d3bb4843
GET /c/6.0.2/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5f309b801fdcff49c832652cf9f67fed
f0b6a27d0995fd7fd40f23ee385f8fe1fd752c13
53663428a1b73aeee2fc68815b072ad9ced52bfd3726416aaab332c29eb3aab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ws-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1&MarketPlace=US
52.46.135.132200 200 8.0 kB URL HTTP/1.1 ws-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1&MarketPlace=US
IP 52.46.135.132:0
File type ASCII text, with very long lines (24699), with no line terminators
Hash 5cb6478f18128993ecdfde9850035691
1bb304153d7d08a44627e6c0911609b9fb7f9cde
597f03cf1416fd10212aade4a0b058d36ef838d109d7b262f8e4a7a3b67e1196
GET /widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1&MarketPlace=US HTTP/1.1
Host: ws-na.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 200
Date: Sun, 16 Oct 2022 15:53:37 GMT
Server: Server
Content-Encoding: gzip
charset: UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400,s-maxage=86400,no-transform
Expires: Mon, 17 Oct 2022 15:53:37 GMT
Pragma: Public
Content-Length: 7978
Vary: User-Agent
Connection: close
Content-Type: application/javascript;charset=UTF-8
push.services.mozilla.com/
52.41.246.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.246.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4yAZU8CiWzlqZn7f8W6+zQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cf30Rn/7HNFakqz1wYDGAnCjp8w=
www.googletagmanager.com/gtag/js?id=UA-217866199-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-217866199-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1962)
Hash 47d457fbbb19466b026b5e09140120d7
37e0795618b435d4a079634c4f0a2e6fd1635a3e
cff012597dc8b1fc131d554190a2f61ea5400326a1f7b6fab299cd9f225e5255
GET /gtag/js?id=UA-217866199-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 16 Oct 2022 15:53:37 GMT
expires: Sun, 16 Oct 2022 15:53:37 GMT
cache-control: private, max-age=900
last-modified: Sun, 16 Oct 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42483
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-CCWKBB1PCZ
142.250.74.168200 OK 65 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-CCWKBB1PCZ
IP 142.250.74.168:0
File type ASCII text, with very long lines (2996)
Hash d694a9eb2d87db65a007d4ad9840770d
147976b5a9272f619a59d418e3b06778622cf126
80a6106b3c94886a7e7361a19f0c6f20c59aa91c266c5df0085e2eabc28b5433
GET /gtag/js?id=G-CCWKBB1PCZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rbebooks.site/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 16 Oct 2022 15:53:37 GMT
expires: Sun, 16 Oct 2022 15:53:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64884
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
142.132.250.25200 OK 42 B URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 15:21:00 GMT
Expires: Thu, 15 Dec 2022 15:53:37 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0efa623bed47d42f69be9e523e7725f4
b301c00ee9ab5778b326edea3bc274f8ae46da15
c7d4afc16dd19b5216a9c34cf3048b4e6dff056608666d6d40c9f5eeeae309a5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5f309b801fdcff49c832652cf9f67fed
f0b6a27d0995fd7fd40f23ee385f8fe1fd752c13
53663428a1b73aeee2fc68815b072ad9ced52bfd3726416aaab332c29eb3aab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25086), with no line terminators
Hash 9d6f1332a601bce98ab00b8846a76d52
27467acecdd63a0446ed81b25cdd107fc2392445
cc34d6183ee67cd0d5facf0e0df0beaa3475e5788af35fb9c8db49e9042482fe
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d8d1779a71f1cd50bddeb5da7ec702e0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/jost/v14/92zatBhPNqw73oTd4g.woff2
216.58.207.195200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/jost/v14/92zatBhPNqw73oTd4g.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 26304, version 1.0\012- data
Hash 29404b5009a74d47f2a7923da5741fd5
c8c7a68af3f7e4f92d932203efda0c38e4d170ab
0b7e3af1cb23f3b1cc2c3418f3c31ab3bbadeaa2ba5e72f3cb818e4b44c420f4
GET /s/jost/v14/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rbebooks.site
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26304
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 10 Oct 2022 02:53:37 GMT
expires: Tue, 10 Oct 2023 02:53:37 GMT
cache-control: public, max-age=31536000
age: 565200
last-modified: Mon, 11 Jul 2022 20:29:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/imagesloaded.min.js
192.0.77.37200 OK 80 kB URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/imagesloaded.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (5477)
Hash f4adfc480778e797f5d0ac254321348d
c57a83965cfec94067689e016595af6e09fe4501
f4cefd00692ca7832ae6127d82abc589f9a8b9ba4a78503f329c6ed8c9478eb9
GET /c/6.0.2/wp-includes/js/imagesloaded.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 23948, version 1.0\012- data
Hash aeb92e524ca62170347fa63974605767
1e10bfbd720481e42035a5469d7ce8fc51d34aab
25475d82cc976fb2c71b15b3e416c22bf636dd247bbb268d312e7c076ec5b6e4
GET /s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rbebooks.site
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 10 Oct 2022 21:05:07 GMT
expires: Tue, 10 Oct 2023 21:05:07 GMT
cache-control: public, max-age=31536000
age: 499710
last-modified: Mon, 09 May 2022 19:47:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
testimonypersuadedclinic.com/68e0643520cf297c96565ee5d590990a/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/68e0643520cf297c96565ee5d590990a/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 24a8d0070374d410f3e425a58a517891
f580efd2b4f8f174364c8d24c5a9fed3e4cfd2ed
3502c6af27058ffc9102b53e6c671ea1c0b0c85d79ffd6cfa24f691c87120e89
Analyzer Verdict Alert quad9 Sinkholed
GET /68e0643520cf297c96565ee5d590990a/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 471403452c4f4ea6953b4c6f258a0b11
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/3b/77/51/3b7751125a8505512c15b5bbbe1612b0.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 testimonypersuadedclinic.com/3b/77/51/3b7751125a8505512c15b5bbbe1612b0.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37124), with no line terminators
Hash 45f333669abf2ce1d8f66e4d3a2cf5d3
e515e7619d526f42c16f81f37c403a9fb8ac5ad1
92b3a25c46abcdcc9eb2b332deb195574b807046f9545767e51f53b76c59a4b7
Analyzer Verdict Alert quad9 Sinkholed
GET /3b/77/51/3b7751125a8505512c15b5bbbe1612b0.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c7451d4ec9f12252f50d80d00534d203
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9ff8baa10f3ae760b3381000160c019c
110203b49c88573922645c733203d2c490fab776
1269eea9442af2dea64048862196aac0422a9eabb9addcd9c4e948763cb4f08a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1269EEA9442AF2DEA64048862196AAC0422A9EABB9ADDCD9C4E948763CB4F08A"
Last-Modified: Fri, 14 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Sun, 16 Oct 2022 21:53:19 GMT
Date: Sun, 16 Oct 2022 15:53:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 1d8cec336f09d99341aece51dfd88040
9e6cd4c9a49074b7b6b4e114d6218d9481cb8667
43ff7ebf73f1238e5e8e30ac7b0988634210dd5617a43bf251eed2f2f29b7edd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43FF7EBF73F1238E5E8E30AC7B0988634210DD5617A43BF251EED2F2F29B7EDD"
Last-Modified: Sat, 15 Oct 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 16 Oct 2022 21:53:37 GMT
Date: Sun, 16 Oct 2022 15:53:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 251b9e31adcaaee18add58a5e5b2f7a6
2c4459225c8b140eab2d64fee238582db8946f34
a0fba206d5e5510c7cda89e8c42f9e09ff92b649a157a16f3d482e86b454013a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3618
Cache-Control: max-age=138333
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:37 GMT
Etag: "634b943c-1d7"
Expires: Tue, 18 Oct 2022 06:19:10 GMT
Last-Modified: Sun, 16 Oct 2022 05:18:52 GMT
Server: ECS (amb/6BC7)
X-Cache: HIT
Content-Length: 471
rbebooks.site/wp-content/themes/chromenews/assets/font-awesome/webfonts/fa-regular-400.woff2
142.132.250.25200 OK 13 kB URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/font-awesome/webfonts/fa-regular-400.woff2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Hash f0f8230116992e521526097a28f54066
0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
GET /wp-content/themes/chromenews/assets/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rbebooks.site/wp-content/themes/chromenews/assets/font-awesome/css/all.min.css?ver=6.0.2
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: font/woff2
Content-Length: 13276
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 14:04:33 GMT
Expires: Thu, 15 Dec 2022 15:53:37 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
rbebooks.site/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
142.132.250.25200 OK 1.7 kB URL HTTP/1.1 rbebooks.site/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 32 x 32\012- data
Hash 265808cc54404f22de9785c713e0cb7e
bf3d1b71957caee1c6273061ad00c99c5d785a0f
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
GET /wp-content/plugins/a3-lazy-load/assets/css/loading.gif HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: image/gif
Content-Length: 1690
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 15:21:01 GMT
Expires: Thu, 15 Dec 2022 15:53:37 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash f0413efff3fc4435819eea0892565002
68f2cbf9d99cbc2f3500c911fe2906ea03a6d72f
f5ebdb13ab4ad27844b4ad00d4bb79c9238bd02937bdab5dc83d0802d956895f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=162013
Date: Sun, 16 Oct 2022 15:53:37 GMT
Etag: "634bf982-1d7"
Expires: Tue, 18 Oct 2022 12:53:50 GMT
Last-Modified: Sun, 16 Oct 2022 12:30:58 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: I74uh3CJ5OuAqiaEyfrijmTeJEPEjXguyr41cH8EKABNzVpc-G2DDw==
Age: 1372
simplewebanalysis.com/stats
3.66.118.16200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.66.118.16:0
File type ASCII text, with no line terminators
Hash 38b288832ad19897b15d519dfc2cee59
ec14ed49c0f2c1fb2e950a42e67d37da6b36d9b8
0fb7ba82e5341a27313c05e51de07cecdf7182e37b0cfa6aa6d8f5e1787a17e1
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://rbebooks.site
access-control-allow-credentials: true
set-cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Wed, 13 Oct 2032 15:53:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
web-platforms.sfo2.digitaloceanspaces.com/WWW/Badge%203.svg
138.68.32.225200 OK 17 kB URL HTTP/2 web-platforms.sfo2.digitaloceanspaces.com/WWW/Badge%203.svg
IP 138.68.32.225:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7963)
Hash 5c1550cdd853175d55edcabcf2ddb009
3f991e610e69e10fc5b1b7974fe51d2753bfca8f
0508716156f7f19531bd730c83d0182214a9ae3dc752d0678a6786b95c238586
GET /WWW/Badge%203.svg HTTP/1.1
Host: web-platforms.sfo2.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 16696
accept-ranges: bytes
last-modified: Wed, 14 Apr 2021 17:59:46 GMT
x-rgw-object-type: Normal
etag: "5c1550cdd853175d55edcabcf2ddb009"
x-amz-request-id: tx00000000000009b1b3a02-00634c2901-40f84833-sfo2a
content-type: image/svg+xml
date: Sun, 16 Oct 2022 15:53:37 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
strict-transport-security: max-age=15552000; includeSubDomains; preload
X-Firefox-Spdy: h2
www.topdisplayformat.com/3571d784a89a99fbed8310f791085655/invoke.js
192.243.59.13200 OK 9.8 kB URL HTTP/1.1 www.topdisplayformat.com/3571d784a89a99fbed8310f791085655/invoke.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26939), with no line terminators
Hash 649a9cfbbab17457e026315a6cd389fa
b72447ac1333187aaed6edf5a6429a9013f44b80
000ce2ddba6316a47520bff12f0d8a80fc14ffdd994376a4001e4b6877b8fb3a
Analyzer Verdict Alert quad9 Sinkholed
GET /3571d784a89a99fbed8310f791085655/invoke.js HTTP/1.1
Host: www.topdisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a61777b18c4b64ea8f3030099a583c0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0beffc764a59eda6bb1c999a258cb33a/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/0beffc764a59eda6bb1c999a258cb33a/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 24a8d0070374d410f3e425a58a517891
f580efd2b4f8f174364c8d24c5a9fed3e4cfd2ed
3502c6af27058ffc9102b53e6c671ea1c0b0c85d79ffd6cfa24f691c87120e89
Analyzer Verdict Alert quad9 Sinkholed
GET /0beffc764a59eda6bb1c999a258cb33a/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: df6ec4f4060c008624e747652af55fa7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
region1.google-analytics.com/g/collect?v=2&tid=G-CCWKBB1PCZ>m=2oeaa0&_p=1005396858&gdid=dZGIzZG&cid=1112828869.1665935621&ul=en-us&sr=1280x1024&_s=1&sid=1665935621&sct=1&seg=0&dl=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&dt=Mastering%20Malware%20Analysis%3A%20A%20malware%20analyst%E2%80%99s%20practical%20guide%20to%20combating%20malicious%20software%2C%20APT%2C%20cybercrime%2C%20and%20IoT%20attacks%2C%202nd%20Edition%20-%20Reading%20Bag%20library&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-CCWKBB1PCZ>m=2oeaa0&_p=1005396858&gdid=dZGIzZG&cid=1112828869.1665935621&ul=en-us&sr=1280x1024&_s=1&sid=1665935621&sct=1&seg=0&dl=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&dt=Mastering%20Malware%20Analysis%3A%20A%20malware%20analyst%E2%80%99s%20practical%20guide%20to%20combating%20malicious%20software%2C%20APT%2C%20cybercrime%2C%20and%20IoT%20attacks%2C%202nd%20Edition%20-%20Reading%20Bag%20library&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-CCWKBB1PCZ>m=2oeaa0&_p=1005396858&gdid=dZGIzZG&cid=1112828869.1665935621&ul=en-us&sr=1280x1024&_s=1&sid=1665935621&sct=1&seg=0&dl=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&dt=Mastering%20Malware%20Analysis%3A%20A%20malware%20analyst%E2%80%99s%20practical%20guide%20to%20combating%20malicious%20software%2C%20APT%2C%20cybercrime%2C%20and%20IoT%20attacks%2C%202nd%20Edition%20-%20Reading%20Bag%20library&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://rbebooks.site
date: Sun, 16 Oct 2022 15:53:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash c6650672318204b469e33bcfd4e367be
030695e0bc97cd9403846afe88cdf35dfbb605f9
43a98d70264efe56ce11236f022d968716e008222913bf79f18626209b874611
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A98D70264EFE56CE11236F022D968716E008222913BF79F18626209B874611"
Last-Modified: Fri, 14 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15384
Expires: Sun, 16 Oct 2022 20:10:02 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Sun, 16 Oct 2022 19:42:51 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Sun, 16 Oct 2022 19:42:51 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13753
Expires: Sun, 16 Oct 2022 19:42:51 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df5f38c3dc43ccc382d0274bffb6b350
9a305072cce8bb61ca3753bb98b999695fb4706e
20ff21892e65787fecbadca0f59c05e54dee3a1359271839dab0ee5c9e796ab0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6367
x-amzn-requestid: 485c3cf9-d305-4540-8eef-8304d1103ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5EHbOoAMFWsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a0-2ac206d826bf23193740e74c;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j4GFPRLOwyEGJVrC4uk01vi858DLWzDtUNZkfmbJ1ybrMV4xEdOIVg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:50:24 GMT
age: 64994
etag: "9a305072cce8bb61ca3753bb98b999695fb4706e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6432c2bf0bab32f918d931dd98a6e1e4
bba4f37b146e5aea2b6490f8f7da63fa61ffc849
bde0d98cb1dcd70f22cd2aee5860eb0cd824d1bb12ab18245ab8eed06a79cf1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7337
x-amzn-requestid: 43a16c4d-c5b9-4d01-8ba4-e811b09e96b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WYqEwVoAMFe5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d104-121eda8b7a73518849342e7a;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HUtvwwtoxo38w1ZiKkBZJL0dL3G7aCdUNzvcUhJ7CZ_Taj_tMyfjAQ==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:03:21 GMT
age: 39017
etag: "bba4f37b146e5aea2b6490f8f7da63fa61ffc849"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0dee97568c5306e8334fcc9dce195ccb
194a7c40cdfae31844fa711d53142ea98f007a92
bf4e94f2062baf118da68b2fe3f5f38e20f21fe85900cdc69509119e757707c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8579
x-amzn-requestid: c473888c-7989-4b4d-a5e7-f5f3149e145c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5NEfdoAMFaWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a1-4a1d1eb16fc64022768f622d;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: icdYFhmC1BY6tDrbYts7bOdjWH55Fkl-CkRdRhqKEuF4MJNFdLA-sQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:24:22 GMT
age: 62956
etag: "194a7c40cdfae31844fa711d53142ea98f007a92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd94762992136ed2f4d24dd34a745154
2050cee63f8005c5d9ac1a817730ada51b323f34
4548836d8846da958f477e1df952f6da9b9640e204804a7c76194d3e061b90a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7082
x-amzn-requestid: 5e98988f-faad-4e52-a49f-28d5a77b15d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL46HFloAMFSag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b269f-6759e36c79241479181c1d05;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p2Ytir5IhFSnRKz3OJ3J6_SieMyoFAAysH8-jBf_Bh_xfKEDRGy18g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 65802
etag: "2050cee63f8005c5d9ac1a817730ada51b323f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/style.min.css
192.0.77.37200 OK 24 kB URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/style.min.css
IP 192.0.77.37:0
File type ASCII text, with very long lines (43771)
Hash b4c84ebd841e9a4255444a597079e578
a1a81630d6be015f6200f4bfcb9d161bee678f52
f03cdbd80567cd67715e4841c807cff2ee52f7279dfe05d6ee9fa2fc47264345
GET /c/6.0.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e86d948bf8ed2f5918f8323b043ad5f
41548e231e2358d3453e7630f0d07a645cc25ddc
6602f2a020618234d34a9b6cd107398f0405de6dd14227e265aca84b38eaa5cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7075
x-amzn-requestid: 254a8860-b3bf-4e8d-a08d-31effa209a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5iGQqIAMFmkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a3-1a2820f550f35bf830444c22;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: psWLknan4sVucDaNcLURe-XRPs5FKeJ0Il7ZGWvBxV2rgpTrQvbyVw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:41:19 GMT
etag: "41548e231e2358d3453e7630f0d07a645cc25ddc"
content-type: image/jpeg
age: 65539
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rbebooks.site/wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
142.132.250.25200 OK 10 kB URL HTTP/2 rbebooks.site/wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- exported SGML document, ASCII text, with very long lines (27269), with no line terminators
Hash 215aab0158d2798f3ad192c470245811
4b3c379baa03fb8cb2bc167f1282e98a19777cdf
27ee519337db4b0a8ca364f0debf138a67639db8ef618338806e03e0d70c3f70
OPTIONS /wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/ HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://rbebooks.site/
Origin: http://rbebooks.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:38 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: noindex
link: <https://rbebooks.site/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey
x-wp-nonce: 5b584b389e
allow: GET
access-control-allow-origin: http://rbebooks.site
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
notifyoutspoken.com/watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 notifyoutspoken.com/watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://notifyoutspoken.com/watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=08f175a57451879addd337d7ff6d30b11aa0d57dd82621c890f8e553cf4132101757a354e4b003f8d1979eed9d207c8594e363e3bde1550bd22951ee1857e186d9bf59fde24b292f5cb8148ecd4c236868e0fc384d3096895f8f413c0bfbe2&pst=1665935678&rmtc=t
Set-Cookie: u_pl=17301153; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzMwMTE1MywiayI6IjY4ZTA2NDM1MjBjZjI5N2M5NjU2NWVlNWQ1OTA5OTBhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyNiwicHQiOjQsInBrIjoiYTI0NnJicXAxIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.UNhqWMSCwtyK7lW1hRK1JnCsONryEzi5vLnBjQkKqVA; expires=Sun, 16 Oct 2022 15:54:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 57c987f1f0361791bd5b5276f90ae7db
Strict-Transport-Security: max-age=0; includeSubdomains
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25098), with no line terminators
Hash d9b25fd32c00a4ca45492fec235f0124
88aee82ddc2860b6ab4cf4d6a8ec3ac57e697fa8
0fc5a7742745c5871941ab351130d2a445cbec160b3003425b28eba110b236a8
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e61d41a2ebf2d6e25ef325c5e1b7a39d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
notifyoutspoken.com/watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=08f175a57451879addd337d7ff6d30b11aa0d57dd82621c890f8e553cf4132101757a354e4b003f8d1979eed9d207c8594e363e3bde1550bd22951ee1857e186d9bf59fde24b292f5cb8148ecd4c236868e0fc384d3096895f8f413c0bfbe2&pst=1665935678&rmtc=t
173.233.137.36200 OK 2.0 kB URL HTTP/1.1 notifyoutspoken.com/watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=08f175a57451879addd337d7ff6d30b11aa0d57dd82621c890f8e553cf4132101757a354e4b003f8d1979eed9d207c8594e363e3bde1550bd22951ee1857e186d9bf59fde24b292f5cb8148ecd4c236868e0fc384d3096895f8f413c0bfbe2&pst=1665935678&rmtc=t
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (2473)
Hash 82e35ef429b1622a688d9cb006e81f2a
842d9043603fb7f644adef2b26fbb2ac70405365
b83ae00c23e14a0b069c3db042fd6e11c35f2d770dcb959b9f528e2088ffd7d4
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.791699647831.js?key=68e0643520cf297c96565ee5d590990a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=08f175a57451879addd337d7ff6d30b11aa0d57dd82621c890f8e553cf4132101757a354e4b003f8d1979eed9d207c8594e363e3bde1550bd22951ee1857e186d9bf59fde24b292f5cb8148ecd4c236868e0fc384d3096895f8f413c0bfbe2&pst=1665935678&rmtc=t HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17301153; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzMwMTE1MywiayI6IjY4ZTA2NDM1MjBjZjI5N2M5NjU2NWVlNWQ1OTA5OTBhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyNiwicHQiOjQsInBrIjoiYTI0NnJicXAxIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.UNhqWMSCwtyK7lW1hRK1JnCsONryEzi5vLnBjQkKqVA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv26=true; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
uncs26=1; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 43d8fbf7e872edf9da12ac02549d5249
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26933), with no line terminators
Hash 08d7dbc725a6d3911178054e35a43e9b
dc175178be1e917f5536c443e552097f3b4273fe
74d2efbf0f438558d0ee161e4a9078b866d13d4147aba421cb18e9efb9d80422
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 00e62396b098635d2463bc842e7a88c2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2873b7d4f22d9879ff578ee4e7e372f4
39333db169b49843eb3ae3c3b0e717b9b816af80
edad97e421f4c5ea345a374fa70cdf6cdb2ba34668ed7170e42df676511d103d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDAD97E421F4C5EA345A374FA70CDF6CDB2BA34668ED7170E42DF676511D103D"
Last-Modified: Sat, 15 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10678
Expires: Sun, 16 Oct 2022 18:51:36 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 085811651eb4fafa30703f99053a6a47
81e2ebac369759ebe97647a12323f77020bea644
1ff435e1bdc018ba0b717f48b97fd164e0cdd61a0f1dae3f340cd8a415c3d973
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1FF435E1BDC018BA0B717F48B97FD164E0CDD61A0F1DAE3F340CD8A415C3D973"
Last-Modified: Sun, 16 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16026
Expires: Sun, 16 Oct 2022 20:20:44 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b183fddf1f6b1bf92543dbf8714dd945
f0f1021a0fc5f4f9c919a1ff79b83302b187368b
b4b50dc8c4b812085a9ad867d8d51433abdb6cd1f07c8c6875104e2c3551938c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4B50DC8C4B812085A9AD867D8D51433ABDB6CD1F07C8C6875104E2C3551938C"
Last-Modified: Fri, 14 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10349
Expires: Sun, 16 Oct 2022 18:46:07 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
notifyoutspoken.com/watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 notifyoutspoken.com/watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://notifyoutspoken.com/watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=73b8688caae24606c3fe1c3baca7793df92237d1c2968a5e8d449ecfd2da02532ae53572316b4c2b58f336689a4360f76369a4ffdb4e0b15dc86ad692dade99ad0b28605a5ca732315259397d5ab7455436594b924847b2ec75e5a02b018bc5e&pst=1665935678&rmtc=t
Set-Cookie: u_pl=17258345; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM0NSwiayI6IjBiZWZmYzc2NGE1OWVkYTZiYjFjOTk5YTI1OGNiMzNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyNywicHQiOjQsInBrIjoiZ245ZTJ2dXRiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.GXb-vh_Q52OnMCN8VVRxtaG18NEoLnhzkJ-xH_0hbaU; expires=Sun, 16 Oct 2022 15:54:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8550fe7d20a6b25999b6d89b8206b4bd
Strict-Transport-Security: max-age=0; includeSubdomains
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26933), with no line terminators
Hash 08d7dbc725a6d3911178054e35a43e9b
dc175178be1e917f5536c443e552097f3b4273fe
74d2efbf0f438558d0ee161e4a9078b866d13d4147aba421cb18e9efb9d80422
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0d859c631c974386675466dc7e0e119
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25102), with no line terminators
Hash 3f7eeab5b633903df02c9bdcc487dfba
17b6651e7e33e9d1606b7f9bdbcce0be26fb2329
59ab60aba7545da2f8629423c2eb9840c2d9e7fad34ef1a648c8c1c4530b4083
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89fa262f8a33a6bcc6781f6e6bd6842e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash abfe30f7c4f05c6836c43c73f69a4aa4
3c508047c302b22f442b3887a06271133ce44325
0b3262bd288b2a5bf5ffd8e81b287007e83b3ab77979ee2203caa043385fe03e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B3262BD288B2A5BF5FFD8E81B287007E83B3AB77979EE2203CAA043385FE03E"
Last-Modified: Sat, 15 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12883
Expires: Sun, 16 Oct 2022 19:28:21 GMT
Date: Sun, 16 Oct 2022 15:53:38 GMT
Connection: keep-alive
prawnsimply.com/watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
192.243.59.20307 Temporary Redirect 0 B URL HTTP/1.1 prawnsimply.com/watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://prawnsimply.com/watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=50a7b1a6a48e8ec46d245a7f482928f434671addb21921cd01b1fadb00c68beec5a045c798a2322cdc298ca0e889bacd71b29b6230b6638dfe7084844bcd0762d37cef04115b96d4184af4d11b20f82482231329&pst=1665935678&rmtc=t
Set-Cookie: u_pl=17258380; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM4MCwiayI6IjM1NzFkNzg0YTg5YTk5ZmJlZDgzMTBmNzkxMDg1NjU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjo1LCJwdCI6NCwicGsiOiJ3ajNrY2Rra3FiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.pPTKKv1_AQFe43COuqWMV0WYVdzQqI7NHGL8xy43C-Y; expires=Sun, 16 Oct 2022 15:54:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a971f64d79b9f9dfcf50fd2986f0040f
Strict-Transport-Security: max-age=0; includeSubdomains
sheschemetraitor.com/watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 sheschemetraitor.com/watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://sheschemetraitor.com/watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=6a4c7d1a952a8e6aa3cfd62269409a695e3fb087988c3149bff73ac2b3b870568299fed0fc3fa7e78028cb13030c178ba704b712e29733e0e9a492b6919fe5d28f540e71aa1db1c404beeb8b7042a4a6625fe16b7d4986a516418817e73e&pst=1665935678&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a098b143547c894d1c7581735d023dcd
Strict-Transport-Security: max-age=0; includeSubdomains
notifyoutspoken.com/watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=73b8688caae24606c3fe1c3baca7793df92237d1c2968a5e8d449ecfd2da02532ae53572316b4c2b58f336689a4360f76369a4ffdb4e0b15dc86ad692dade99ad0b28605a5ca732315259397d5ab7455436594b924847b2ec75e5a02b018bc5e&pst=1665935678&rmtc=t
173.233.137.36200 OK 2.0 kB URL HTTP/1.1 notifyoutspoken.com/watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=73b8688caae24606c3fe1c3baca7793df92237d1c2968a5e8d449ecfd2da02532ae53572316b4c2b58f336689a4360f76369a4ffdb4e0b15dc86ad692dade99ad0b28605a5ca732315259397d5ab7455436594b924847b2ec75e5a02b018bc5e&pst=1665935678&rmtc=t
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (2474)
Hash a3efefae2d5b31f2108ac762a09b396c
3d760dc59789c0a60d0b96cee888e86ccb4fbbd5
21b2988d38bf2aed1c5dc518263cfc86a5ee0a75af947a3c7b69c11a79ecd9e5
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.146810766826.js?key=0beffc764a59eda6bb1c999a258cb33a&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=73b8688caae24606c3fe1c3baca7793df92237d1c2968a5e8d449ecfd2da02532ae53572316b4c2b58f336689a4360f76369a4ffdb4e0b15dc86ad692dade99ad0b28605a5ca732315259397d5ab7455436594b924847b2ec75e5a02b018bc5e&pst=1665935678&rmtc=t HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258345; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM0NSwiayI6IjBiZWZmYzc2NGE1OWVkYTZiYjFjOTk5YTI1OGNiMzNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyNywicHQiOjQsInBrIjoiZ245ZTJ2dXRiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.GXb-vh_Q52OnMCN8VVRxtaG18NEoLnhzkJ-xH_0hbaU; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv27=true; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
uncs27=1; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5369523ceab356a0725346ad0a284141
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/90/fa/55/90fa55e79f85a5822e197862b4c53149/1663334602.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/cti/90/fa/55/90fa55e79f85a5822e197862b4c53149/1663334602.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 160 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash fb8a0af2c78607cf4c540a8be54248ef
795083ee49378071a4a04505ac40dfb4134acd74
1ad52c531815350c0f4411825fde5553748dd6b14bbc73752c939f6eba73c029
GET /cti/90/fa/55/90fa55e79f85a5822e197862b4c53149/1663334602.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:38 GMT
content-type: image/png
content-length: 33090
server: nginx/1.17.6
last-modified: Fri, 16 Sep 2022 13:23:30 GMT
etag: "632478d2-8142"
expires: Tue, 18 Oct 2022 15:53:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 1aacbbb8e92081c9e574dc9afa46431d
1434fa722a7364b7df682d9a054e2a49de38c07a
82d48adbd11a8c1b2a7bb48f0a9ba77cc91cf718a3b46f246d09b802f6b958fa
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae27089ee1104e8353270db8cfcf5895
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25074), with no line terminators
Hash 2fbd608b0cd72509d05e3fa0f4866271
1c1c2931d6312e5f5286ed7753b74ecfdc551a76
be30729b253187a09f5e073fea559e06d460ed75efe31529aee3ae6745cec863
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d41f654d83eb51c7724203b027a57af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sheschemetraitor.com/watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=6a4c7d1a952a8e6aa3cfd62269409a695e3fb087988c3149bff73ac2b3b870568299fed0fc3fa7e78028cb13030c178ba704b712e29733e0e9a492b6919fe5d28f540e71aa1db1c404beeb8b7042a4a6625fe16b7d4986a516418817e73e&pst=1665935678&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 sheschemetraitor.com/watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=6a4c7d1a952a8e6aa3cfd62269409a695e3fb087988c3149bff73ac2b3b870568299fed0fc3fa7e78028cb13030c178ba704b712e29733e0e9a492b6919fe5d28f540e71aa1db1c404beeb8b7042a4a6625fe16b7d4986a516418817e73e&pst=1665935678&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2398)
Hash 49e7ea271d121f4e3379026f4fcb8a55
6b05dae83c672a827031114fb5f9a0af50671b70
fa014f74d4b30b350212e9cc5dfb21aca79cb8ad5bc9337a5810105f48ef7adc
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.141449178286.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=6a4c7d1a952a8e6aa3cfd62269409a695e3fb087988c3149bff73ac2b3b870568299fed0fc3fa7e78028cb13030c178ba704b712e29733e0e9a492b6919fe5d28f540e71aa1db1c404beeb8b7042a4a6625fe16b7d4986a516418817e73e&pst=1665935678&rmtc=t HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eafdbca6e16b800ee56a6869081855bc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
prawnsimply.com/watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=50a7b1a6a48e8ec46d245a7f482928f434671addb21921cd01b1fadb00c68beec5a045c798a2322cdc298ca0e889bacd71b29b6230b6638dfe7084844bcd0762d37cef04115b96d4184af4d11b20f82482231329&pst=1665935678&rmtc=t
192.243.59.20200 OK 2.0 kB URL HTTP/1.1 prawnsimply.com/watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=50a7b1a6a48e8ec46d245a7f482928f434671addb21921cd01b1fadb00c68beec5a045c798a2322cdc298ca0e889bacd71b29b6230b6638dfe7084844bcd0762d37cef04115b96d4184af4d11b20f82482231329&pst=1665935678&rmtc=t
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2404)
Hash a91483f3b5e52930f8a152d5d417d4d4
cf0ba63c34dd05b6c308cb8006bf3a544752c7f9
da787a24bd69cc25bb9ed9fe9a4b5fac7a69f9cecb011af41ad00c72a88cb174
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.170785561412.js?key=3571d784a89a99fbed8310f791085655&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=50a7b1a6a48e8ec46d245a7f482928f434671addb21921cd01b1fadb00c68beec5a045c798a2322cdc298ca0e889bacd71b29b6230b6638dfe7084844bcd0762d37cef04115b96d4184af4d11b20f82482231329&pst=1665935678&rmtc=t HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258380; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM4MCwiayI6IjM1NzFkNzg0YTg5YTk5ZmJlZDgzMTBmNzkxMDg1NjU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjo1LCJwdCI6NCwicGsiOiJ3ajNrY2Rra3FiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.pPTKKv1_AQFe43COuqWMV0WYVdzQqI7NHGL8xy43C-Y
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0987c8440bfe6c2c3f7b9f40197c307
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/7a/d8/60/7ad860780810ba037243112155e868c8/1663165195.gif
45.133.44.10200 OK 13 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7a/d8/60/7ad860780810ba037243112155e868c8/1663165195.gif
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 468 x 60\012- data
Hash 1fe0557ce7700bb66d8e6eafee72f1f2
5d87f4e5a94cca6fd583822725bc18ce57c1716e
50a6927db0928b810c276a782103018daba8358bc2cf85d3c88de91a4250d789
GET /cti/7a/d8/60/7ad860780810ba037243112155e868c8/1663165195.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/gif
content-length: 13250
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:20:03 GMT
etag: "6321e313-33c2"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
sheschemetraitor.com/watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 sheschemetraitor.com/watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://sheschemetraitor.com/watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=cfe4f36c9dc16a16f8592006a4452cdd7373b731d63ed75051368fb0ddf3f539bf45b28d22a7a2544a7f5c7c1c075fc40c94e1b598dbe57cf5735f44088aae2e6dc75956e91b4bacd56a6a6761810aea1f5c1f6477c508fc0b884b8b525b&pst=1665935679&rmtc=t
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MiwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.p45fIc3qjzXuD5vJm0qJwP0r5M4dERCslrF-bT5B3DY; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: abd4ad16ad8d258cb0fe3109a6f690b4
Strict-Transport-Security: max-age=0; includeSubdomains
diminutioneconomy.com/ntv.json?key=0c610b74697d975fe227c0e71980368f&vstc=4&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D
192.243.59.13200 OK 18 kB URL HTTP/1.1 diminutioneconomy.com/ntv.json?key=0c610b74697d975fe227c0e71980368f&vstc=4&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (17498), with no line terminators
Hash e72426c9abc635afe0c90c4da07add1d
9cc533f9f597f357a170fd6697f97090b256ec09
90588d5c3d02d78a79f76b479dd65c89e595f7945db7b75c242b100471592f62
GET /ntv.json?key=0c610b74697d975fe227c0e71980368f&vstc=4&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/json
Content-Length: 17500
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17284620; expires=Mon, 17 Oct 2022 15:53:38 GMT; secure; SameSite=None
uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv49=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs49=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
nlec0c610b74697d975fe227c0e71980368f=[3254334,3254344,3254354,3254335]; expires=Sun, 16 Oct 2022 15:53:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cc36725bee2ab4397af517672d131370
Strict-Transport-Security: max-age=0; includeSubdomains
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26933), with no line terminators
Hash 08d7dbc725a6d3911178054e35a43e9b
dc175178be1e917f5536c443e552097f3b4273fe
74d2efbf0f438558d0ee161e4a9078b866d13d4147aba421cb18e9efb9d80422
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bcf96e1437eef88e3a52b67a7de82ef9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 5c3d9cd310b5a375ac5bb44c36d3f638
5ea889f57217c0abaffb9f9b3cbe951cdf86dcf2
ce6f774ae54209c351c33c6436d061dcc49a34f1edac5dd8b0ba013f307f47bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6F774AE54209C351C33C6436D061DCC49A34F1EDAC5DD8B0BA013F307F47BB"
Last-Modified: Fri, 14 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8712
Expires: Sun, 16 Oct 2022 18:18:51 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25102), with no line terminators
Hash 3f7eeab5b633903df02c9bdcc487dfba
17b6651e7e33e9d1606b7f9bdbcce0be26fb2329
59ab60aba7545da2f8629423c2eb9840c2d9e7fad34ef1a648c8c1c4530b4083
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a026e77306d5f5300bf56f9ff52ca718
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png
45.133.44.10200 OK 65 kB URL HTTP/2 cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 7b7a5b41c35f8431cbe8da8d833533ab
763cbed7a77765c52c00a2496c0dcf49f92bb867
c5739d41dd101ae24bc1bed6a0b34f11141d52d690b75a79b43f888ab12b67b2
GET /cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/png
content-length: 65272
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:15:21 GMT
etag: "61080c09-fef8"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 21130a293a555cd8c036d4418c1dbed9
d05a949666d5670680abf276e93d57d20a534293
23ac9a3d8a304c0cce41343f005ae7e44921583dc307f0f72850ca3b781ebcf9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23AC9A3D8A304C0CCE41343F005AE7E44921583DC307F0F72850CA3B781EBCF9"
Last-Modified: Fri, 14 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8030
Expires: Sun, 16 Oct 2022 18:07:29 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
sheschemetraitor.com/watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=cfe4f36c9dc16a16f8592006a4452cdd7373b731d63ed75051368fb0ddf3f539bf45b28d22a7a2544a7f5c7c1c075fc40c94e1b598dbe57cf5735f44088aae2e6dc75956e91b4bacd56a6a6761810aea1f5c1f6477c508fc0b884b8b525b&pst=1665935679&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 sheschemetraitor.com/watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=cfe4f36c9dc16a16f8592006a4452cdd7373b731d63ed75051368fb0ddf3f539bf45b28d22a7a2544a7f5c7c1c075fc40c94e1b598dbe57cf5735f44088aae2e6dc75956e91b4bacd56a6a6761810aea1f5c1f6477c508fc0b884b8b525b&pst=1665935679&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2468)
Hash 727c23e3df1ee792def1df791b9a646c
13b84c04372b647bf91524339ca7ed482c2e9696
1f9350bdb749239fa11fea8b19444912bb076f7731efb6feef43b8d9ac46775b
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.117855955098.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=cfe4f36c9dc16a16f8592006a4452cdd7373b731d63ed75051368fb0ddf3f539bf45b28d22a7a2544a7f5c7c1c075fc40c94e1b598dbe57cf5735f44088aae2e6dc75956e91b4bacd56a6a6761810aea1f5c1f6477c508fc0b884b8b525b&pst=1665935679&rmtc=t HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MiwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.p45fIc3qjzXuD5vJm0qJwP0r5M4dERCslrF-bT5B3DY; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=2; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=2; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c3a69b76f16481d1d7b352c1c5866c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/ce/49/8f/ce498fda4d257b5536c0602a97b1b054/1663164642.gif
45.133.44.10200 OK 18 kB URL HTTP/2 cdn.cloudimagesb.com/cti/ce/49/8f/ce498fda4d257b5536c0602a97b1b054/1663164642.gif
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 300 x 250\012- data
Hash b28118fadfb79b2b315fb5ddab219c98
21dc09b7815006f7ac90414117e6d41ef963b04f
1e9cec97d74dbb42ae809f43289239e98ffd9e021a0ec5164536195477690353
GET /cti/ce/49/8f/ce498fda4d257b5536c0602a97b1b054/1663164642.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/gif
content-length: 17764
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:10:50 GMT
etag: "6321e0ea-4564"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26961), with no line terminators
Hash 3866b7d95346c448b07e42f42dbaaaaa
6cf447c154bab44d56111534e62c6b0e1f2df3d1
a548089c54f2383d8f2c65bd89b0d77246da5428c48702724009451260e17707
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9acde0ae535a7e13d363c6ee68da79c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
monkyank.com/watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 monkyank.com/watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://monkyank.com/watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=14259a8eba423f6d6abc854de6fb0b01dfc38739e6bd4f63189842e0e0fe43c509640ee1b600aae488ee210274b80b7a51d7a4b4a47ba1d2f0a667d68bab29597e9dedba3ac3b055571f25ef0355ecf11786431e6d46c975945c54831ba7c740fa775071&pst=1665935679&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 40eb57a8c83ed245ca8e63acadd6091f
Strict-Transport-Security: max-age=0; includeSubdomains
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25114), with no line terminators
Hash d84541497609e2d61aae2c1e19d34929
61a0a70023650f007466b4542dc5a4c1c1a28063
f3da2f44fa6c5dd4096521989d12266be785939383234f74fd0176bddf122641
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9502e7787cdbcc8cf9be27c81e86009d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
45.133.44.10200 OK 19 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash e3f84420ce3bd43532e3ddb8b22a465e
3d7ad384f893e1dbcd8d3bfb260bfc8c4848138a
428d48c9b4e20910da3a15d23ca23eee970be4c013a4cbf5f66355537a8ddd10
GET /si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/jpeg
Content-Length: 18886
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Sun, 27 Feb 2022 16:15:36 GMT
ETag: "621ba3a8-49c6"
Expires: Tue, 18 Oct 2022 15:53:39 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg
45.133.44.10200 OK 22 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 796d425c7dcd3be5c1cdc6cdd56c1dab
e8cc1589c53cccdd638d3a732fef9e97aa4a45bc
f73ea8486409b59615869827f5c1b1f322ee1374d506e7789019bb4967348437
GET /si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/jpeg
Content-Length: 22212
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Sun, 27 Feb 2022 16:14:00 GMT
ETag: "621ba348-56c4"
Expires: Tue, 18 Oct 2022 15:53:39 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg
45.133.44.10200 OK 22 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash dea5f1ea2c9a47f7f4d05c62e70a2527
b88486270a197dd93dfc0ec3d6609c35dda8f928
638a55cc2116fa90536d6c306d288d9400921d7b3338ec9ff374eabc218f8b9c
GET /si/49/30/49/4930498805b27e2ddd2e8b730324d990/1645978709.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/jpeg
Content-Length: 21546
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Sun, 27 Feb 2022 16:18:35 GMT
ETag: "621ba45b-542a"
Expires: Tue, 18 Oct 2022 15:53:39 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
45.133.44.10200 OK 25 kB URL HTTP/1.1 cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash f1a49a7d784361bbce9f7ed99c6fc6ec
bb1a5732dc954a89c85089d16d71a00ade1fe682
deb5daa6fcbf7a78b9361e5ac56f09b27986953f03977adbaf32d04a93996bdd
GET /si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/jpeg
Content-Length: 25012
Connection: keep-alive
Server: nginx/1.17.6
Last-Modified: Sun, 27 Feb 2022 16:14:05 GMT
ETag: "621ba34d-61b4"
Expires: Tue, 18 Oct 2022 15:53:39 GMT
Cache-Control: max-age=172800
X-Proxy-Cache: HIT
Accept-Ranges: bytes
monkyank.com/watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 monkyank.com/watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://monkyank.com/watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=b65c334dbb192bd30b7389c2c7e93bff8af73a53e9754743f9f19f20110fde6170a0aa60c5b1ce67907128fba6b7d73b122cda13e1c5b0a186b5dd5bef686f7717cffe5ae69052a33c2611ccc0b82e415839204f96b462cfa957744d1164&pst=1665935679&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 077787e383f60f9538e9f16add23b577
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash e320ccb94a23438f623e269efd7a30e0
313fa179c2eef6eff6a76f6c2c5647da97a42f95
20435f26df61c3f471dda10846bf75e2fa62aa0ddb80852d0af13bf1c19e019a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20435F26DF61C3F471DDA10846BF75E2FA62AA0DDB80852D0AF13BF1C19E019A"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8750
Expires: Sun, 16 Oct 2022 18:19:29 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
jeerinfluencemedical.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.59.12200 OK 0 B URL HTTP/1.1 jeerinfluencemedical.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: jeerinfluencemedical.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/cti/69/eb/5b/69eb5b050a7926bd63f5b298436d7d7f/1663166466.png
45.133.44.10200 OK 40 kB URL HTTP/2 cdn.cloudimagesb.com/cti/69/eb/5b/69eb5b050a7926bd63f5b298436d7d7f/1663166466.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 729 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash ce59bc76d5eadd3d7212d0343a5465e2
2c0b557a604b474a9e026c9e5ed4aef27c978333
1c6d20b8317b0f3e6dff1328237a84df733fdccdb2a8d7df05ae4ca7c8b289db
GET /cti/69/eb/5b/69eb5b050a7926bd63f5b298436d7d7f/1663166466.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/png
content-length: 40500
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:41:14 GMT
etag: "6321e80a-9e34"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 24a8d0070374d410f3e425a58a517891
f580efd2b4f8f174364c8d24c5a9fed3e4cfd2ed
3502c6af27058ffc9102b53e6c671ea1c0b0c85d79ffd6cfa24f691c87120e89
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f562c4076dc6b6489515da0789e8ceb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25070), with no line terminators
Hash a6c3279f74912670049d6ed7e761a6bc
c143555e0228cdfa7e55a105978a8aa47a56334a
2511a8cbdfcbbdfed8d4fb78d9e88eb1ca14b137d2eebb4f62c0e8017f79db8a
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a046713460df5cbeeaa68630a7d93331
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
monkyank.com/watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=14259a8eba423f6d6abc854de6fb0b01dfc38739e6bd4f63189842e0e0fe43c509640ee1b600aae488ee210274b80b7a51d7a4b4a47ba1d2f0a667d68bab29597e9dedba3ac3b055571f25ef0355ecf11786431e6d46c975945c54831ba7c740fa775071&pst=1665935679&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 monkyank.com/watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=14259a8eba423f6d6abc854de6fb0b01dfc38739e6bd4f63189842e0e0fe43c509640ee1b600aae488ee210274b80b7a51d7a4b4a47ba1d2f0a667d68bab29597e9dedba3ac3b055571f25ef0355ecf11786431e6d46c975945c54831ba7c740fa775071&pst=1665935679&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2426)
Hash cf45dba0dbea79994e19e6f06bab014b
5a15c32a1f0115ffcb935dd0dbf9585c129d0dc4
6f36e8752ad73962e52708560042db2c38a0bd20901ed670de556bbefe112825
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.290318137213.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=14259a8eba423f6d6abc854de6fb0b01dfc38739e6bd4f63189842e0e0fe43c509640ee1b600aae488ee210274b80b7a51d7a4b4a47ba1d2f0a667d68bab29597e9dedba3ac3b055571f25ef0355ecf11786431e6d46c975945c54831ba7c740fa775071&pst=1665935679&rmtc=t HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 080df8f4f6bba7899e52c8bf5612fea7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
monkyank.com/watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=b65c334dbb192bd30b7389c2c7e93bff8af73a53e9754743f9f19f20110fde6170a0aa60c5b1ce67907128fba6b7d73b122cda13e1c5b0a186b5dd5bef686f7717cffe5ae69052a33c2611ccc0b82e415839204f96b462cfa957744d1164&pst=1665935679&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 monkyank.com/watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=b65c334dbb192bd30b7389c2c7e93bff8af73a53e9754743f9f19f20110fde6170a0aa60c5b1ce67907128fba6b7d73b122cda13e1c5b0a186b5dd5bef686f7717cffe5ae69052a33c2611ccc0b82e415839204f96b462cfa957744d1164&pst=1665935679&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2416)
Hash 49eca2a34c4910b5d425eabb09936fa7
8bbacbea3a72cd74aba2c0f4f886666218077873
67a60720f831615a09f88639f1c5392ea2762c387931052ff780efb14a3d21a0
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.897751477842.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=b65c334dbb192bd30b7389c2c7e93bff8af73a53e9754743f9f19f20110fde6170a0aa60c5b1ce67907128fba6b7d73b122cda13e1c5b0a186b5dd5bef686f7717cffe5ae69052a33c2611ccc0b82e415839204f96b462cfa957744d1164&pst=1665935679&rmtc=t HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7326baf20ea9dc06cdce043eae1504d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 902e977a1fbd86f0b5ee0b8cdba0ed96
879716a92ab59f6a3bd9b0e2f9a51df09596abf1
b73e5986f65b03f2dfded8b0a5b6be8e2b15d053cb7190d5dcf353993b36a3f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B73E5986F65B03F2DFDED8B0A5B6BE8E2B15D053CB7190D5DCF353993B36A3F3"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9669
Expires: Sun, 16 Oct 2022 18:34:48 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
monkyank.com/watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 monkyank.com/watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://monkyank.com/watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=2e43cd7c87f5b345ca097f6728c0335c52dc7b6de53b806669a748026af81ad1810a8c0166e686703d5a6a26b8fde9971a70e79b60d0c7743956bd7b888c9bf1549e9f5fa60b7a5d195c9ac915a7cc2993686c7c50e4b75a89940bd4e7fa6d58&pst=1665935679&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8a1825a9c75dac45185fdf7113d141e
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.61.227200 OK 0 B URL HTTP/1.1 familiarkindlyshuffle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash f31588865588398af8d6de664e8f84c7
88a52c610d224c3496968ebfe3881cfa2027ffdf
b17a0ea8a819f624b7bb8b2526226a032088384ccaffdd0cd4063ca7296842c4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B17A0EA8A819F624B7BB8B2526226A032088384CCAFFDD0CD4063CA7296842C4"
Last-Modified: Sat, 15 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15612
Expires: Sun, 16 Oct 2022 20:13:51 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
notifyoutspoken.com/watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 notifyoutspoken.com/watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258345; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM0NSwiayI6IjBiZWZmYzc2NGE1OWVkYTZiYjFjOTk5YTI1OGNiMzNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyNywicHQiOjQsInBrIjoiZ245ZTJ2dXRiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.GXb-vh_Q52OnMCN8VVRxtaG18NEoLnhzkJ-xH_0hbaU; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; pdhtkv27=true; uncs27=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://notifyoutspoken.com/watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=3ad244dcebe98fc4800f03a2dbfc17b257116e7aade10c39d833c216dcae1a10d1bc649aabce2e2ac0e641e14d1f5cf32df42bfcbdc3e38d00eed59326fae73d7d04393866a78e3c5d39d1a0928470fbe66cf72505c6b7c7b06e5420ad206f6f4f&pst=1665935679&rmtc=t
Set-Cookie: u_pl=17258345,17258364; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.edfIJR3bnoQ9NSSsMK962LL2BaF9YVDTlmVbEJtpn8M; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b9a671f621486f1b19ca7478c766592
Strict-Transport-Security: max-age=0; includeSubdomains
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26959), with no line terminators
Hash 97d1cef1b47b7ce4e2037d031b1ff525
20b01fb837b5d97f14c43b3b0c04121fd0466d4f
5b2c6749eecd2ff6339f7d9e52d74b8423c908f591fd77a56e968d15a97fb732
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0b3bec0dda90281ab30d058df4be708
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25098), with no line terminators
Hash d9b25fd32c00a4ca45492fec235f0124
88aee82ddc2860b6ab4cf4d6a8ec3ac57e697fa8
0fc5a7742745c5871941ab351130d2a445cbec160b3003425b28eba110b236a8
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e13d2ac92a5d5e1f0679c30eb772820a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/19/f2/1c/19f21c1bed9621680fc6d126709d678c/1627917293.png
45.133.44.10200 OK 48 kB URL HTTP/2 cdn.cloudimagesb.com/cti/19/f2/1c/19f21c1bed9621680fc6d126709d678c/1627917293.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 407f211e032589d74fc4efbb9850dc01
aca22f4084875231eeb11c4fbb7578f6158c1613
3c840c1741fd2d23992a213bcfedd3da37a7fa73b3ac47c2607df77d49db93b8
GET /cti/19/f2/1c/19f21c1bed9621680fc6d126709d678c/1627917293.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/png
content-length: 48540
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:15:00 GMT
etag: "61080bf4-bd9c"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
rbebooks.site/wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
142.132.250.25200 OK 92 B URL HTTP/2 rbebooks.site/wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 7a80115a7113d70d83d1b62d0757a941
98b0489cd1af1bb0b9e57510c49e34fb57f0c5e9
e88bc25fe9b966934cebe9a3202a015ed3eb2bb6dc4f139c431f9a23b133aeb9
GET /wp-json/wp-statistics/v2/hit?_=1665935616&_wpnonce=5b584b389e&wp_statistics_hit_rest=yes&referred=https%3A%2F%2Frbebooks.site&exclusion_match=no&exclusion_reason&track_all=1¤t_page_type=post¤t_page_id=9266&search_query&page_uri=/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/ HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: noindex
link: <https://rbebooks.site/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey
x-wp-nonce: 5b584b389e
allow: GET
access-control-allow-origin: http://rbebooks.site
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
cache-control: no-cache, s-maxage=10
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
monkyank.com/watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=2e43cd7c87f5b345ca097f6728c0335c52dc7b6de53b806669a748026af81ad1810a8c0166e686703d5a6a26b8fde9971a70e79b60d0c7743956bd7b888c9bf1549e9f5fa60b7a5d195c9ac915a7cc2993686c7c50e4b75a89940bd4e7fa6d58&pst=1665935679&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 monkyank.com/watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=2e43cd7c87f5b345ca097f6728c0335c52dc7b6de53b806669a748026af81ad1810a8c0166e686703d5a6a26b8fde9971a70e79b60d0c7743956bd7b888c9bf1549e9f5fa60b7a5d195c9ac915a7cc2993686c7c50e4b75a89940bd4e7fa6d58&pst=1665935679&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2466)
Hash b7ed1ab45c8e0e60d56de17c1e4b0d6e
d5f700c77fef1fd95179ca764bc333be2dd43242
10ed2f60c0befa186acd8fdcdbea90bb229f0d67b9deb2b43aa9691dc5753deb
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.761630106258.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=2e43cd7c87f5b345ca097f6728c0335c52dc7b6de53b806669a748026af81ad1810a8c0166e686703d5a6a26b8fde9971a70e79b60d0c7743956bd7b888c9bf1549e9f5fa60b7a5d195c9ac915a7cc2993686c7c50e4b75a89940bd4e7fa6d58&pst=1665935679&rmtc=t HTTP/1.1
Host: monkyank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47c1c295cb6853ceb6b25d8935713fdf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTSwVARdQL1U5%2BMCBSo27u17v2lSiopSUitCWFlROoPllZ%2FB6Z5nZ9Trm0lKEevSBC5zWz0lToFTwBxAhpxJCkZDiWw5E4m9A4oxsIgxz%2BL7vzXuHp%2Fd9X4zzY%2BIip0dX3tFDFcf0QqPmVl%2F5wPMuVjdUkg%2Bqg2b4URhcrJr%2Bq62w5p6rXpW8qy%2F4rue6nutV15WRbT24MCeh0sctr9Zya4Ff8xoBBub%2F2OYOLHUg%2BsfkRSgxqzx1TkPxKZLeD1ek7WY6Pf9mL49ppg36Yvf9pJvoIkFvObaNg3aye6KGtofre9DJzsIudP9fIVMz4vyyB5bsnpgE628vfLIYMgETz6HoTyHjKRSdguv7UOKQAFzg%2Bg0kvYfXtSno1j8snbMzUvnrT6hiRiq%2Fn0bSe3I5VoPqbR3nmdKJxaBdQg2mUJ0p0nwf2XAFqtgHzz6DEgRJr4QSRy9TXwRtr%2BGvBR5vrAWsVV9r%2BiJac32PuUEoWoHfXASj1BSqPUUsR6B2Fbl1kCsHedtBnjroiaMq9zwvcgWnbrPFeV1EkoXC9WjU9qjnhk3kfO59hCwdgccjcHMXqbn3SNQjWWc8GDN01Qgm%2Fxl2s4QVK7DZjDjv3kNflCgkQWEJCkpQKIIiIyj65Y6IrW%2FLhyK2OfNOun%2FS6%2BVEZ50x3dFZRyZknB6TF%2Bb5Oaf2nkdXHlVdHnoui4KwFYlW1GhL34%2B4KyOv1XTrYbMNq0oouwJqHQzVjLzUOYtUzcip83fA6D5svA%2BuzoLmHmgxiXwXdHMSNF0Mk%2B8Nk0zrrq1ZlUkIXSLNKsi2nHF8TM4sFuk9eguSH1z6fPjH1SenPwU3JVJT4mP1lKATP5jc0gXZvqULS368kWaqp4Z0vuTbGc3k6rdvy61CG3Htih198zqfE%2FPx8XvSZhs0ESrpWPLdZSWENOvacEl%2BumbvSHYzt5uXc5Pk6cbNN9av9VIjrVU6mYKqww93wNWMPPPJb4vrPTPMocwUJi%2FRyw%2FIyYPS%2B%2BDpXdh06d7qVZh4qWHpCoq8nBifLT9jRRDLJaashP0PZst5bB%2BgY3zQ7P7iaPumRD8uQeMRbP7sJEvNwaVfv5q%2Fr8HiyoTFprLNYhN%2FOY%2F2tUW%2B83JrXi7BqqNqVK%2B7NGw1vCiiMmKB32yHnqDUD0I%2FDGkdmZ3xjXOrfwMAAP%2F%2FAQAA%2F%2F%2FIouOflwQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTSwVARdQL1U5%2BMCBSo27u17v2lSiopSUitCWFlROoPllZ%2FB6Z5nZ9Trm0lKEevSBC5zWz0lToFTwBxAhpxJCkZDiWw5E4m9A4oxsIgxz%2BL7vzXuHp%2Fd9X4zzY%2BIip0dX3tFDFcf0QqPmVl%2F5wPMuVjdUkg%2Bqg2b4URhcrJr%2Bq62w5p6rXpW8qy%2F4rue6nutV15WRbT24MCeh0sctr9Zya4Ff8xoBBub%2F2OYOLHUg%2BsfkRSgxqzx1TkPxKZLeD1ek7WY6Pf9mL49ppg36Yvf9pJvoIkFvObaNg3aye6KGtofre9DJzsIudP9fIVMz4vyyB5bsnpgE628vfLIYMgETz6HoTyHjKRSdguv7UOKQAFzg%2Bg0kvYfXtSno1j8snbMzUvnrT6hiRiq%2Fn0bSe3I5VoPqbR3nmdKJxaBdQg2mUJ0p0nwf2XAFqtgHzz6DEgRJr4QSRy9TXwRtr%2BGvBR5vrAWsVV9r%2BiJac32PuUEoWoHfXASj1BSqPUUsR6B2Fbl1kCsHedtBnjroiaMq9zwvcgWnbrPFeV1EkoXC9WjU9qjnhk3kfO59hCwdgccjcHMXqbn3SNQjWWc8GDN01Qgm%2Fxl2s4QVK7DZjDjv3kNflCgkQWEJCkpQKIIiIyj65Y6IrW%2FLhyK2OfNOun%2FS6%2BVEZ50x3dFZRyZknB6TF%2Bb5Oaf2nkdXHlVdHnoui4KwFYlW1GhL34%2B4KyOv1XTrYbMNq0oouwJqHQzVjLzUOYtUzcip83fA6D5svA%2BuzoLmHmgxiXwXdHMSNF0Mk%2B8Nk0zrrq1ZlUkIXSLNKsi2nHF8TM4sFuk9eguSH1z6fPjH1SenPwU3JVJT4mP1lKATP5jc0gXZvqULS368kWaqp4Z0vuTbGc3k6rdvy61CG3Htih198zqfE%2FPx8XvSZhs0ESrpWPLdZSWENOvacEl%2BumbvSHYzt5uXc5Pk6cbNN9av9VIjrVU6mYKqww93wNWMPPPJb4vrPTPMocwUJi%2FRyw%2FIyYPS%2B%2BDpXdh06d7qVZh4qWHpCoq8nBifLT9jRRDLJaashP0PZst5bB%2BgY3zQ7P7iaPumRD8uQeMRbP7sJEvNwaVfv5q%2Fr8HiyoTFprLNYhN%2FOY%2F2tUW%2B83JrXi7BqqNqVK%2B7NGw1vCiiMmKB32yHnqDUD0I%2FDGkdmZ3xjXOrfwMAAP%2F%2FAQAA%2F%2F%2FIouOflwQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidTSwVARdQL1U5%2BMCBSo27u17v2lSiopSUitCWFlROoPllZ%2FB6Z5nZ9Trm0lKEevSBC5zWz0lToFTwBxAhpxJCkZDiWw5E4m9A4oxsIgxz%2BL7vzXuHp%2Fd9X4zzY%2BIip0dX3tFDFcf0QqPmVl%2F5wPMuVjdUkg%2Bqg2b4URhcrJr%2Bq62w5p6rXpW8qy%2F4rue6nutV15WRbT24MCeh0sctr9Zya4Ff8xoBBub%2F2OYOLHUg%2BsfkRSgxqzx1TkPxKZLeD1ek7WY6Pf9mL49ppg36Yvf9pJvoIkFvObaNg3aye6KGtofre9DJzsIudP9fIVMz4vyyB5bsnpgE628vfLIYMgETz6HoTyHjKRSdguv7UOKQAFzg%2Bg0kvYfXtSno1j8snbMzUvnrT6hiRiq%2Fn0bSe3I5VoPqbR3nmdKJxaBdQg2mUJ0p0nwf2XAFqtgHzz6DEgRJr4QSRy9TXwRtr%2BGvBR5vrAWsVV9r%2BiJac32PuUEoWoHfXASj1BSqPUUsR6B2Fbl1kCsHedtBnjroiaMq9zwvcgWnbrPFeV1EkoXC9WjU9qjnhk3kfO59hCwdgccjcHMXqbn3SNQjWWc8GDN01Qgm%2Fxl2s4QVK7DZjDjv3kNflCgkQWEJCkpQKIIiIyj65Y6IrW%2FLhyK2OfNOun%2FS6%2BVEZ50x3dFZRyZknB6TF%2Bb5Oaf2nkdXHlVdHnoui4KwFYlW1GhL34%2B4KyOv1XTrYbMNq0oouwJqHQzVjLzUOYtUzcip83fA6D5svA%2BuzoLmHmgxiXwXdHMSNF0Mk%2B8Nk0zrrq1ZlUkIXSLNKsi2nHF8TM4sFuk9eguSH1z6fPjH1SenPwU3JVJT4mP1lKATP5jc0gXZvqULS368kWaqp4Z0vuTbGc3k6rdvy61CG3Htih198zqfE%2FPx8XvSZhs0ESrpWPLdZSWENOvacEl%2BumbvSHYzt5uXc5Pk6cbNN9av9VIjrVU6mYKqww93wNWMPPPJb4vrPTPMocwUJi%2FRyw%2FIyYPS%2B%2BDpXdh06d7qVZh4qWHpCoq8nBifLT9jRRDLJaashP0PZst5bB%2BgY3zQ7P7iaPumRD8uQeMRbP7sJEvNwaVfv5q%2Fr8HiyoTFprLNYhN%2FOY%2F2tUW%2B83JrXi7BqqNqVK%2B7NGw1vCiiMmKB32yHnqDUD0I%2FDGkdmZ3xjXOrfwMAAP%2F%2FAQAA%2F%2F%2FIouOflwQAAA%3D%3D HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0f10909a3ef27d40bd1d2163a10d6ea
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST68T1Rs%2Bw23CLz%2FdaNgQXHThQhJumZlOZ1pJJCJeJF4BQYMrzfnXcuzpnPGcmU6pGxBjWHbhRlfTp1xARaIfQGJ6SYyyoru78CZ%2BBhPXpuXG6lm87%2Fuc51k8ed73i2mxT3wUdO%2FsO2astKYnWw2%2F%2FsoHQXCqvq3SYlQfteOP4uhU3Q5f7cQN%2F3j9nOR9czL0A98P%2FKC%2BpazsmtHJJQmVPegEjY7fiMJG0Iowsv%2FFrvDgqAcx3CcvQolF7bF3BIrPkQ5%2BOCtdPzfZiTcHhaa5sRiKe%2B%2Bn%2FdSUKQbrsWs9dNN7B2oY93TrEUy6s7ILM%2FxHyNSCeL88AkvvHZgEG95Z%2BWQaMgUTz6EcziH1HIrOwc0tKPGUAFzgwkWkg7sXjC3p9WcsXbILUvvrT6hyQWq%2FH0E6eHhGq1H9itFFrkzqMOpWUKM5VG%2BOrNhFPj4EVe6C559BCYJ0UEGJvZdpKKJu0Ao3o4C3NiPWaW62Q5Fs%2BmHA%2FCgWnShsr4JRag7VnUPLCajbQOE8FMpD0fVQZB4GYq%2FOgyBIfMGp3%2B5w3hSJZLHwA5p0Axr4cRsFX3qfIM8m4HoCbm8gszfvi2Yim4xHU4a%2BmsAWP8Ndq%2BDEIbh8Qbx3b2IoKpSSoHQEJSUoFUGZE5TDakdoF7rqrtCuYMFBDw96s5qZvDelOybvyZRMs33ywjI%2F7%2FCj59GXe3Wfx4HPkijuJKKTtLoyDBPuyyTotP1m3O7CqQrKHQJ1HsZqQV7qHUOmFuTwiatgdBdO74KrY6BFAFrOktAHvTaL2j7G6feWSWZM3zWcyiWEqZDlNeTXvaneJ0dXiwzun4bkT05%2FPv7j3MMjn4LbCpmt8LF6TNDTt2eXTUnuXDalIz9ezHI1UGO6XPKVnOZy49u35fXSWHH%2BrJt88zpfEsvxwXvS5ds0FSrtOfLdGSWEtFvGckl%2BOu%2BuSnapcNfOFDYtsu1Lb2ydH2RWOqdMOgdVTz%2FcAVcL8r9Pfltd79GxhrJz2KLCoHhCDh6U2QXPbsBla%2FfObMDqtYZlNZRFNbMhW39qRaDlGlNWwf0Ls%2FU8dbfRsyFofmt1tENbYagrUD2BK%2F4%2FyzP75PSvXy3f12C6NmPa1u4wbfWXy2hfW5a3luXys6Sd2qsnzaZP404rSBIqExaF7W4cCErDKA7jmDaRuwXfPr7xNwAAAP%2F%2FAQAA%2F%2F%2FTBrHjlwQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST68T1Rs%2Bw23CLz%2FdaNgQXHThQhJumZlOZ1pJJCJeJF4BQYMrzfnXcuzpnPGcmU6pGxBjWHbhRlfTp1xARaIfQGJ6SYyyoru78CZ%2BBhPXpuXG6lm87%2Fuc51k8ed73i2mxT3wUdO%2FsO2astKYnWw2%2F%2FsoHQXCqvq3SYlQfteOP4uhU3Q5f7cQN%2F3j9nOR9czL0A98P%2FKC%2BpazsmtHJJQmVPegEjY7fiMJG0Iowsv%2FFrvDgqAcx3CcvQolF7bF3BIrPkQ5%2BOCtdPzfZiTcHhaa5sRiKe%2B%2Bn%2FdSUKQbrsWs9dNN7B2oY93TrEUy6s7ILM%2FxHyNSCeL88AkvvHZgEG95Z%2BWQaMgUTz6EcziH1HIrOwc0tKPGUAFzgwkWkg7sXjC3p9WcsXbILUvvrT6hyQWq%2FH0E6eHhGq1H9itFFrkzqMOpWUKM5VG%2BOrNhFPj4EVe6C559BCYJ0UEGJvZdpKKJu0Ao3o4C3NiPWaW62Q5Fs%2BmHA%2FCgWnShsr4JRag7VnUPLCajbQOE8FMpD0fVQZB4GYq%2FOgyBIfMGp3%2B5w3hSJZLHwA5p0Axr4cRsFX3qfIM8m4HoCbm8gszfvi2Yim4xHU4a%2BmsAWP8Ndq%2BDEIbh8Qbx3b2IoKpSSoHQEJSUoFUGZE5TDakdoF7rqrtCuYMFBDw96s5qZvDelOybvyZRMs33ywjI%2F7%2FCj59GXe3Wfx4HPkijuJKKTtLoyDBPuyyTotP1m3O7CqQrKHQJ1HsZqQV7qHUOmFuTwiatgdBdO74KrY6BFAFrOktAHvTaL2j7G6feWSWZM3zWcyiWEqZDlNeTXvaneJ0dXiwzun4bkT05%2FPv7j3MMjn4LbCpmt8LF6TNDTt2eXTUnuXDalIz9ezHI1UGO6XPKVnOZy49u35fXSWHH%2BrJt88zpfEsvxwXvS5ds0FSrtOfLdGSWEtFvGckl%2BOu%2BuSnapcNfOFDYtsu1Lb2ydH2RWOqdMOgdVTz%2FcAVcL8r9Pfltd79GxhrJz2KLCoHhCDh6U2QXPbsBla%2FfObMDqtYZlNZRFNbMhW39qRaDlGlNWwf0Ls%2FU8dbfRsyFofmt1tENbYagrUD2BK%2F4%2FyzP75PSvXy3f12C6NmPa1u4wbfWXy2hfW5a3luXys6Sd2qsnzaZP404rSBIqExaF7W4cCErDKA7jmDaRuwXfPr7xNwAAAP%2F%2FAQAA%2F%2F%2FTBrHjlwQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST68T1Rs%2Bw23CLz%2FdaNgQXHThQhJumZlOZ1pJJCJeJF4BQYMrzfnXcuzpnPGcmU6pGxBjWHbhRlfTp1xARaIfQGJ6SYyyoru78CZ%2BBhPXpuXG6lm87%2Fuc51k8ed73i2mxT3wUdO%2FsO2astKYnWw2%2F%2FsoHQXCqvq3SYlQfteOP4uhU3Q5f7cQN%2F3j9nOR9czL0A98P%2FKC%2BpazsmtHJJQmVPegEjY7fiMJG0Iowsv%2FFrvDgqAcx3CcvQolF7bF3BIrPkQ5%2BOCtdPzfZiTcHhaa5sRiKe%2B%2Bn%2FdSUKQbrsWs9dNN7B2oY93TrEUy6s7ILM%2FxHyNSCeL88AkvvHZgEG95Z%2BWQaMgUTz6EcziH1HIrOwc0tKPGUAFzgwkWkg7sXjC3p9WcsXbILUvvrT6hyQWq%2FH0E6eHhGq1H9itFFrkzqMOpWUKM5VG%2BOrNhFPj4EVe6C559BCYJ0UEGJvZdpKKJu0Ao3o4C3NiPWaW62Q5Fs%2BmHA%2FCgWnShsr4JRag7VnUPLCajbQOE8FMpD0fVQZB4GYq%2FOgyBIfMGp3%2B5w3hSJZLHwA5p0Axr4cRsFX3qfIM8m4HoCbm8gszfvi2Yim4xHU4a%2BmsAWP8Ndq%2BDEIbh8Qbx3b2IoKpSSoHQEJSUoFUGZE5TDakdoF7rqrtCuYMFBDw96s5qZvDelOybvyZRMs33ywjI%2F7%2FCj59GXe3Wfx4HPkijuJKKTtLoyDBPuyyTotP1m3O7CqQrKHQJ1HsZqQV7qHUOmFuTwiatgdBdO74KrY6BFAFrOktAHvTaL2j7G6feWSWZM3zWcyiWEqZDlNeTXvaneJ0dXiwzun4bkT05%2FPv7j3MMjn4LbCpmt8LF6TNDTt2eXTUnuXDalIz9ezHI1UGO6XPKVnOZy49u35fXSWHH%2BrJt88zpfEsvxwXvS5ds0FSrtOfLdGSWEtFvGckl%2BOu%2BuSnapcNfOFDYtsu1Lb2ydH2RWOqdMOgdVTz%2FcAVcL8r9Pfltd79GxhrJz2KLCoHhCDh6U2QXPbsBla%2FfObMDqtYZlNZRFNbMhW39qRaDlGlNWwf0Ls%2FU8dbfRsyFofmt1tENbYagrUD2BK%2F4%2FyzP75PSvXy3f12C6NmPa1u4wbfWXy2hfW5a3luXys6Sd2qsnzaZP404rSBIqExaF7W4cCErDKA7jmDaRuwXfPr7xNwAAAP%2F%2FAQAA%2F%2F%2FTBrHjlwQAAA%3D%3D HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 339c5ca0d7979e83316619da328c5839
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP48b1Rd9k7WUn37QgNJEoXBBQaSsMzMez9hEIiKEDRFLEjagUIHeP3sfHs8b3pvxeE1BQhBK6YIGqvHxbjZAiOADsELeSAhttRbNFqzEZ0CiRjYrDK%2B49553TnF07v18nB8TFzk9uvqWHqo4phcbNbf60nued6m6rpJ8UB00ww%2FC4FLV9F9uhTX3fPWa5F190Xc91%2FVcr7qmjGzrwcU5CZU%2Bbnm1llsL%2FJrXCDAw%2F8U2d2CpA9E%2FJs9DiVnlqXMGik%2BR9L6%2FKm030%2BmF13t5TDNt0Be77ybdRBcJesuxbRy0k90TNbQ9XNuDTnYWdqH7%2FwiZmhHn5z2wZPfEJFh%2Fe%2BGTxZAJmHgGRX8KGU%2Bh6BRc34cShwTgAjduIuk9vKFNQbf%2BZumcnZHKn39AFTNS%2Be0Mkt6TK7EaVG%2FrOM%2BUTiwG7RJqMIXqTJHm%2B8iGp6CKffDsUyhBkPRKKHH0IvVF0PYa%2Fmrg8cZqwFr11aYvolXX95gbhKIV%2BM1FMEpNodpTxHIEaleQWwe5cpC3HeSpg544qnLP8yJXcOo2W5zXRSRZKFyPRm2Pem7YRM7n3kfI0hF4PAI3d5Gae49EPZJ1xoMxQ1eNYPKfYDdLWHEKNpsR5%2B176IsShSQoLEFBCQpFUGQERb%2FcEbH1bflQxDZn3kn3T3q9nOisM6Y7OuvIhIzTY%2FLcPD%2Fn9N6z6MqjqstDz2VRELYi0Yoaben7EXdl5LWabj1stmFVCWVPgVoHQzUjL3TOIVUzcvrCHTC6Dxvvg6tzoLkHWkwi3wXdnARNF8PkO8Mk07pra1ZlEkKXSLMKsi1nHB%2BTs4tFeo82IPnB5c%2BGv197cuZjcFMiNSU%2BVE8JOvGDyYYuyPaGLiz54WaaqZ4a0vmSb2c0kyvfvCm3Cm3E9at29PWrfE7Mx8fvSJut00SopGPJt1eUENKsacMl%2BfG6vSPZrdxuXslNkqfrt15bu95LjbRW6WQKqg7f3wFXM%2FK%2Fj35dXO%2FZ4SdQZgqTl%2BjlB%2BTkQel98PQubLp0b%2FUKTLzUsHQFRV5OjM%2BWn7EiiOUSU1bC%2Fguz5Ty2D9AxPmh2f3G0fVOiH5eg8Qg2%2F%2F8kS83B5V%2B%2BnL%2BvwOLKhMWmss1iE38xj%2FaVeXljEfK8XIZVR9WoXndp2Gp4UURlxAK%2F2Q49QakfhH4Y0joyO%2BPr51f%2BAgAA%2F%2F8BAAD%2F%2FzLUI3%2BXBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP48b1Rd9k7WUn37QgNJEoXBBQaSsMzMez9hEIiKEDRFLEjagUIHeP3sfHs8b3pvxeE1BQhBK6YIGqvHxbjZAiOADsELeSAhttRbNFqzEZ0CiRjYrDK%2B49553TnF07v18nB8TFzk9uvqWHqo4phcbNbf60nued6m6rpJ8UB00ww%2FC4FLV9F9uhTX3fPWa5F190Xc91%2FVcr7qmjGzrwcU5CZU%2Bbnm1llsL%2FJrXCDAw%2F8U2d2CpA9E%2FJs9DiVnlqXMGik%2BR9L6%2FKm030%2BmF13t5TDNt0Be77ybdRBcJesuxbRy0k90TNbQ9XNuDTnYWdqH7%2FwiZmhHn5z2wZPfEJFh%2Fe%2BGTxZAJmHgGRX8KGU%2Bh6BRc34cShwTgAjduIuk9vKFNQbf%2BZumcnZHKn39AFTNS%2Be0Mkt6TK7EaVG%2FrOM%2BUTiwG7RJqMIXqTJHm%2B8iGp6CKffDsUyhBkPRKKHH0IvVF0PYa%2Fmrg8cZqwFr11aYvolXX95gbhKIV%2BM1FMEpNodpTxHIEaleQWwe5cpC3HeSpg544qnLP8yJXcOo2W5zXRSRZKFyPRm2Pem7YRM7n3kfI0hF4PAI3d5Gae49EPZJ1xoMxQ1eNYPKfYDdLWHEKNpsR5%2B176IsShSQoLEFBCQpFUGQERb%2FcEbH1bflQxDZn3kn3T3q9nOisM6Y7OuvIhIzTY%2FLcPD%2Fn9N6z6MqjqstDz2VRELYi0Yoaben7EXdl5LWabj1stmFVCWVPgVoHQzUjL3TOIVUzcvrCHTC6Dxvvg6tzoLkHWkwi3wXdnARNF8PkO8Mk07pra1ZlEkKXSLMKsi1nHB%2BTs4tFeo82IPnB5c%2BGv197cuZjcFMiNSU%2BVE8JOvGDyYYuyPaGLiz54WaaqZ4a0vmSb2c0kyvfvCm3Cm3E9at29PWrfE7Mx8fvSJut00SopGPJt1eUENKsacMl%2BfG6vSPZrdxuXslNkqfrt15bu95LjbRW6WQKqg7f3wFXM%2FK%2Fj35dXO%2FZ4SdQZgqTl%2BjlB%2BTkQel98PQubLp0b%2FUKTLzUsHQFRV5OjM%2BWn7EiiOUSU1bC%2Fguz5Ty2D9AxPmh2f3G0fVOiH5eg8Qg2%2F%2F8kS83B5V%2B%2BnL%2BvwOLKhMWmss1iE38xj%2FaVeXljEfK8XIZVR9WoXndp2Gp4UURlxAK%2F2Q49QakfhH4Y0joyO%2BPr51f%2BAgAA%2F%2F8BAAD%2F%2FzLUI3%2BXBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSP48b1Rd9k7WUn37QgNJEoXBBQaSsMzMez9hEIiKEDRFLEjagUIHeP3sfHs8b3pvxeE1BQhBK6YIGqvHxbjZAiOADsELeSAhttRbNFqzEZ0CiRjYrDK%2B49553TnF07v18nB8TFzk9uvqWHqo4phcbNbf60nued6m6rpJ8UB00ww%2FC4FLV9F9uhTX3fPWa5F190Xc91%2FVcr7qmjGzrwcU5CZU%2Bbnm1llsL%2FJrXCDAw%2F8U2d2CpA9E%2FJs9DiVnlqXMGik%2BR9L6%2FKm030%2BmF13t5TDNt0Be77ybdRBcJesuxbRy0k90TNbQ9XNuDTnYWdqH7%2FwiZmhHn5z2wZPfEJFh%2Fe%2BGTxZAJmHgGRX8KGU%2Bh6BRc34cShwTgAjduIuk9vKFNQbf%2BZumcnZHKn39AFTNS%2Be0Mkt6TK7EaVG%2FrOM%2BUTiwG7RJqMIXqTJHm%2B8iGp6CKffDsUyhBkPRKKHH0IvVF0PYa%2Fmrg8cZqwFr11aYvolXX95gbhKIV%2BM1FMEpNodpTxHIEaleQWwe5cpC3HeSpg544qnLP8yJXcOo2W5zXRSRZKFyPRm2Pem7YRM7n3kfI0hF4PAI3d5Gae49EPZJ1xoMxQ1eNYPKfYDdLWHEKNpsR5%2B176IsShSQoLEFBCQpFUGQERb%2FcEbH1bflQxDZn3kn3T3q9nOisM6Y7OuvIhIzTY%2FLcPD%2Fn9N6z6MqjqstDz2VRELYi0Yoaben7EXdl5LWabj1stmFVCWVPgVoHQzUjL3TOIVUzcvrCHTC6Dxvvg6tzoLkHWkwi3wXdnARNF8PkO8Mk07pra1ZlEkKXSLMKsi1nHB%2BTs4tFeo82IPnB5c%2BGv197cuZjcFMiNSU%2BVE8JOvGDyYYuyPaGLiz54WaaqZ4a0vmSb2c0kyvfvCm3Cm3E9at29PWrfE7Mx8fvSJut00SopGPJt1eUENKsacMl%2BfG6vSPZrdxuXslNkqfrt15bu95LjbRW6WQKqg7f3wFXM%2FK%2Fj35dXO%2FZ4SdQZgqTl%2BjlB%2BTkQel98PQubLp0b%2FUKTLzUsHQFRV5OjM%2BWn7EiiOUSU1bC%2Fguz5Ty2D9AxPmh2f3G0fVOiH5eg8Qg2%2F%2F8kS83B5V%2B%2BnL%2BvwOLKhMWmss1iE38xj%2FaVeXljEfK8XIZVR9WoXndp2Gp4UURlxAK%2F2Q49QakfhH4Y0joyO%2BPr51f%2BAgAA%2F%2F8BAAD%2F%2FzLUI3%2BXBAAA HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a0af658b10a5f1cd8eebee40b5ba7a77
Strict-Transport-Security: max-age=0; includeSubdomains
concernederase.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.61.227200 OK 0 B URL HTTP/1.1 concernederase.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: concernederase.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
notifyoutspoken.com/watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=3ad244dcebe98fc4800f03a2dbfc17b257116e7aade10c39d833c216dcae1a10d1bc649aabce2e2ac0e641e14d1f5cf32df42bfcbdc3e38d00eed59326fae73d7d04393866a78e3c5d39d1a0928470fbe66cf72505c6b7c7b06e5420ad206f6f4f&pst=1665935679&rmtc=t
173.233.137.36200 OK 2.0 kB URL HTTP/1.1 notifyoutspoken.com/watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=3ad244dcebe98fc4800f03a2dbfc17b257116e7aade10c39d833c216dcae1a10d1bc649aabce2e2ac0e641e14d1f5cf32df42bfcbdc3e38d00eed59326fae73d7d04393866a78e3c5d39d1a0928470fbe66cf72505c6b7c7b06e5420ad206f6f4f&pst=1665935679&rmtc=t
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (2481)
Hash 22f400d7c303b12c74477b3bc15ccccc
b40fd4dd13f66032d339c0a2593c871229295fd3
b312d30c7ecbc46a91062c8271708c6a5a6085e3128bd3ba1e7d0aac44bea3d7
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.330228119192.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=3ad244dcebe98fc4800f03a2dbfc17b257116e7aade10c39d833c216dcae1a10d1bc649aabce2e2ac0e641e14d1f5cf32df42bfcbdc3e38d00eed59326fae73d7d04393866a78e3c5d39d1a0928470fbe66cf72505c6b7c7b06e5420ad206f6f4f&pst=1665935679&rmtc=t HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258345,17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.edfIJR3bnoQ9NSSsMK962LL2BaF9YVDTlmVbEJtpn8M; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; pdhtkv27=true; uncs27=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs=2; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c627a00019b7adebbff4e39cb895c97d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25054), with no line terminators
Hash 8f8dfd9de155e26a874a5ac1b4fe5018
1bcbb97f549c8fff60a791890d27dd24ca32fbc9
3c2e5ed7f0e261d9fe90c5666865a04dc5a399957e6a7a59e77c65e2ba02e8f1
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9cbdea8fda6e3e33fea5d67d90cbfdec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26961), with no line terminators
Hash 12860fe70d72f8370b07194085ecaf7d
73a1d7e0aa1bfad7e7a7911e84ee0db72a651af0
4618c18294db817bbe6abf0fbe7c9a942b6fc46214ac34157b0947f1de1aa49e
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ebeda211a5759b57e1ea6e093909adde
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jeerinfluencemedical.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.59.12200 OK 0 B URL HTTP/1.1 jeerinfluencemedical.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: jeerinfluencemedical.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
harshlygiraffediscover.com/watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 harshlygiraffediscover.com/watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: harshlygiraffediscover.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://harshlygiraffediscover.com/watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=c9ee9c2018523792d91c7b5d5c91d1bc598d9066b8f16655069ea3b1d62458d24465c9b935cd3f759fff17080f86d6e4b56bda75383cac558768fee37aa93cd2eee6ec1801689e0e35b0c1ce577487f4acd373df121b6a3f499266d933418e&pst=1665935679&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9511a6accbabf10308f582ec4db27d9b
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 05cbabe3eb477f126c92a141a22e9161
19ebd1821ceaa76865da640b7a1c90beb36f54ea
ef5ec2d7054e7f318f831b92a70ce94b79f36830251658a32457edd57c1b0e52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF5EC2D7054E7F318F831B92A70CE94B79F36830251658A32457EDD57C1B0E52"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7950
Expires: Sun, 16 Oct 2022 18:06:09 GMT
Date: Sun, 16 Oct 2022 15:53:39 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/6f/1e/cd/6f1ecdc7ddfb24d6b0ef005e14aecdbe/1627917247.png
45.133.44.10200 OK 83 kB URL HTTP/2 cdn.cloudimagesb.com/cti/6f/1e/cd/6f1ecdc7ddfb24d6b0ef005e14aecdbe/1627917247.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash e2db62f8c7c073ee43e4382876b3cc4d
19830817a43cc0243bad5879e25880cd0844f3bf
738f55ce5602c33c43090eebd3c79b7c4ab03c81363a5a01652b04c36e765817
GET /cti/6f/1e/cd/6f1ecdc7ddfb24d6b0ef005e14aecdbe/1627917247.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:39 GMT
content-type: image/png
content-length: 83250
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:14:15 GMT
etag: "61080bc7-14532"
expires: Tue, 18 Oct 2022 15:53:39 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25070), with no line terminators
Hash 137991e490869cac7035309ae9a7827b
54fa33feabc8958a4ed7f4a080ac8637811df8a2
9cc31dce7852037f949648f56e65eeca0b6ae4ea67e51d77fb3744a8b5abb631
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b23d3a46e44e06d416f7a777341df86e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
harshlygiraffediscover.com/watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=c9ee9c2018523792d91c7b5d5c91d1bc598d9066b8f16655069ea3b1d62458d24465c9b935cd3f759fff17080f86d6e4b56bda75383cac558768fee37aa93cd2eee6ec1801689e0e35b0c1ce577487f4acd373df121b6a3f499266d933418e&pst=1665935679&rmtc=t
192.243.59.12200 OK 2.0 kB URL HTTP/1.1 harshlygiraffediscover.com/watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=c9ee9c2018523792d91c7b5d5c91d1bc598d9066b8f16655069ea3b1d62458d24465c9b935cd3f759fff17080f86d6e4b56bda75383cac558768fee37aa93cd2eee6ec1801689e0e35b0c1ce577487f4acd373df121b6a3f499266d933418e&pst=1665935679&rmtc=t
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2440)
Hash be1558537fd14fa0cf3be81faa7fd4e3
3db84bc87703fcd9af76c030f2fbd3e87eedcc34
9338d5d9368695043fd88e90cb9bd57760b244dbd775861b1101834f115f34ba
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1059849139884.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=c9ee9c2018523792d91c7b5d5c91d1bc598d9066b8f16655069ea3b1d62458d24465c9b935cd3f759fff17080f86d6e4b56bda75383cac558768fee37aa93cd2eee6ec1801689e0e35b0c1ce577487f4acd373df121b6a3f499266d933418e&pst=1665935679&rmtc=t HTTP/1.1
Host: harshlygiraffediscover.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71c63911c29a5f24494fb52b4048bb7e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash da394d50b3f92cb94af921e415388e70
6572b2e5238f6de6eb2eb9926d6e45717904e1ec
9b6bdd0f89a2cd66b52f8642c3f597282f42d14df49c848d94ffbe88b0373870
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B6BDD0F89A2CD66B52F8642C3F597282F42D14DF49C848D94FFBE88B0373870"
Last-Modified: Sun, 16 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16317
Expires: Sun, 16 Oct 2022 20:25:37 GMT
Date: Sun, 16 Oct 2022 15:53:40 GMT
Connection: keep-alive
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26945), with no line terminators
Hash 67e9eaf79d0c163d4c5ddcf265fa1499
31bc20e457a83bc96951d8370ce79bef55cbd47b
6b616b22ff3a0cb4b8e4e22f6070a0ff3f2b32a90e76add49e31d34358aec8dd
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0a377efd68a59695562870bfba96fa6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
strategicperplexanswered.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.61.227200 OK 0 B URL HTTP/1.1 strategicperplexanswered.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: strategicperplexanswered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png
45.133.44.10200 OK 45 kB URL HTTP/2 cdn.cloudimagesb.com/cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash dbde2854f2a693ab43a1ee72cdf0c686
820bc6fb6d40db1cdc8b9a214d4a8b1138f2e3fa
aa648c4116a815deb4a006ed29f17342ccdb8c0d2ca863b54aa2517e1ed88641
GET /cti/08/97/f5/0897f5fd97712cab162ea659e7ab93f0/1627917212.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:40 GMT
content-type: image/png
content-length: 45371
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:13:41 GMT
etag: "61080ba5-b13b"
expires: Tue, 18 Oct 2022 15:53:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
rbebooks.site/wp-content/themes/chromenews/assets/script.js?ver=6.0.2
142.132.250.25200 OK 503 B URL HTTP/1.1 rbebooks.site/wp-content/themes/chromenews/assets/script.js?ver=6.0.2
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
Hash 114a7a89293306ae9ec6a9f665278dd8
42e3d670145f21725811948a52738ea2463ca567
4c74214df68c139ca3912171ff3cee131ddf0d8dd683a5e25a2ae9c88cf9d577
GET /wp-content/themes/chromenews/assets/script.js?ver=6.0.2 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Oct 2022 14:04:37 GMT
Expires: Tue, 15 Nov 2022 15:53:37 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip
testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 testimonypersuadedclinic.com/95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 1aacbbb8e92081c9e574dc9afa46431d
1434fa722a7364b7df682d9a054e2a49de38c07a
82d48adbd11a8c1b2a7bb48f0a9ba77cc91cf718a3b46f246d09b802f6b958fa
Analyzer Verdict Alert quad9 Sinkholed
GET /95e4c4ce775433fa4db2e1d0c40eacc3/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2bb6524151ed587b7cae7eb030128c75
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
192.243.61.225200 OK 9.3 kB URL HTTP/1.1 testimonypersuadedclinic.com/0c610b74697d975fe227c0e71980368f/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25102), with no line terminators
Hash 3f7eeab5b633903df02c9bdcc487dfba
17b6651e7e33e9d1606b7f9bdbcce0be26fb2329
59ab60aba7545da2f8629423c2eb9840c2d9e7fad34ef1a648c8c1c4530b4083
Analyzer Verdict Alert quad9 Sinkholed
GET /0c610b74697d975fe227c0e71980368f/invoke.js HTTP/1.1
Host: testimonypersuadedclinic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c0fb4d3ea075d5ff9b170883599e884
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
burlydeclined.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.59.20200 OK 0 B URL HTTP/1.1 burlydeclined.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: burlydeclined.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 847b1ea1c11d19d870afbc83c7c12f74
8d149fe2e33074450d5612feb295a38311fd8227
22d917f93d8c7488a84707b1c393164b68c32c478c582d37024eb9d40d221861
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22D917F93D8C7488A84707B1C393164B68C32C478C582D37024EB9D40D221861"
Last-Modified: Fri, 14 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Sun, 16 Oct 2022 16:47:23 GMT
Date: Sun, 16 Oct 2022 15:53:40 GMT
Connection: keep-alive
pixel.wp.com/g.gif?v=ext&j=1%3A11.4&blog=202384053&post=9266&tz=0&srv=rbebooks.site&host=rbebooks.site&ref=&fcp=1706&rand=0.7065689786540802
192.0.76.3200 OK 50 B URL HTTP/1.1 pixel.wp.com/g.gif?v=ext&j=1%3A11.4&blog=202384053&post=9266&tz=0&srv=rbebooks.site&host=rbebooks.site&ref=&fcp=1706&rand=0.7065689786540802
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A11.4&blog=202384053&post=9266&tz=0&srv=rbebooks.site&host=rbebooks.site&ref=&fcp=1706&rand=0.7065689786540802 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: image/gif
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 8afdc3e81df62e1b7a0b602a05361ef2
2714b76c29f50a37e373683983ac654ff9054e20
5dceafedab5b5922b863ded985dcd38e4303d81685e60641aee834a83950ad01
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DCEAFEDAB5B5922B863DED985DCD38E4303D81685E60641AEE834A83950AD01"
Last-Modified: Sat, 15 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12753
Expires: Sun, 16 Oct 2022 19:26:13 GMT
Date: Sun, 16 Oct 2022 15:53:40 GMT
Connection: keep-alive
sheschemetraitor.com/watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 sheschemetraitor.com/watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoyLCJhdSI6MiwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.p45fIc3qjzXuD5vJm0qJwP0r5M4dERCslrF-bT5B3DY; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://sheschemetraitor.com/watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=e9d79db761dd310ca82c7e86b76ce19e175e79a3f140ce7241672795849e3a9cb785a111ccb7d6702ce57ed852c8a6631888e9ed4f9261dbd0241cfae3cf33652a0e63ee74194af0b3d6bc0a8916515df362b93463dd024438131a0b0fc9b658&pst=1665935680&rmtc=t
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; expires=Sun, 16 Oct 2022 15:54:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff1358298c6ed716d0b5f9be36a8ab08
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash f850743bb794cc0e4bb46aa3a329833f
c849ac1cd45ab028e30987c00c8bfb2de26ee262
15c3a9effe487a175112ed836891844af187233a23038c69deb6ddd32325b372
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15C3A9EFFE487A175112ED836891844AF187233A23038C69DEB6DDD32325B372"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8268
Expires: Sun, 16 Oct 2022 18:11:28 GMT
Date: Sun, 16 Oct 2022 15:53:40 GMT
Connection: keep-alive
hermichermicfurnished.com/watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 hermichermicfurnished.com/watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://hermichermicfurnished.com/watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=a12a35688dc384d254abae1652904c3f56f231a94787ec21cb8e285d3f7f36853144e2661477acebc2e86cce63f0d2ee14e7343cef0cd9cda561417840c927d2b526c2e1214af01bac4e80586322c7407c81690c&pst=1665935680&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef79bfaad1f84ab922b87ff6906f9ee5
Strict-Transport-Security: max-age=0; includeSubdomains
motivessuggest.com/watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 motivessuggest.com/watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: motivessuggest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://motivessuggest.com/watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=fe5ced35ce3f8dc76f0c4e9039772bd3ff3471849b011155907050965059fc01bfc0cc6e7204f76cc4e0013d56404c20edaff19d8ac4f8a28f8fad7f798a9d10295730cbd4785536d4ed4eb853be43b85040707bbc194bd76e5a51b6f2b0ca629ebf&pst=1665935680&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f385d733616db94d53bb1d9f9ebd250
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.61.227200 OK 3.5 kB URL HTTP/1.1 familiarkindlyshuffle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash bead089ba2cf0b06b3f6f621e8bed105
5aae4c3bdb6a18e3b0e7f2793cd095bf5af608f1
3adc39b15538eccb8813379c77b104ec8290af841b22010eb53946972b933e72
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
standardscaldexcessive.com/watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 standardscaldexcessive.com/watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: standardscaldexcessive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Location: https://standardscaldexcessive.com/watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=92d22ca3665a7ed127e7adac0e213bec0bf891f87a5aa35d8c0bc9aa529ed13ec8cc201c12a67f35b411f495b297594993295e980f6a5667091bf647bd7d0079b21ea09b275807c3b32ca010ca5e0a4b4f443e02ff45ddf41ce36d5b1f6c91&pst=1665935680&rmtc=t
Set-Cookie: u_pl=17258364; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0; expires=Sun, 16 Oct 2022 15:54:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 50d4fe7940d5ead02fe89dc195103030
Strict-Transport-Security: max-age=0; includeSubdomains
creepingbrings.com/sfp.js
104.21.234.232200 OK 28 kB URL HTTP/1.1 creepingbrings.com/sfp.js
IP 104.21.234.232:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: f32e37b1feca9d8df6395d6640a8df87
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 16 Oct 2022 15:53:40 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTnv42AVJ1To7raez0OcYEGE2drXzuqtOJxOZkszWWa6ZX0TLdsvaQIO68TIrlm%2FSNr5bwPLwv2A%2F68usgj6jjm1HOj55roEqv2XKRXTvcEmwFPL0uK%2BA7zLJVKDI54IfFvOUJo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b1f7fb8fda7300-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 0ca0d97bce195bca787a27a90cf28ed4
66c7cec5c11972ec527d4b0e8b1b3647c765c166
9b6146c44aded0ab94fd47855d8ff9ae643819d2d6aa63a14b903b31228fde0e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B6146C44ADED0AB94FD47855D8FF9AE643819D2D6AA63A14B903B31228FDE0E"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7289
Expires: Sun, 16 Oct 2022 17:55:09 GMT
Date: Sun, 16 Oct 2022 15:53:40 GMT
Connection: keep-alive
sheschemetraitor.com/watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=e9d79db761dd310ca82c7e86b76ce19e175e79a3f140ce7241672795849e3a9cb785a111ccb7d6702ce57ed852c8a6631888e9ed4f9261dbd0241cfae3cf33652a0e63ee74194af0b3d6bc0a8916515df362b93463dd024438131a0b0fc9b658&pst=1665935680&rmtc=t
173.233.137.44200 OK 2.0 kB URL HTTP/1.1 sheschemetraitor.com/watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=e9d79db761dd310ca82c7e86b76ce19e175e79a3f140ce7241672795849e3a9cb785a111ccb7d6702ce57ed852c8a6631888e9ed4f9261dbd0241cfae3cf33652a0e63ee74194af0b3d6bc0a8916515df362b93463dd024438131a0b0fc9b658&pst=1665935680&rmtc=t
IP 173.233.137.44:0
File type HTML document, ASCII text, with very long lines (2462)
Hash 8ba5f357148e127701f0f925d2316ca1
c4a4e61979936467af0b2253992574f18c928867
a2c4bcebb48180f6fac0bb09852931a93e1cb7f50f7bff32a1357bbcecece742
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1345011899628.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=e9d79db761dd310ca82c7e86b76ce19e175e79a3f140ce7241672795849e3a9cb785a111ccb7d6702ce57ed852c8a6631888e9ed4f9261dbd0241cfae3cf33652a0e63ee74194af0b3d6bc0a8916515df362b93463dd024438131a0b0fc9b658&pst=1665935680&rmtc=t HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=3; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs23=3; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5650229dfd270c9fdca607c5dff23e7d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 863 B IP 93.184.220.29:0
Hash beb707cea9a8045b769abf34fe6efa25
4ec379c02ecf38bd5f06fe7e2060fa495764b944
769cadf3448026da05ed9b50b23f239675b362daa26e695350c75eb1be97d6fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1774
Cache-Control: max-age=96159
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:40 GMT
Etag: "634af6b5-1d7"
Expires: Mon, 17 Oct 2022 18:36:19 GMT
Last-Modified: Sat, 15 Oct 2022 18:06:45 GMT
Server: ECS (amb/6B86)
X-Cache: HIT
Content-Length: 471
cuesingle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.59.12200 OK 0 B URL HTTP/1.1 cuesingle.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: cuesingle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
motivessuggest.com/watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=fe5ced35ce3f8dc76f0c4e9039772bd3ff3471849b011155907050965059fc01bfc0cc6e7204f76cc4e0013d56404c20edaff19d8ac4f8a28f8fad7f798a9d10295730cbd4785536d4ed4eb853be43b85040707bbc194bd76e5a51b6f2b0ca629ebf&pst=1665935680&rmtc=t
173.233.139.164200 OK 2.0 kB URL HTTP/1.1 motivessuggest.com/watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=fe5ced35ce3f8dc76f0c4e9039772bd3ff3471849b011155907050965059fc01bfc0cc6e7204f76cc4e0013d56404c20edaff19d8ac4f8a28f8fad7f798a9d10295730cbd4785536d4ed4eb853be43b85040707bbc194bd76e5a51b6f2b0ca629ebf&pst=1665935680&rmtc=t
IP 173.233.139.164:0
File type HTML document, ASCII text, with very long lines (2432)
Hash 747ae5ec2c05d4711963a09616cf1bae
10dcc5ca011808cad33b203f6c387a55d5674469
e70a3f3aa0622e0d980e29ea22a9eb5e828bb779531bfbfff293614a83641727
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.248560809046.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=fe5ced35ce3f8dc76f0c4e9039772bd3ff3471849b011155907050965059fc01bfc0cc6e7204f76cc4e0013d56404c20edaff19d8ac4f8a28f8fad7f798a9d10295730cbd4785536d4ed4eb853be43b85040707bbc194bd76e5a51b6f2b0ca629ebf&pst=1665935680&rmtc=t HTTP/1.1
Host: motivessuggest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8df887360e46c76a7be0003ee56cced9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
hermichermicfurnished.com/watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=a12a35688dc384d254abae1652904c3f56f231a94787ec21cb8e285d3f7f36853144e2661477acebc2e86cce63f0d2ee14e7343cef0cd9cda561417840c927d2b526c2e1214af01bac4e80586322c7407c81690c&pst=1665935680&rmtc=t
192.243.59.12200 OK 2.0 kB URL HTTP/1.1 hermichermicfurnished.com/watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=a12a35688dc384d254abae1652904c3f56f231a94787ec21cb8e285d3f7f36853144e2661477acebc2e86cce63f0d2ee14e7343cef0cd9cda561417840c927d2b526c2e1214af01bac4e80586322c7407c81690c&pst=1665935680&rmtc=t
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2419)
Hash 7470905137d29022611a8c9fcd7e4d98
f96ac69de97dbe818a28c9d8aa85264e31a93d85
d2b443b506bdc7512b5f417c2b8eff39d1c5d3dc32555c3ef946fe687d18c326
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1295366200178.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=a12a35688dc384d254abae1652904c3f56f231a94787ec21cb8e285d3f7f36853144e2661477acebc2e86cce63f0d2ee14e7343cef0cd9cda561417840c927d2b526c2e1214af01bac4e80586322c7407c81690c&pst=1665935680&rmtc=t HTTP/1.1
Host: hermichermicfurnished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4b3cf98e73577b12f4787c929aaf17a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
standardscaldexcessive.com/watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=92d22ca3665a7ed127e7adac0e213bec0bf891f87a5aa35d8c0bc9aa529ed13ec8cc201c12a67f35b411f495b297594993295e980f6a5667091bf647bd7d0079b21ea09b275807c3b32ca010ca5e0a4b4f443e02ff45ddf41ce36d5b1f6c91&pst=1665935680&rmtc=t
192.243.61.225200 OK 2.0 kB URL HTTP/1.1 standardscaldexcessive.com/watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=92d22ca3665a7ed127e7adac0e213bec0bf891f87a5aa35d8c0bc9aa529ed13ec8cc201c12a67f35b411f495b297594993295e980f6a5667091bf647bd7d0079b21ea09b275807c3b32ca010ca5e0a4b4f443e02ff45ddf41ce36d5b1f6c91&pst=1665935680&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2433)
Hash 04cf991460e1abc47c8f013af34ee495
fe91cb64420a1905bcf1648a823c573134807a9e
35cd79e04c8e24290e3e756caa3b51845063035ee5e77cc1f79b98849eaff4cf
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.804391211151.js?key=95e4c4ce775433fa4db2e1d0c40eacc3&kw=%5B%22mastering%22%2C%22malware%22%2C%22analysis%22%2C%22a%22%2C%22malware%22%2C%22analyst%E2%80%99s%22%2C%22practical%22%2C%22guide%22%2C%22to%22%2C%22combating%22%2C%22malicious%22%2C%22software%22%2C%22apt%22%2C%22cybercrime%22%2C%22and%22%2C%22iot%22%2C%22attacks%22%2C%222nd%22%2C%22edition%22%2C%22-%22%2C%22reading%22%2C%22bag%22%2C%22library%22%5D&refer=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&tz=0&dev=r&res=12.29&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1&shu=92d22ca3665a7ed127e7adac0e213bec0bf891f87a5aa35d8c0bc9aa529ed13ec8cc201c12a67f35b411f495b297594993295e980f6a5667091bf647bd7d0079b21ea09b275807c3b32ca010ca5e0a4b4f443e02ff45ddf41ce36d5b1f6c91&pst=1665935680&rmtc=t HTTP/1.1
Host: standardscaldexcessive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Referer: http://rbebooks.site/
Connection: keep-alive
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yYmVib29rcy5zaXRlL21hc3RlcmluZy1tYWx3YXJlLWFuYWx5c2lzLWEtbWFsd2FyZS1hbmFseXN0cy1wcmFjdGljYWwtZ3VpZGUtdG8tY29tYmF0aW5nLW1hbGljaW91cy1zb2Z0d2FyZS1hcHQtY3liZXJjcmltZS1hbmQtaW90LWF0dGFja3MtMm5kLWVkaXRpb24vIn19.CcPRDZqh6KG9NFY-6AZVnS1nXUSTNB_TLr4ckMfOaB0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 497b9a29f04b634d4ffe2ddf5f00be62
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png
45.133.44.10200 OK 62 kB URL HTTP/2 cdn.cloudimagesb.com/cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash aab722bc84ce26456c71f76bf135d39d
931d9bda71c71ca06e3774c1d67d9842b2c2dc7e
47f5ef20379af39109b365fa5700137a998dd749ca0ea5faf3e82b94be508c59
GET /cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:40 GMT
content-type: image/png
content-length: 61633
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:13:57 GMT
etag: "61080bb5-f0c1"
expires: Tue, 18 Oct 2022 15:53:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bmc-cdn.nyc3.digitaloceanspaces.com/Fonts/65d75eb0-2601-4da5-a9a4-9ee67a470a59.woff
162.243.189.2200 OK 22 kB URL HTTP/2 bmc-cdn.nyc3.digitaloceanspaces.com/Fonts/65d75eb0-2601-4da5-a9a4-9ee67a470a59.woff
IP 162.243.189.2:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 22051, version 1.0\012- data
Hash edc05a13a301b3a6e023292eb0762d1c
df8a2b7200cb4b9eb5f73c7fd2ff67d92ff5d833
ab4883df74435cbd0eb4d9ddfa492e7cc2a4be7ceff47fcefe82199aed9c4ed0
GET /Fonts/65d75eb0-2601-4da5-a9a4-9ee67a470a59.woff HTTP/1.1
Host: bmc-cdn.nyc3.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 22051
last-modified: Wed, 02 May 2018 07:26:09 GMT
x-rgw-object-type: Normal
etag: "edc05a13a301b3a6e023292eb0762d1c"
cache-control: max-age=60000
x-amz-request-id: tx000000000000005efadd2-00634c2904-21d2b46a-nyc3a
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 0
content-type: application/font-woff
date: Sun, 16 Oct 2022 15:53:40 GMT
age: 0
accept-ranges: bytes
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
strict-transport-security: max-age=15552000; includeSubDomains; preload
X-Firefox-Spdy: h2
grandchildfee.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
192.243.61.225200 OK 0 B URL HTTP/1.1 grandchildfee.com/pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/nvwbdp?key=0c610b74697d975fe227c0e71980368f HTTP/1.1
Host: grandchildfee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 15:53:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.cloudimagesb.com/cti/5f/2d/90/5f2d90744c65797e2697e55f898335d3/1663165384.gif
45.133.44.10200 OK 20 kB URL HTTP/2 cdn.cloudimagesb.com/cti/5f/2d/90/5f2d90744c65797e2697e55f898335d3/1663165384.gif
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 728 x 90\012- data
Hash 20a0a2db50493e0d773e21d778d11de5
fb4640a30e60601b21754ce7eeb60212079895d9
3b9348da68718ab7b3035eb9ed5395667467a3b01a29fed2fd53fafa5f5c4856
GET /cti/5f/2d/90/5f2d90744c65797e2697e55f898335d3/1663165384.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:40 GMT
content-type: image/gif
content-length: 20481
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:23:12 GMT
etag: "6321e3d0-5001"
expires: Tue, 18 Oct 2022 15:53:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/?relatedposts=1
142.132.250.25200 OK 1.1 kB URL HTTP/1.1 rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/?relatedposts=1
IP 142.132.250.25:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (2837), with no line terminators
Hash a7be09956f105a6d2b6cc951b1d06e4e
725866afc46c79d927d0df57e121f4e95a84f2d6
3c05e438007567df1e9e280fa58369b6054e059e43ce0793ebf327481552b98f
GET /mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/?relatedposts=1 HTTP/1.1
Host: rbebooks.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
x-requested-with: XMLHttpRequest
Connection: keep-alive
Referer: http://rbebooks.site/mastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition/
Cookie: _ga_CCWKBB1PCZ=GS1.1.1665935621.1.1.1665935621.0.0.0; _ga=GA1.1.1112828869.1665935621; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=diminutioneconomy.com
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 16 Oct 2022 15:53:41 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: http://rbebooks.site/xmlrpc.php
Cache-Control: s-maxage=10
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff, nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip
cdn.viglink.com/api/vglnk.js?key=752ad05306b71e358ada055c5134176f
104.16.163.13200 OK 29 kB URL HTTP/1.1 cdn.viglink.com/api/vglnk.js?key=752ad05306b71e358ada055c5134176f
IP 104.16.163.13:0
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js?key=752ad05306b71e358ada055c5134176f HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:41 GMT
Content-Type: text/javascript
Content-Length: 28567
Connection: keep-alive
x-amz-id-2: qlrdnJ4oZi2sS4attXPPGzhBfHpdhvLn6cCWyqu1d+1mNPKQT+YaBvpsIMynqExGDb9fYjMt8fw=
x-amz-request-id: TZVYCXFBQ4W9FQJR
Last-Modified: Wed, 02 Dec 2020 18:57:12 GMT
ETag: "072eaf64a771815874455704fca9301b"
Cache-Control: public, max-age=604800
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2051234
Expires: Sun, 23 Oct 2022 15:53:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b1f8000f8bb4ee-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f05f7d85c5d7c2aa09651804f80a019
cd118fbc41657bfdf0fcfb9e3a4a2813f3b08e5b
76a6c1ae0a435403ac10b6478f029bb8b871dbdcc2a2c7e3e97b56982a9767e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sheschemetraitor.com/sbar.json?key=3b7751125a8505512c15b5bbbe1612b0&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
173.233.137.44200 OK 3.5 kB URL HTTP/1.1 sheschemetraitor.com/sbar.json?key=3b7751125a8505512c15b5bbbe1612b0&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1
IP 173.233.137.44:0
File type JSON data\012- , ASCII text, with very long lines (6429), with no line terminators
Hash 2957d173daa2823a841a11854dfb2789
7c1aea59ec08c7f55e50ecb6ca5e6b9788c57615
2dd382a0b03d6c4e17b94cd3a507af378be7153ea55052d620f246b26b122d55
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=3b7751125a8505512c15b5bbbe1612b0&uuid=a2d4f152-41c5-4b93-82d7-021b046d9428%3A3%3A1 HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=3; pdhtkv23=true; uncs23=3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:41 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rbebooks.site
Access-Control-Allow-Origin: http://rbebooks.site
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17258364,17284613; expires=Mon, 17 Oct 2022 15:53:40 GMT; secure; SameSite=None
uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; expires=Sun, 23 Oct 2022 15:53:40 GMT; secure; SameSite=None
uncs=4; expires=Mon, 17 Oct 2022 15:53:41 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 17 Oct 2022 15:53:41 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 17 Oct 2022 15:53:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e5332aaf73ddae5cfd2dc4221f3ec3c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 16 Oct 2022 14:41:09 GMT
expires: Sun, 16 Oct 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 4352
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f05f7d85c5d7c2aa09651804f80a019
cd118fbc41657bfdf0fcfb9e3a4a2813f3b08e5b
76a6c1ae0a435403ac10b6478f029bb8b871dbdcc2a2c7e3e97b56982a9767e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i0.wp.com/rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=32%2C32&ssl=1
192.0.77.2200 OK 356 B URL HTTP/2 i0.wp.com/rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=32%2C32&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 32x32, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 83abcfe9a8053bca357c4939f88a8499
fddac03828ee6289dd4eb92339c0e094310b97d5
779c8e75afb48a64a57e7be1fcd176208cfddd6dec41ca8c5ff2171bb2b4ab1d
GET /rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: image/webp
content-length: 356
last-modified: Sun, 02 Oct 2022 12:27:04 GMT
expires: Wed, 02 Oct 2024 00:27:04 GMT
cache-control: public, max-age=63115200
link: <https://rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "627b3add881064b7"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=192%2C192&ssl=1
192.0.77.2200 OK 2.9 kB URL HTTP/2 i0.wp.com/rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=192%2C192&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 96cdb16c2b702ca730d9dae56b9f45ce
e7894e604a37018fda82684e4f44ae3d1d867d75
778361b9cbf23eefeeb0adfeb0387a64059cf2ea825fc78539f04b740b54e688
GET /rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: image/webp
content-length: 2858
last-modified: Fri, 14 Oct 2022 10:52:33 GMT
expires: Sun, 13 Oct 2024 22:52:33 GMT
cache-control: public, max-age=63115200
link: <https://rbebooks.site/wp-content/uploads/2022/07/cropped-JKI-Yyv4_400x400.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "d82227d207d8e47b"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2624179402393224
142.250.74.162200 OK 55 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2624179402393224
IP 142.250.74.162:0
File type ASCII text, with very long lines (2776)
Hash eed905a599d6b17aa32db283fb929772
6bddde6b225c1fb1abcc1bfb873aca2b4048457f
543502ff2c4598572f99e8f628c7d4402207bfb65a0f87d6740309dd0e042a03
GET /pagead/js/adsbygoogle.js?client=ca-pub-2624179402393224 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 16 Oct 2022 15:53:41 GMT
expires: Sun, 16 Oct 2022 15:53:41 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8692328500996080824
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 55102
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f05f7d85c5d7c2aa09651804f80a019
cd118fbc41657bfdf0fcfb9e3a4a2813f3b08e5b
76a6c1ae0a435403ac10b6478f029bb8b871dbdcc2a2c7e3e97b56982a9767e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 618c6998deadeff1c1bd3c5c2a7380ee
b18462fd7d0df781bdbde02201d8d58231bf1a3d
237bb0fe3e531cafa69c5f0a921099190c1955a2f54ad1e8b95d4746c793a5d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "237BB0FE3E531CAFA69C5F0A921099190C1955A2F54AD1E8B95D4746C793A5D6"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7680
Expires: Sun, 16 Oct 2022 18:01:41 GMT
Date: Sun, 16 Oct 2022 15:53:41 GMT
Connection: keep-alive
sheschemetraitor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbVJVouIAqoSgUPnAoZUad2dtr216qCglVUVoSwuUAxKa2Rk7g9c7q5kdrxtAqihCvWH%2Bg%2FVzkvKjVHBFIkKbShxyijlFiPwTFZyRnYjAd%2Fm%2Bfe%2Bt9PTmfTl2%2B8SHY3tX3tZrKo7ZhUbVr5z9gNKLlRWVuGFl2Ao%2FCusXK2bwWjus%2BucqV2XU0xcCn%2Fo%2B9WllWRnZ0cMLMxIqfdSm1bZfrQdV2qhjaP7%2Fbd0iLPMgBvvkeSgxXXzinYKKSiT9H69I28t0ev7NvotZpg0G4uF7SS%2FReYL%2B0dkxHjrJw0M1tN1d3oJONuZ2oQf%2FCrmaEu%2B3LfDk4aFJ8MH63CePIRNwcRL5oISMSyhWItL3ocQuASKB6zeQ9Deva5Ozuwcsm7FTsvj3U6h8Shb%2FPIWk%2F%2FhyrIaV2zp2mdKJxbBTQA1LqG6J1G0jWzsGlW8jyj6HEgRJv4ASe6%2ByQNQ7tBEs1WnUWKrzdm2pFYjmkh9Q7tdD0a4HrXkwSpVQnRKxHIHZBTjrwSkPruPBpR76Yq8SUUqbvoiY32pHUU00JQ%2BFT1mzQxn1wxZcNPM%2BQpaOEMUjROaLb1KxmvUGQW09M05uuiSyQW1c2zyA5%2BD6DBzXkJp76KkRjPsVdrWAFc%2FCZlPivfMZBqJALglyS5AzglwR5BlBPig2RGwDW2yK2DpOD3dwuGvFRGfdMdvQWVcmZJzuk%2Bdm8Xonto6jJ%2FcqNd5sNigNGqzV8BsNGkS0wRucc0lDGnAfVhVQ9hiY9bCmpuTl7mmkakpOnL8DzrZh421E6jSYewUsnzQDH2x1Um%2F5WEt%2BMFxyrXu2alUmIXSBNFtEdtcbx%2Fvkxfk7tzYZZLRz6dHZv8qvPjyHyBRITYGP1ROCbvxgckvnZP2Wzi356Uaaqb5aY7MO3M5YJhe%2Be0vezbUR167Y0bevRzNidj56V9pshSVCJV1Lvr%2BshJBmWZtIkl%2Bu2TuS33R29bIziUtXbr6xfK2fGmmt0kkJpnbf%2FxSRmpJnTlfn5T5z8g8oU8K4An23Qw4HSpeI0nuw6ZF7qxdg4iMNTz3krpiYgB%2BBsZqS4OltxHLn0sbPL73w%2BOonYLyAlf%2F58ege2wfomjNg2f15rwemwCAuwOIRrFuYZKnZufR7bT7gsTfhsfHWeWzirw%2FitWqv0qzVfBa2G7TZZLLJ60GrE1LBWFAPgzBkNWR2Gq2cO%2F4PAAAA%2F%2F8BAAD%2F%2Fw%2F50aarBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 sheschemetraitor.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbVJVouIAqoSgUPnAoZUad2dtr216qCglVUVoSwuUAxKa2Rk7g9c7q5kdrxtAqihCvWH%2Bg%2FVzkvKjVHBFIkKbShxyijlFiPwTFZyRnYjAd%2Fm%2Bfe%2Bt9PTmfTl2%2B8SHY3tX3tZrKo7ZhUbVr5z9gNKLlRWVuGFl2Ao%2FCusXK2bwWjus%2BucqV2XU0xcCn%2Fo%2B9WllWRnZ0cMLMxIqfdSm1bZfrQdV2qhjaP7%2Fbd0iLPMgBvvkeSgxXXzinYKKSiT9H69I28t0ev7NvotZpg0G4uF7SS%2FReYL%2B0dkxHjrJw0M1tN1d3oJONuZ2oQf%2FCrmaEu%2B3LfDk4aFJ8MH63CePIRNwcRL5oISMSyhWItL3ocQuASKB6zeQ9Deva5Ozuwcsm7FTsvj3U6h8Shb%2FPIWk%2F%2FhyrIaV2zp2mdKJxbBTQA1LqG6J1G0jWzsGlW8jyj6HEgRJv4ASe6%2ByQNQ7tBEs1WnUWKrzdm2pFYjmkh9Q7tdD0a4HrXkwSpVQnRKxHIHZBTjrwSkPruPBpR76Yq8SUUqbvoiY32pHUU00JQ%2BFT1mzQxn1wxZcNPM%2BQpaOEMUjROaLb1KxmvUGQW09M05uuiSyQW1c2zyA5%2BD6DBzXkJp76KkRjPsVdrWAFc%2FCZlPivfMZBqJALglyS5AzglwR5BlBPig2RGwDW2yK2DpOD3dwuGvFRGfdMdvQWVcmZJzuk%2Bdm8Xonto6jJ%2FcqNd5sNigNGqzV8BsNGkS0wRucc0lDGnAfVhVQ9hiY9bCmpuTl7mmkakpOnL8DzrZh421E6jSYewUsnzQDH2x1Um%2F5WEt%2BMFxyrXu2alUmIXSBNFtEdtcbx%2Fvkxfk7tzYZZLRz6dHZv8qvPjyHyBRITYGP1ROCbvxgckvnZP2Wzi356Uaaqb5aY7MO3M5YJhe%2Be0vezbUR167Y0bevRzNidj56V9pshSVCJV1Lvr%2BshJBmWZtIkl%2Bu2TuS33R29bIziUtXbr6xfK2fGmmt0kkJpnbf%2FxSRmpJnTlfn5T5z8g8oU8K4An23Qw4HSpeI0nuw6ZF7qxdg4iMNTz3krpiYgB%2BBsZqS4OltxHLn0sbPL73w%2BOonYLyAlf%2F58ege2wfomjNg2f15rwemwCAuwOIRrFuYZKnZufR7bT7gsTfhsfHWeWzirw%2FitWqv0qzVfBa2G7TZZLLJ60GrE1LBWFAPgzBkNWR2Gq2cO%2F4PAAAA%2F%2F8BAAD%2F%2Fw%2F50aarBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbVJVouIAqoSgUPnAoZUad2dtr216qCglVUVoSwuUAxKa2Rk7g9c7q5kdrxtAqihCvWH%2Bg%2FVzkvKjVHBFIkKbShxyijlFiPwTFZyRnYjAd%2Fm%2Bfe%2Bt9PTmfTl2%2B8SHY3tX3tZrKo7ZhUbVr5z9gNKLlRWVuGFl2Ao%2FCusXK2bwWjus%2BucqV2XU0xcCn%2Fo%2B9WllWRnZ0cMLMxIqfdSm1bZfrQdV2qhjaP7%2Fbd0iLPMgBvvkeSgxXXzinYKKSiT9H69I28t0ev7NvotZpg0G4uF7SS%2FReYL%2B0dkxHjrJw0M1tN1d3oJONuZ2oQf%2FCrmaEu%2B3LfDk4aFJ8MH63CePIRNwcRL5oISMSyhWItL3ocQuASKB6zeQ9Deva5Ozuwcsm7FTsvj3U6h8Shb%2FPIWk%2F%2FhyrIaV2zp2mdKJxbBTQA1LqG6J1G0jWzsGlW8jyj6HEgRJv4ASe6%2ByQNQ7tBEs1WnUWKrzdm2pFYjmkh9Q7tdD0a4HrXkwSpVQnRKxHIHZBTjrwSkPruPBpR76Yq8SUUqbvoiY32pHUU00JQ%2BFT1mzQxn1wxZcNPM%2BQpaOEMUjROaLb1KxmvUGQW09M05uuiSyQW1c2zyA5%2BD6DBzXkJp76KkRjPsVdrWAFc%2FCZlPivfMZBqJALglyS5AzglwR5BlBPig2RGwDW2yK2DpOD3dwuGvFRGfdMdvQWVcmZJzuk%2Bdm8Xonto6jJ%2FcqNd5sNigNGqzV8BsNGkS0wRucc0lDGnAfVhVQ9hiY9bCmpuTl7mmkakpOnL8DzrZh421E6jSYewUsnzQDH2x1Um%2F5WEt%2BMFxyrXu2alUmIXSBNFtEdtcbx%2Fvkxfk7tzYZZLRz6dHZv8qvPjyHyBRITYGP1ROCbvxgckvnZP2Wzi356Uaaqb5aY7MO3M5YJhe%2Be0vezbUR167Y0bevRzNidj56V9pshSVCJV1Lvr%2BshJBmWZtIkl%2Bu2TuS33R29bIziUtXbr6xfK2fGmmt0kkJpnbf%2FxSRmpJnTlfn5T5z8g8oU8K4An23Qw4HSpeI0nuw6ZF7qxdg4iMNTz3krpiYgB%2BBsZqS4OltxHLn0sbPL73w%2BOonYLyAlf%2F58ege2wfomjNg2f15rwemwCAuwOIRrFuYZKnZufR7bT7gsTfhsfHWeWzirw%2FitWqv0qzVfBa2G7TZZLLJ60GrE1LBWFAPgzBkNWR2Gq2cO%2F4PAAAA%2F%2F8BAAD%2F%2Fw%2F50aarBAAA HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364,17284613; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=4; pdhtkv23=true; uncs23=3; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23fb7ce3db755734e9624ccc3f1c7fc5
Strict-Transport-Security: max-age=0; includeSubdomains
aax-us-east.amazon-adsystem.com/x/getad?src=330&c=100&sz=1x1&apiVersion=2.0&pj=%7B%22placement%22%3A%22adunit%22%2C%22tracking_id%22%3A%22redbluebooks-20%22%2C%22ad_type%22%3A%22link_enhancement_widget%22%2C%22marketplace%22%3A%22amazon%22%2C%22region%22%3A%22US%22%2C%22linkid%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22textlinks%22%3A%22%22%2C%22debug%22%3A%22false%22%2C%22acap_publisherId%22%3A%22redbluebooks-20%22%2C%22slotNum%22%3A0%7D&u=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&jscb=amzn_assoc_jsonp_callback_adunit_0
209.54.180.51200 OK 7.4 kB URL HTTP/1.1 aax-us-east.amazon-adsystem.com/x/getad?src=330&c=100&sz=1x1&apiVersion=2.0&pj=%7B%22placement%22%3A%22adunit%22%2C%22tracking_id%22%3A%22redbluebooks-20%22%2C%22ad_type%22%3A%22link_enhancement_widget%22%2C%22marketplace%22%3A%22amazon%22%2C%22region%22%3A%22US%22%2C%22linkid%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22textlinks%22%3A%22%22%2C%22debug%22%3A%22false%22%2C%22acap_publisherId%22%3A%22redbluebooks-20%22%2C%22slotNum%22%3A0%7D&u=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&jscb=amzn_assoc_jsonp_callback_adunit_0
IP 209.54.180.51:0
File type HTML document, ASCII text, with very long lines (35134)
Hash fca9565637f6ccfcf7683bfa1c2c0b6d
95bb63ac3ef3bc200ed8687d74bcb386c337b932
2255f279097a35887151674bea208f4fd975727f123e467139ea50a1b087f56c
GET /x/getad?src=330&c=100&sz=1x1&apiVersion=2.0&pj=%7B%22placement%22%3A%22adunit%22%2C%22tracking_id%22%3A%22redbluebooks-20%22%2C%22ad_type%22%3A%22link_enhancement_widget%22%2C%22marketplace%22%3A%22amazon%22%2C%22region%22%3A%22US%22%2C%22linkid%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22textlinks%22%3A%22%22%2C%22debug%22%3A%22false%22%2C%22acap_publisherId%22%3A%22redbluebooks-20%22%2C%22slotNum%22%3A0%7D&u=http%3A%2F%2Frbebooks.site%2Fmastering-malware-analysis-a-malware-analysts-practical-guide-to-combating-malicious-software-apt-cybercrime-and-iot-attacks-2nd-edition%2F&jscb=amzn_assoc_jsonp_callback_adunit_0 HTTP/1.1
Host: aax-us-east.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 15:53:40 GMT
Server: Server
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: ad-id=Az6_U4e7rkWek22Emwt9j7Q; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 15:53:41 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
x-amz-rid: 13KMCB4CEZTY8WJHVNZG
Transfer-Encoding: chunked
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b005f858e2e5cabd56d4f141c83315ac
938eccb8ee7385df2097a140c5f5d06378100659
3bceb2c7e20d4a2d72c3f998ead8b442359830ba3bf0f4c6c5dc4aeb0613a5ef
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=140964
Date: Sun, 16 Oct 2022 15:53:41 GMT
Etag: "634baab6-1d7"
Expires: Tue, 18 Oct 2022 07:03:05 GMT
Last-Modified: Sun, 16 Oct 2022 06:54:46 GMT
Server: ECS (dcb/7F17)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dM-2aOJOVbD_WODipQSH4PHdZkDHEOuQmHzqjirW-f2QplOm0VnoSA==
Age: 499
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
45.133.44.3200 OK 823 B URL HTTP/2 cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 8cf17c090315bf42c42b165fb1a44c50
f8f0f9c89928ded9bdee75be01090a2706f6eac2
175e3784512c0b84d9e34a368125ab06d5a1a2e24d8723823c48d3eb57a00743
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 16 Oct 2022 16:53:41 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 483b069ba949f3b38cb5efaa5133def4
9926ffeacae23089f625bf687f5aaaa1c592acb1
20c3bcfcb4987e5b014dff8beb7b15e984388ae7ad0279a576e6d137a078ade3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "20C3BCFCB4987E5B014DFF8BEB7B15E984388AE7AD0279A576E6D137A078ADE3"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14189
Expires: Sun, 16 Oct 2022 19:50:10 GMT
Date: Sun, 16 Oct 2022 15:53:41 GMT
Connection: keep-alive
api.viglink.com/api/ping
52.214.137.185403 Forbidden 979 B IP 52.214.137.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (979), with no line terminators
Hash 1edc3fac1e0eb87ed6b19d4ecd08f8ef
bc58af52fa6a97e7506db76cb9e5a1895c92dcfd
613acec36f8b4ee7869a9907bc4b81eb6c24bcdd373520d6ee3a9b040d78ed98
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 260
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Content-Language: en
Content-Type: text/html;charset=utf-8
Date: Sun, 16 Oct 2022 15:53:40 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Server: Apache-Coyote/1.1
Content-Length: 979
Connection: keep-alive
cdn.cloudimagesb.com/si/d3/49/c7/d349c7d166e8e0a16864c210257b8d7c/1658583131.jpg
45.133.44.10200 OK 8.7 kB URL HTTP/2 cdn.cloudimagesb.com/si/d3/49/c7/d349c7d166e8e0a16864c210257b8d7c/1658583131.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 2c29eb5172d6284ce44e9bdddbc9f7f9
7e636afa5c449686a67c15a3eb42e24b4060f3e2
843c2d3a6a428708bfc4ff66793db619e93662cd4a0fe42657ddbc612b4faa7e
GET /si/d3/49/c7/d349c7d166e8e0a16864c210257b8d7c/1658583131.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: image/jpeg
content-length: 8684
server: nginx/1.17.6
last-modified: Sat, 23 Jul 2022 13:32:19 GMT
etag: "62dbf863-21ec"
expires: Tue, 18 Oct 2022 15:53:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/img/close.png
172.64.110.27200 OK 591 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP 172.64.110.27:0
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6414552
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTZ2zh%2FVJVgQ%2BWQpeH3wIGOr9KeTdPMMOx760Y0A9L7A9eR9%2FXtAaw4yUIywzzNp8cfteAVZYxUdqm7WX00bL27lGJHvyv47MR5naxSr7iuy6E%2BcZNYefTQjf3RzqHOXRYw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b1f8022b2871f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/13/4a/c3/134ac3b991474857437b71a207adf0d5/1658583166.jpg
45.133.44.10200 OK 11 kB URL HTTP/2 cdn.cloudimagesb.com/si/13/4a/c3/134ac3b991474857437b71a207adf0d5/1658583166.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3\012- data
Hash 60f4178edf0467f7bcde165ceef1b8de
bae1ad4c4ec353ed2546c30aee459ccbe2305479
9b140f19559bc0912bce99d756ac39a8c062481a2d2326902000e1ae59db3d65
GET /si/13/4a/c3/134ac3b991474857437b71a207adf0d5/1658583166.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: image/jpeg
content-length: 11400
server: nginx/1.17.6
last-modified: Sat, 23 Jul 2022 13:32:55 GMT
etag: "62dbf887-2c88"
expires: Tue, 18 Oct 2022 15:53:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 16 Oct 2022 15:53:41 GMT
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 483b069ba949f3b38cb5efaa5133def4
9926ffeacae23089f625bf687f5aaaa1c592acb1
20c3bcfcb4987e5b014dff8beb7b15e984388ae7ad0279a576e6d137a078ade3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "20C3BCFCB4987E5B014DFF8BEB7B15E984388AE7AD0279A576E6D137A078ADE3"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14189
Expires: Sun, 16 Oct 2022 19:50:10 GMT
Date: Sun, 16 Oct 2022 15:53:41 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 695cea3df950db7392b70395df1d8b05
b7fe7c9dd9f38fd23ad37dd92b9085f35a6fe823
4bad472e725699f54c9983fe6cb3ce0783b831ea2877b1a22f80197b953cfaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b71c1dfe563720287179a76edf29c680
6096cc371998151d37a2f7698b0fe0371bb43269
7472e945b0ae9b967b68ec85dc8a005c74c2f5c63c68a9de142be69983062a90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=rbebooks.site
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=rbebooks.site
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=rbebooks.site HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 16 Oct 2022 15:53:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=rbebooks.site
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=rbebooks.site
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=rbebooks.site HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 16 Oct 2022 15:53:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 695cea3df950db7392b70395df1d8b05
b7fe7c9dd9f38fd23ad37dd92b9085f35a6fe823
4bad472e725699f54c9983fe6cb3ce0783b831ea2877b1a22f80197b953cfaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b71c1dfe563720287179a76edf29c680
6096cc371998151d37a2f7698b0fe0371bb43269
7472e945b0ae9b967b68ec85dc8a005c74c2f5c63c68a9de142be69983062a90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/css/style.css
172.64.110.27200 OK 1.0 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP 172.64.110.27:0
Hash 4580ce7afa72192da87adf951eba1122
5090c66ef1d33a35361a9e306432098de082d7ed
642096be17de0f0429be507a140b30e5d228f65e8da8aa5a3adb63e86e7bfaa6
GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tW6pB3qm%2F0Oxdl%2B9ItAWRczL6ypnwyyUQ6kQSCu7Xk5RlfCeetm1F6naIyiiQWm9yfJPUAenOBBPQo1umcgbT6b%2BzjswjoEWe8TzfrT8Uc2CjT8EJ8D%2FlgJPx3g2avNU4cc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b1f8021b1171f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
172.64.110.27200 OK 31 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP 172.64.110.27:0
File type ASCII text, with very long lines (32025)
Hash 4c455b662acf70a2990f1c7ea7c5c3f4
281639dd27b66fafda886a177a4cbb3f079c489d
3253171ef893155508cc2cdd42883c1a3395d2cb4f0ba84672fd02841b394c9f
GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6414552
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UB6F0ixCuoUB5Z%2BznbhXOn5epxDT6YQTzSuxi7XM0GH898wF%2FSS1LK5ZAfmmD2pyYn78padlv3nIA7an185g9C5PJX1zN%2FJafjedqre9kDGYmes6gSP%2F45ZF7VD9Oi8aEvY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b1f8022b2f71f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
172.64.110.27200 OK 5.1 kB URL HTTP/2 cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP 172.64.110.27:0
Hash 09da83cb51edd3cc8bb6e995618464a4
7214c3580992d0fa308f0c75679f15693a73cdd6
a9a5a1b4805a2f34bc2d8064ca2a0711cc3157c21f8b7d39003a8b7de4329a56
GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vf7nqjdfymKYc86tlmm7FUhpLBlNhOZbsbtm6duRq3IClE%2F8HWHzxo5R7SoGiAfIAPhI4ro3Q3gmCDGkOZUarTSikp9qYIe4165vy6wZPvSuC7aIhOMdjK%2F4lSbG1M7ttqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b1f801fade71f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Oct 2022 20:16:37 GMT
Expires: Thu, 12 Oct 2023 20:16:37 GMT
Cache-Control: public, max-age=31536000
Age: 329824
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Oct 2022 20:16:37 GMT
Expires: Thu, 12 Oct 2023 20:16:37 GMT
Cache-Control: public, max-age=31536000
Age: 329824
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3f1ddf48f38bb4cbabd67c207aa0f407
51f08476ed6b1789da55cdc10287034a24eff6f4
927a97847f88ad2ecae86fef7050c64db6f17d3d4f054546531f8669cece5262
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sheschemetraitor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytzm4IGDwoAdFomIOHBLKT7p7p%2BTCHYIwbgmsSEzUeBKmvmS2np6up6pqerArBiOTm%2BB%2F0vNnd%2BBGDXgUX6Q142NOOp0XcfyLoWWZ2cfV3%2Bf36vdfwePW%2BHLt94sPRvStv6zUVx%2FRCVPUrZz8IgouVFZW4YWXYanzUqF%2BsmMFr7UbVP1e5KnlPXwj9wPcDP6gsKyM7enhhRkKlj9pBte1X62E1iOoYmv9%2FW7cISz2IwT55HkpMF594p6B4iaT%2F4xVpe5lOz7%2FZdzHNtMFAPHwv6SU6T9A%2FOjvGQyd5eKiGtrvLW9DJxtwu9OBfIVNT4v22BZY8PDQJNlif%2B2QxZAImTiIflJBxCUVLcH0fSuwSgAtcv4Gkv3ldm5zePWDpjJ2Sxb%2BfQuVTsvjnKST9x5djNazc1rHLlE4shp0CalhCdUukbhvZ2jGofBs8%2BxxKECT9AkrsvUpDUe8EUbhUD3i0VGft2lIrFM0lPwyYX2%2BIdj1szYNRqoTqlIjlCNQuwFkPTnlwHQ8u9dAXexUeBEHTF5z6rTbnNdGUrCH8gDY7AQ38RguOz7yPkKUj8HgEbr7YdAm3YW1c20zFatYbrGfGyfUZOK59cwCFtTmI1NxDT41g3K%2BwqwWseBY2mxLvnc8wEAVySZBbgpwS5IogzwjyQbEhYhvaYlPE1rHgcIeHu1ZMdNYd0w2ddWVCxuk%2BeW4Wr3di6zh6cq9SY81mFARhRFuRH0VByIOIRYwxGTSCkPmwqoCyx0CthzU1JS93TyNVU3Li%2FB0wug0bb4Or06DuFdB80gx90NVJveVjLfnBMMm07tmqVZmE0AXSbBHZXW8c75MX5%2B%2Fc2qSQfOfSo7N%2FlV99eA7cFEhNgY%2FVE4Ju%2FGByS%2Bdk%2FZbOLfnpRpqpvlqjsw7czmgmF757S97NtRHXrtjRt6%2FzGTE7H70rbbZCE6GSriXfX1ZCSLOsDZfkl2v2jmQ3nV297Ezi0pWbbyxf66dGWqt0UoKq3fc%2FBVdT8szp6rzcZ07%2BAWVKGFeg73bI4UDpEjy9B5seubd6ASY%2B0rDUQ%2B6KiQnZERirKQmf3kYsdy5t%2FPzSC4%2BvfgLKClj5nx%2BP7rF9gK45A5rdn%2Fd6YAoM4gI0HsG6hUmWmp1Lv9fmAxZ7ExYbb53FJv76IF6r9io1XzSZ7Mgmk%2FWo3pFcsChiPu9wVhOtFkdmp3zl3PF%2FAAAA%2F%2F8BAAD%2F%2Fwv%2F7AmrBAAA
173.233.137.44200 OK 7 B URL HTTP/1.1 sheschemetraitor.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytzm4IGDwoAdFomIOHBLKT7p7p%2BTCHYIwbgmsSEzUeBKmvmS2np6up6pqerArBiOTm%2BB%2F0vNnd%2BBGDXgUX6Q142NOOp0XcfyLoWWZ2cfV3%2Bf36vdfwePW%2BHLt94sPRvStv6zUVx%2FRCVPUrZz8IgouVFZW4YWXYanzUqF%2BsmMFr7UbVP1e5KnlPXwj9wPcDP6gsKyM7enhhRkKlj9pBte1X62E1iOoYmv9%2FW7cISz2IwT55HkpMF594p6B4iaT%2F4xVpe5lOz7%2FZdzHNtMFAPHwv6SU6T9A%2FOjvGQyd5eKiGtrvLW9DJxtwu9OBfIVNT4v22BZY8PDQJNlif%2B2QxZAImTiIflJBxCUVLcH0fSuwSgAtcv4Gkv3ldm5zePWDpjJ2Sxb%2BfQuVTsvjnKST9x5djNazc1rHLlE4shp0CalhCdUukbhvZ2jGofBs8%2BxxKECT9AkrsvUpDUe8EUbhUD3i0VGft2lIrFM0lPwyYX2%2BIdj1szYNRqoTqlIjlCNQuwFkPTnlwHQ8u9dAXexUeBEHTF5z6rTbnNdGUrCH8gDY7AQ38RguOz7yPkKUj8HgEbr7YdAm3YW1c20zFatYbrGfGyfUZOK59cwCFtTmI1NxDT41g3K%2BwqwWseBY2mxLvnc8wEAVySZBbgpwS5IogzwjyQbEhYhvaYlPE1rHgcIeHu1ZMdNYd0w2ddWVCxuk%2BeW4Wr3di6zh6cq9SY81mFARhRFuRH0VByIOIRYwxGTSCkPmwqoCyx0CthzU1JS93TyNVU3Li%2FB0wug0bb4Or06DuFdB80gx90NVJveVjLfnBMMm07tmqVZmE0AXSbBHZXW8c75MX5%2B%2Fc2qSQfOfSo7N%2FlV99eA7cFEhNgY%2FVE4Ju%2FGByS%2Bdk%2FZbOLfnpRpqpvlqjsw7czmgmF757S97NtRHXrtjRt6%2FzGTE7H70rbbZCE6GSriXfX1ZCSLOsDZfkl2v2jmQ3nV297Ezi0pWbbyxf66dGWqt0UoKq3fc%2FBVdT8szp6rzcZ07%2BAWVKGFeg73bI4UDpEjy9B5seubd6ASY%2B0rDUQ%2B6KiQnZERirKQmf3kYsdy5t%2FPzSC4%2BvfgLKClj5nx%2BP7rF9gK45A5rdn%2Fd6YAoM4gI0HsG6hUmWmp1Lv9fmAxZ7ExYbb53FJv76IF6r9io1XzSZ7Mgmk%2FWo3pFcsChiPu9wVhOtFkdmp3zl3PF%2FAAAA%2F%2F8BAAD%2F%2Fwv%2F7AmrBAAA
IP 173.233.137.44:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscRRytzm4IGDwoAdFomIOHBLKT7p7p%2BTCHYIwbgmsSEzUeBKmvmS2np6up6pqerArBiOTm%2BB%2F0vNnd%2BBGDXgUX6Q142NOOp0XcfyLoWWZ2cfV3%2Bf36vdfwePW%2BHLt94sPRvStv6zUVx%2FRCVPUrZz8IgouVFZW4YWXYanzUqF%2BsmMFr7UbVP1e5KnlPXwj9wPcDP6gsKyM7enhhRkKlj9pBte1X62E1iOoYmv9%2FW7cISz2IwT55HkpMF594p6B4iaT%2F4xVpe5lOz7%2FZdzHNtMFAPHwv6SU6T9A%2FOjvGQyd5eKiGtrvLW9DJxtwu9OBfIVNT4v22BZY8PDQJNlif%2B2QxZAImTiIflJBxCUVLcH0fSuwSgAtcv4Gkv3ldm5zePWDpjJ2Sxb%2BfQuVTsvjnKST9x5djNazc1rHLlE4shp0CalhCdUukbhvZ2jGofBs8%2BxxKECT9AkrsvUpDUe8EUbhUD3i0VGft2lIrFM0lPwyYX2%2BIdj1szYNRqoTqlIjlCNQuwFkPTnlwHQ8u9dAXexUeBEHTF5z6rTbnNdGUrCH8gDY7AQ38RguOz7yPkKUj8HgEbr7YdAm3YW1c20zFatYbrGfGyfUZOK59cwCFtTmI1NxDT41g3K%2BwqwWseBY2mxLvnc8wEAVySZBbgpwS5IogzwjyQbEhYhvaYlPE1rHgcIeHu1ZMdNYd0w2ddWVCxuk%2BeW4Wr3di6zh6cq9SY81mFARhRFuRH0VByIOIRYwxGTSCkPmwqoCyx0CthzU1JS93TyNVU3Li%2FB0wug0bb4Or06DuFdB80gx90NVJveVjLfnBMMm07tmqVZmE0AXSbBHZXW8c75MX5%2B%2Fc2qSQfOfSo7N%2FlV99eA7cFEhNgY%2FVE4Ju%2FGByS%2Bdk%2FZbOLfnpRpqpvlqjsw7czmgmF757S97NtRHXrtjRt6%2FzGTE7H70rbbZCE6GSriXfX1ZCSLOsDZfkl2v2jmQ3nV297Ezi0pWbbyxf66dGWqt0UoKq3fc%2FBVdT8szp6rzcZ07%2BAWVKGFeg73bI4UDpEjy9B5seubd6ASY%2B0rDUQ%2B6KiQnZERirKQmf3kYsdy5t%2FPzSC4%2BvfgLKClj5nx%2BP7rF9gK45A5rdn%2Fd6YAoM4gI0HsG6hUmWmp1Lv9fmAxZ7ExYbb53FJv76IF6r9io1XzSZ7Mgmk%2FWo3pFcsChiPu9wVhOtFkdmp3zl3PF%2FAAAA%2F%2F8BAAD%2F%2Fwv%2F7AmrBAAA HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364,17284613; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=4; pdhtkv23=true; uncs23=3; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f9fa09488bfedd0e5c9de41c838db723
Strict-Transport-Security: max-age=0; includeSubdomains
ws-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetAdHtml&OneJS=1&placement=adunit®ion=US&marketplace=amazon&debug=false&linkid=d97cbd1c32534d1ef1edcb5749b1eb16&ad_type=link_enhancement_widget&tracking_id=redbluebooks-20&slotNum=0
52.46.135.132200 200 12 kB URL HTTP/1.1 ws-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetAdHtml&OneJS=1&placement=adunit®ion=US&marketplace=amazon&debug=false&linkid=d97cbd1c32534d1ef1edcb5749b1eb16&ad_type=link_enhancement_widget&tracking_id=redbluebooks-20&slotNum=0
IP 52.46.135.132:0
File type ASCII text, with very long lines (1304)
Hash e4ac92b9666a6abe55400d18d756e927
f4df57483243b99ed06ab8d093c8c323f90d2967
1c9e0c8ddc0f26e3e18e120360634747fc03b4430d0af4946e3606d8ce649ec2
GET /widgets/q?ServiceVersion=20070822&Operation=GetAdHtml&OneJS=1&placement=adunit®ion=US&marketplace=amazon&debug=false&linkid=d97cbd1c32534d1ef1edcb5749b1eb16&ad_type=link_enhancement_widget&tracking_id=redbluebooks-20&slotNum=0 HTTP/1.1
Host: ws-na.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 200
Date: Sun, 16 Oct 2022 15:53:41 GMT
Server: Server
Content-Encoding: gzip
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
charset: UTF-8
Access-Control-Allow-Origin: *
Content-Length: 11497
Vary: User-Agent
Connection: close
Content-Type: application/javascript;charset=UTF-8
sheschemetraitor.com/pixel/sbs?c=1
173.233.137.44200 OK 0 B URL HTTP/1.1 sheschemetraitor.com/pixel/sbs?c=1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sheschemetraitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Cookie: u_pl=17258364,17284613; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzI1ODM2NCwiayI6Ijk1ZTRjNGNlNzc1NDMzZmE0ZGIyZTFkMGM0MGVhY2MzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODYxNDAzLCJwaWQiOjQ3MDEwMywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyNywiYWlkIjoyMywicHQiOjQsInBrIjoiYTUxdzR5ZGoiLCJ0IjoxfSwidSI6eyJ1IjozLCJhdSI6MywiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmJlYm9va3Muc2l0ZS9tYXN0ZXJpbmctbWFsd2FyZS1hbmFseXNpcy1hLW1hbHdhcmUtYW5hbHlzdHMtcHJhY3RpY2FsLWd1aWRlLXRvLWNvbWJhdGluZy1tYWxpY2lvdXMtc29mdHdhcmUtYXB0LWN5YmVyY3JpbWUtYW5kLWlvdC1hdHRhY2tzLTJuZC1lZGl0aW9uLyJ9fQ.0JUhVUVn6EZTgw4UTJ3RElppz5zlmlh2mciCeRxUgDM; uid_id2=a2d4f152-41c5-4b93-82d7-021b046d9428:3:1; pdhtkv=true; uncs=4; pdhtkv23=true; uncs23=3; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 15:53:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
aax-us-east.amazon-adsystem.com/x/px/RNRBp5XsccmjHg3aeTLnNOIAAAGD4YA8uAEAAAFKAQBOL0EgICAgICAgICAgICBOL0EgICAgICAgICAgICCDX62j/?assoc_payload=%7B%22adUnitType%22%3A%22link_enhancement_widget%22%2C%22trackingId%22%3A%22redbluebooks-20%22%2C%22region%22%3A%22US%22%2C%22deviceType%22%3A%22BROWSER%22%2C%22logType%22%3A%22lew_impressions%22%2C%22viewerCountry%22%3A%22%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22action%22%3A%22onPageLoad%22%2C%22regionId%22%3A%221%22%2C%22ref%22%3A%22assoc_res_lew_np_%22%2C%22amzn_expDetails%22%3A%7B%7D%2C%22isMobileOptmizedSite%22%3A%22false%22%7D
209.54.180.51200 OK 43 B URL HTTP/1.1 aax-us-east.amazon-adsystem.com/x/px/RNRBp5XsccmjHg3aeTLnNOIAAAGD4YA8uAEAAAFKAQBOL0EgICAgICAgICAgICBOL0EgICAgICAgICAgICCDX62j/?assoc_payload=%7B%22adUnitType%22%3A%22link_enhancement_widget%22%2C%22trackingId%22%3A%22redbluebooks-20%22%2C%22region%22%3A%22US%22%2C%22deviceType%22%3A%22BROWSER%22%2C%22logType%22%3A%22lew_impressions%22%2C%22viewerCountry%22%3A%22%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22action%22%3A%22onPageLoad%22%2C%22regionId%22%3A%221%22%2C%22ref%22%3A%22assoc_res_lew_np_%22%2C%22amzn_expDetails%22%3A%7B%7D%2C%22isMobileOptmizedSite%22%3A%22false%22%7D
IP 209.54.180.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /x/px/RNRBp5XsccmjHg3aeTLnNOIAAAGD4YA8uAEAAAFKAQBOL0EgICAgICAgICAgICBOL0EgICAgICAgICAgICCDX62j/?assoc_payload=%7B%22adUnitType%22%3A%22link_enhancement_widget%22%2C%22trackingId%22%3A%22redbluebooks-20%22%2C%22region%22%3A%22US%22%2C%22deviceType%22%3A%22BROWSER%22%2C%22logType%22%3A%22lew_impressions%22%2C%22viewerCountry%22%3A%22%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22d97cbd1c32534d1ef1edcb5749b1eb16%22%2C%22action%22%3A%22onPageLoad%22%2C%22regionId%22%3A%221%22%2C%22ref%22%3A%22assoc_res_lew_np_%22%2C%22amzn_expDetails%22%3A%7B%7D%2C%22isMobileOptmizedSite%22%3A%22false%22%7D HTTP/1.1
Host: aax-us-east.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Sun, 16 Oct 2022 15:53:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: F6J73N6WMWMWDF079FA9
Cache-Control: no-cache
Pragma: no-cache
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env
142.250.74.162200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env
IP 142.250.74.162:0
File type JSON data\012- , ASCII text, with very long lines (14521), with no line terminators
Hash 80cf8f614a43c54e25033a7c80799d86
8ed5876e1e09ed49d93312473926a1bf6ce0121e
abb060963b9a10533bb159ae9ff7af8ad027356c801b32f2ee15b19fd9997988
GET /getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 16 Oct 2022 15:53:42 GMT
server: cafe
cache-control: private
content-length: 11028
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8e6f6976c2624725b3157701bdab1087
f121ac64525ed4b42198c684b9315ff6dea0d28c
1e0f4f65292b9f008855697bd235d1eb72a1a7205ce07de3e94092f123b79c59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 16 Oct 2022 15:53:42 GMT
expires: Sun, 16 Oct 2022 15:53:42 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 231a5834edd086a67640c2c0cc18c55c
3427d0baffebad62c95754da193be354ca2b270c
2533d2d520b731b0073fcd224375cdd6dc2fde77908f93dcb0c659ec6dc7501b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 15:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 515 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 166311c507098a0cb5fc1693b92485b1
ed27ed76f4a7d67d24d6c6273c815edc3dd761a5
568f2d1062fe09504f72cd37260dbf12523d595f28e6f73170da4a46fca04061
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 16 Oct 2022 15:53:42 GMT
date: Sun, 16 Oct 2022 15:53:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-ytKXx425UGsSOZwf9q9PJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=a2d4f152-41c5-4b93-82d7-021b046d9428&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=3b7751125a8505512c15b5bbbe1612b0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a2d4f152-41c5-4b93-82d7-021b046d9428&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=3b7751125a8505512c15b5bbbe1612b0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a2d4f152-41c5-4b93-82d7-021b046d9428&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=3b7751125a8505512c15b5bbbe1612b0&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rbebooks.site/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 15:53:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4bf4fc2bc8ff5c883906df2e51bae8c4
Strict-Transport-Security: max-age=0; includeSubdomains
c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdnjs.buymeacoffee.com/1.0.0/widget.prod.min.js
172.67.70.99200 OK 0 B URL HTTP/2 cdnjs.buymeacoffee.com/1.0.0/widget.prod.min.js
IP 172.67.70.99:0
GET /1.0.0/widget.prod.min.js HTTP/1.1
Host: cdnjs.buymeacoffee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:37 GMT
content-type: application/javascript; charset=UTF-8
age: 716567
cache-control: public, max-age=2678400, must-revalidate
etag: W/"04fdc5869e458463191b1590830f47bc-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01GCA3ZK099MAGGF6D0H0VRYTW
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITm1dlntd3gd8t35wB4GR8Ee%2BbhpFn8PpNRBmwg1kEewKBOXBXpxhVwbwNOeSv1JpXZFHsjxGaqNVAaRCxryHoFfHg31llrfxdnhFF9Iacxj45BhF%2F6wp%2FJhQ5UjUiZR3J8%2FCocMVsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b1f7e6df400b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/js/script.js
172.64.110.27200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP 172.64.110.27:0
GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rbebooks.site
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 16 Oct 2022 15:53:41 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2%2FrYKDuhF2O6hmwxhtROAKppmrPXE%2FVVW7tsGWL2VL9TZfAgj%2FG43Uo3zA%2FuDtTRVgipoT78WpQ2H5UtmlWaPgcocmqUglmzb8%2BxzoEGzBDgNKABCT9bWojYVqipo%2BYCZU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b1f802bc4671f3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c0.wp.com/p/jetpack/11.4/_inc/build/photon/photon.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/jetpack/11.4/_inc/build/photon/photon.min.js
IP 192.0.77.37:0
GET /p/jetpack/11.4/_inc/build/photon/photon.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Dec 2021 16:56:47 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
stats.wp.com/e-202241.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202241.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:37 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 02 Oct 2023 06:18:32 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
c0.wp.com/p/jetpack/11.4/css/jetpack.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/jetpack/11.4/css/jetpack.css
IP 192.0.77.37:0
GET /p/jetpack/11.4/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 22 Sep 2022 17:43:06 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Jost:200,300,400,500,600,700,900|Noto%20Serif:400,400italic,700|Jost:200,300,400,500,600,700,900&subset=latin,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Jost:200,300,400,500,600,700,900|Noto%20Serif:400,400italic,700|Jost:200,300,400,500,600,700,900&subset=latin,latin-ext
IP 142.250.74.10:0
GET /css?family=Jost:200,300,400,500,600,700,900|Noto%20Serif:400,400italic,700|Jost:200,300,400,500,600,700,900&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 16 Oct 2022 15:53:37 GMT
date: Sun, 16 Oct 2022 15:53:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c0.wp.com/p/jetpack/11.4/_inc/build/related-posts/related-posts.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/jetpack/11.4/_inc/build/related-posts/related-posts.min.js
IP 192.0.77.37:0
GET /p/jetpack/11.4/_inc/build/related-posts/related-posts.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rbebooks.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 15:53:36 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Dec 2021 16:56:47 GMT
content-encoding: br
expires: Mon, 16 Oct 2023 15:53:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2