Report - epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip

Report Overview

Submitted URL
epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-06 21:41:03
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.5 kB	172.64.155.188
ad.a-ads.com	26970	2013-04-19T23:54:57Z	2023-03-13T08:21:25Z	478 B	5.1 kB	148.251.53.118
static.a-ads.com	34827	2013-06-01T18:47:05Z	2023-03-13T07:24:56Z	431 B	553 kB	148.251.53.118
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.2 kB	39 kB	34.120.237.76
bg4nxu2u5t.com	unknown	2022-07-26T18:26:59Z	2023-03-11T20:51:38Z	934 B	2.0 kB	62.122.171.6
cdn.ouo.io	404096	2015-02-13T10:15:53Z	2023-03-09T17:15:35Z	365 B	491 B	104.22.22.162
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.4 kB	2.4 kB	93.184.220.29
owlunimmvn.com	unknown	2022-10-04T19:12:38Z	2023-03-10T01:38:33Z	6.4 kB	115 kB	62.122.171.6
cdn.bncloudfl.com	26601	2021-06-01T17:03:04Z	2023-03-13T09:58:41Z	796 B	297 kB	104.22.15.198
ocsp.buypass.com	157566	2017-01-30T05:59:29Z	2023-03-13T05:11:40Z	340 B	2.2 kB	23.36.76.129
limurol.com	unknown	2022-07-12T15:53:17Z	2023-03-13T08:06:53Z	1.2 kB	980 B	62.122.171.6
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	714 B	1.4 kB	142.250.74.131
epicload.com	unknown	2020-08-04T18:31:31Z	2023-03-09T21:14:09Z	16 kB	83 kB	188.114.96.1
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.0 kB	5.3 kB	95.101.11.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-06	medium	owlunimmvn.com/lv/esnk/1944052/code.js	Phishing
2023-02-06	medium	owlunimmvn.com/lv/esnk/1944051/code.js	Phishing
2023-02-06	medium	bg4nxu2u5t.com/aas/r45d/vki/1944053/8542c595.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	limurol.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed
2023-02-06	medium	bg4nxu2u5t.com	Sinkholed
2023-02-06	medium	bg4nxu2u5t.com	Sinkholed
2023-02-06	medium	owlunimmvn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	owlunimmvn.com/get/1944052?zoneid=1944052&jp=_clo2lisk7a85kecttl5qyc&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4050469640272437	4.9 kB	2023-03-13	2023-03-13
Pretty URL owlunimmvn.com/get/1944052?zoneid=1944052&jp=_clo2lisk7a85kecttl5qyc&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4050469640272437 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:38 Last Seen2023-03-13 18:37:38 Times Seen1 Hash a8afff4232d609f3680f293205cadf18 402bd32d4188739d24c57ac333e4d86c5f653b27 5fb19b039da98bacc94a67cb5f5bf0eb66fdde3c264690ca218035fd88534322 Loading...

	epicload.com/assets/js/bootstrap.min.js	60 kB	2023-03-08	2024-04-18
Pretty URL epicload.com/assets/js/bootstrap.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:35:41 Last Seen2024-04-18 00:56:57 Times Seen1238 Hash c5236e5d6a5d0ff97ff8c8e5102c6c03 6fbfdbddbe85c578de559adcc8d07cccbc16d514 87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65 Loading...

	epicload.com/templates/default/assets/js/app.js?time=1675719652	15 kB	2023-03-11	2024-04-12
Pretty URL epicload.com/templates/default/assets/js/app.js?time=1675719652 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:34:53 Last Seen2024-04-12 00:52:21 Times Seen40 Hash be30040adf8789d1f7ba6ee5815852d8 5822ea42cdf055543021e2aed2b940a0382cd81f e9b38b41b0ea9a71ad77c963ba5d8ac615215b01e5491138864ef4b29aaef094 Loading...

	owlunimmvn.com/lv/esnk/1944052/code.js	108 kB	2023-03-13	2023-03-13
Pretty URL owlunimmvn.com/lv/esnk/1944052/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:38 Last Seen2023-03-13 18:37:38 Times Seen1 Hash d5054149372eeee17c42b8734f257956 dd25a00b9dd444bcce8523df338def94417337d9 cf0e90fcb676a7ec3a3e64034c65a5cee6cecd10541144726cf9af36b04e3709 Loading...

	epicload.com/assets/js/clipboard.min.js	9.2 kB	2023-03-07	2024-04-18
Pretty URL epicload.com/assets/js/clipboard.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23:44 Last Seen2024-04-18 07:35:29 Times Seen4692 Hash 15f52a1ee547f2bdd46e56747332ca2d 9a7cb405f9beed005891587d41f76a0720893ffc e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9 Loading...

	owlunimmvn.com/lv/esnk/1944051/code.js	108 kB	2023-03-13	2023-03-13
Pretty URL owlunimmvn.com/lv/esnk/1944051/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:39 Last Seen2023-03-13 18:37:39 Times Seen1 Hash 38ba4ef03f668aa92c705b7ea4e98769 c4645c69886511fd94ad34ee8c68fe324254b3e4 d8a80cbda3338d639575aa240e0f33265672f6db583a605d99a98391badcf0e5 Loading...

	bg4nxu2u5t.com/aas/r45d/vki/1944053/8542c595.js	75 kB	2023-03-13	2023-03-13
Pretty URL bg4nxu2u5t.com/aas/r45d/vki/1944053/8542c595.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:39 Last Seen2023-03-13 18:37:39 Times Seen1 Hash f3433cf38eaac411ac150b0cb9a523ef e62709e93bc0de107cd54dc9e88276b761856cd7 d08f9ffe564c3c4498613acd8af0c69d6fa8e2d5087797b8696a6e938ed3f151 Loading...

	epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip	154 B	2023-03-11	2023-03-29
Pretty URL epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:34:53 Last Seen2023-03-29 22:40:36 Times Seen5 Hash 2af1452bd7d4375ca98d3e3a11d9de30 8be3fdf3bc6976fb2dd2c1b6753c1f7784eecabc 503e3cbd073cabc5c330127e1aeb655a2e0241a5c780fdb8058f4c17eb9895c1 Loading...

	owlunimmvn.com/get/1944051?zoneid=1944051&jp=_clhpjjw93dlkfxxzd4m2tz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8272594290812661	4.9 kB	2023-03-13	2023-03-13
Pretty URL owlunimmvn.com/get/1944051?zoneid=1944051&jp=_clhpjjw93dlkfxxzd4m2tz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8272594290812661 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:39 Last Seen2023-03-13 18:37:39 Times Seen1 Hash 3d0064cdf4c5167edd9f767e1b144848 6453e13ddb0733421e6cc98449979adccad456bd c5634c4d4883a2e830faa3fe8c915fbb462c1c7bfb20568cb607cdc24b730d7c Loading...

	limurol.com/ssp/req/1944053/?pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=pRs9KgBQ3sS0dRnwMwuui-oExF9MG23uEDO_Z6zQqYZYWLqZPaTa2lgI3duXPUPiRz8AWDQzFD925zoNLWHphwATdTIg4CtscdF_XleNgwP2cp5MtNeKf8bqaZEBC_MO8r4t2nxAC7h8jOy0k8C23jN7SNtLzfFlIEioTDiFDpkzBgVj-dXM7NFQYGF8BwTuV6KiVHoEHZ6dGqh3evmT7pBwIwksUe9McUdtl3wMOuPYm7Ay8031Sjr1CGMA1X0ONiPdw6CmAEvpg1mGYIV_JzcUvm3TZoGLCigJTaGcsaFivZmSknMf59Zrc-bQ5-GuLbl5b495LbVK3NpWxwskKJJp-RwtGnLKyVgglXWL9NchM2-SnEQtKIapo-xnf86p-zChk_RuEc3_cAUdnZ9tlHsgAk1-g6RAfBiaX6JuD8O63UWlHS374CZNQMWbf0JEa3f_ZqZ1uP5pe7FY0vTPaRsAqJvCD2jM2i87Qvfzvh6ECZNoV_HpcxugyN6-mNj4edbe4ordemWjPz35kjl3rpfPJ3dQZcFyEEXUPgzZIjynne3AlEm3CeAQgSYkoVH7XImamwCFcZKoo37WUSF5pdnaKGer1pmuuT885DlYTJ6OBYn2-XpcoD-_TQqteiM2AnQQCCfqFXWH_J35332JPPo=&cb=_cl0s1lrn1x0adkwcnoacyw&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1944053/?pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=pRs9KgBQ3sS0dRnwMwuui-oExF9MG23uEDO_Z6zQqYZYWLqZPaTa2lgI3duXPUPiRz8AWDQzFD925zoNLWHphwATdTIg4CtscdF_XleNgwP2cp5MtNeKf8bqaZEBC_MO8r4t2nxAC7h8jOy0k8C23jN7SNtLzfFlIEioTDiFDpkzBgVj-dXM7NFQYGF8BwTuV6KiVHoEHZ6dGqh3evmT7pBwIwksUe9McUdtl3wMOuPYm7Ay8031Sjr1CGMA1X0ONiPdw6CmAEvpg1mGYIV_JzcUvm3TZoGLCigJTaGcsaFivZmSknMf59Zrc-bQ5-GuLbl5b495LbVK3NpWxwskKJJp-RwtGnLKyVgglXWL9NchM2-SnEQtKIapo-xnf86p-zChk_RuEc3_cAUdnZ9tlHsgAk1-g6RAfBiaX6JuD8O63UWlHS374CZNQMWbf0JEa3f_ZqZ1uP5pe7FY0vTPaRsAqJvCD2jM2i87Qvfzvh6ECZNoV_HpcxugyN6-mNj4edbe4ordemWjPz35kjl3rpfPJ3dQZcFyEEXUPgzZIjynne3AlEm3CeAQgSYkoVH7XImamwCFcZKoo37WUSF5pdnaKGer1pmuuT885DlYTJ6OBYn2-XpcoD-_TQqteiM2AnQQCCfqFXWH_J35332JPPo=&cb=_cl0s1lrn1x0adkwcnoacyw&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	cdn.ouo.io/js/full-page-script.js	24 kB	2023-03-07	2024-04-05
Pretty URL cdn.ouo.io/js/full-page-script.js IP 104.22.22.162 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:10 Last Seen2024-04-05 15:17:43 Times Seen154 Hash 96bba75cededac75702ba6ac716d4973 775243f4de23825c140308e8f2c4cac797e5a750 5b373b36e3314ce0f7096a491c4a5b951aeb87dabca29702406e8b9bc28e0a0f Loading...

	epicload.com/assets/js/sweetalert.min.js	64 kB	2023-03-08	2024-04-12
Pretty URL epicload.com/assets/js/sweetalert.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:19:04 Last Seen2024-04-12 00:52:21 Times Seen43 Hash dce46388c839bdd70b88cb8339c033e8 bb5d6cd6622cc2318f3349d84bb936418d1a39ed 7932e705f64c749d2e3c36bef90dba918b5741b70379f67b4a73bc51ed522ed1 Loading...

	epicload.com/assets/js/dropzone.min.js	114 kB	2023-03-11	2024-04-12
Pretty URL epicload.com/assets/js/dropzone.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:34:53 Last Seen2024-04-12 00:52:21 Times Seen39 Hash d3b43640025d6b3029c4e6636d89b337 462c7f2beafceec7716741b062124c581d2580f7 2de1f3974af85593d6f56caaecf875ac2e2a5eb856c0e5887036af3656a985dc Loading...

	bg4nxu2u5t.com/get/1944053?zoneid=1944053&jp=_clfowgcuxkwbzrqwk3c4ez&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050469640236085	3.5 kB	2023-03-13	2023-03-13
Pretty URL bg4nxu2u5t.com/get/1944053?zoneid=1944053&jp=_clfowgcuxkwbzrqwk3c4ez&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050469640236085 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:39 Last Seen2023-03-13 18:37:39 Times Seen1 Hash 7f3e0fa73cdfa8e13224df9a031a2fd3 31b41a22561823d9217fdec7d1fcfb388dbb70d6 a41a6fbd470baf226695185d0cc139378f6a1f276f2f85027f0e249d45a2bfb0 Loading...

	epicload.com/assets/js/popper.min.js	20 kB	2023-03-07	2024-04-18
Pretty URL epicload.com/assets/js/popper.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:05 Last Seen2024-04-18 15:35:33 Times Seen686 Hash 25a41197a57da5decf8ed8d12947dac8 6033b9ffd1ac0a64aba77571cd55e681dbae2b99 051a8137b75880006ab58f47778ca713ed6c967130faba043c5cd0ed34517dc8 Loading...

	epicload.com/assets/js/jquery.min.js	90 kB	2023-03-07	2024-04-18
Pretty URL epicload.com/assets/js/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:27 Last Seen2024-04-18 10:42:28 Times Seen22946 Hash 00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Loading...

	epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip	1.2 kB	2023-03-13	2023-03-13
Pretty URL epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:37:39 Last Seen2023-03-13 18:37:39 Times Seen1 Hash f954db84e7be2efb6e0ea8be5b9c834f 354b3dc402c6f8997204f40cfe93388094fd8d6b 5044961c3613f9dd424d0afbf04e1db5d183373b6bd6661f0acf2cf71147527f Loading...

HTTP Transactions (53)

URL IP Response Size

epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip

188.114.96.1

301 Moved Permanently

0 B

URL HTTP/1.1
epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /files/e4q2D1Cr/Ennid%20Wong.zip HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 21:40:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 06 Feb 2023 22:40:52 GMT
Location: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDJsOuXuQJSoMoBm%2Fmgye19o24NBM5TpwM5ycAF79%2B22OoexNuWLxsLo%2FVaMiJRc0w7KTwGM3qkk4QEwrOlYfUl6vAckmKqsoAgKACINFJkBXEIenJevDCK2lp%2FO6oM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79570bf33f7db4ed-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10943
Expires: Tue, 07 Feb 2023 00:43:15 GMT
Date: Mon, 06 Feb 2023 21:40:52 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6269
Expires: Mon, 06 Feb 2023 23:25:21 GMT
Date: Mon, 06 Feb 2023 21:40:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 21:36:29 GMT
content-type: application/json
age: 263
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Tue, 07 Feb 2023 01:16:08 GMT
Date: Mon, 06 Feb 2023 21:40:52 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/fh4qol7VUpQ

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/fh4qol7VUpQ
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c9cbbfc2a1e0a1b508d0f5042c822827
0effd292e8a19ad951c4536b6379096d3aa93089
3c9a8270b6a8014fc4b8f6c98caa6af057c9d5e8a678f90ef516c495b1b8a94f

HTTP Headers

POST /s/gts1p5/fh4qol7VUpQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:52 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TnnoYIZfHloTsVtbAAq70HirORZRYInCWSPhdMvk5B7nO4OX4Qvd997qC13NylUG/tMd/oJFY84=
x-amz-request-id: SKXTH7TAXNFFD7TA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 21:35:16 GMT
age: 336
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:52 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/fh4qol7VUpQ

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/fh4qol7VUpQ
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c9cbbfc2a1e0a1b508d0f5042c822827
0effd292e8a19ad951c4536b6379096d3aa93089
3c9a8270b6a8014fc4b8f6c98caa6af057c9d5e8a678f90ef516c495b1b8a94f

HTTP Headers

POST /s/gts1p5/fh4qol7VUpQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:53 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
3e04ebaba8fbf9c25da03ce4ffcb65d0
cfa3ced2d11bd08b7d8c3990d97d1d36f659e34a
7130f5a3ea231b2be82f77cfe2134250c1cc0b20dad691db01681aacdc0ada94

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3654
Cache-Control: max-age=88711
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:53 GMT
Etag: "63e01d26-116"
Expires: Tue, 07 Feb 2023 22:19:24 GMT
Last-Modified: Sun, 05 Feb 2023 21:18:30 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278

epicload.com/templates/default/assets/images/logo.png

188.114.97.1

200 OK

9.1 kB

URL HTTP/2
epicload.com/templates/default/assets/images/logo.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 302 x 82, 8-bit/color RGBA, non-interlaced\012- data
Size
9.1 kB (9066 bytes)
Hash
5d239f4d6686d2e7d7c53440584f55c2
767e667f533f661d47a8dc3a3d644725de7c34ab
7fed14d8dbde8e2ed20e83939d157796d0e1f76f04bd4480c5036cb20775e6d0

HTTP Headers

GET /templates/default/assets/images/logo.png HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/png
content-length: 9066
last-modified: Sun, 16 Oct 2022 17:26:06 GMT
etag: "634c3eae-236a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bn7m6YmEy%2FQmyolH%2FDZww26OqRmawYjtAjRkcpJewSNH3aYgkz1AkewKfCR7yEkYAdBs0BbcrEfNvbCDKr7ijEs24HTxtKONimcE60LicGluuRi96S9Trz1WFoCWqho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d74fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/images/vpnanonlogin.png

188.114.97.1

200 OK

30 kB

URL HTTP/2
epicload.com/assets/images/vpnanonlogin.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 305 x 71, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (30357 bytes)
Hash
54a1f727648a656d815ded27a40a53a6
4867995f96c049d2971ab9453e6efa04024300dc
a1df29667f298c8f9b3838d7780c2f8cad700d3b939b935a0418a6b69269cff8

HTTP Headers

GET /assets/images/vpnanonlogin.png HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/png
content-length: 30357
last-modified: Fri, 11 Nov 2022 12:47:13 GMT
etag: "636e4451-7695"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jdwsl%2ByIOk%2BDpWs%2BiszkVjpFE%2BzJPuBIsT%2FgqB%2FDILLC9GcHPfRGCUnj4cte1alY6d2Az%2FOSugm7fXywtmT7nGWAoYJ0Q6bnLYUZh2Yq3%2Bh7YDJaAhAEa%2BNCVM5OI0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d75fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/css/dropzone.min.css

188.114.97.1

200 OK

3.2 kB

URL HTTP/2
epicload.com/assets/css/dropzone.min.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
3.2 kB (3244 bytes)
Hash
1897d05969068af455d3dbcf4a83d11a
81a3b7a5a7e305bc5b698b036b2e431a85be1c43
be5e096a400dcdf59c24f25c753dc33f9a84f2cd03163f3599852efeb9e5a451

HTTP Headers

GET /assets/css/dropzone.min.css HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/css
last-modified: Sun, 16 Oct 2022 17:24:29 GMT
etag: W/"634c3e4d-25ce"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vdchc0W1Leuqut%2BqOQCV3pV%2FSfwKtoUbkyEVMUKXzKUfvk%2BH0xLWw4GkQUZaSe3myoNSpERQ2r9jI%2F5h7Z6DttgP14YpF0%2BWA7N07hFizoFxtfCEDuFbyS89hhGhLE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf6fd65fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 21:07:20 GMT
age: 2013
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7976fce1eaffa01f3d8f9cf15d7a6577
3351590a53cb4a86d6e872a11d60af98d347b3bc
75114aabc76d4feb7ddf3c5a75c9f1c5544442bc4c30c94044afa2b5a55e3179

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4945
Cache-Control: max-age=159549
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:53 GMT
Etag: "63e12cd1-117"
Expires: Wed, 08 Feb 2023 18:00:02 GMT
Last-Modified: Mon, 06 Feb 2023 16:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279

owlunimmvn.com/lv/esnk/1944052/code.js

62.122.171.6

200 OK

44 kB

URL HTTP/2
owlunimmvn.com/lv/esnk/1944052/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
44 kB (44032 bytes)
Hash
a594957e9d1437263b5a77225fec82cf
a29eb86608d47cea86b045af57b42c9562888d1e
e78148d0bee4265c24ef928c6efb4b3646e88bd8771b19a176bdcd5c233605e3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1944052/code.js HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 10:48:43 GMT
vary: Accept-Encoding
etag: W/"63d8f20b-1a5bb"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7976fce1eaffa01f3d8f9cf15d7a6577
3351590a53cb4a86d6e872a11d60af98d347b3bc
75114aabc76d4feb7ddf3c5a75c9f1c5544442bc4c30c94044afa2b5a55e3179

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4945
Cache-Control: max-age=159549
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:53 GMT
Etag: "63e12cd1-117"
Expires: Wed, 08 Feb 2023 18:00:02 GMT
Last-Modified: Mon, 06 Feb 2023 16:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279

cdn.bncloudfl.com/bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg

104.22.15.198

200 OK

25 kB

URL HTTP/2
cdn.bncloudfl.com/bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg
IP
104.22.15.198:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 300x250, components 3\012- data
Size
25 kB (24956 bytes)
Hash
86cb270cc41259bae3cb57b58853a364
105f5dab91e4fe599cf57d788d480ff3adb5f944
e76b1868cedc8517a332b92f76b022550dce5d9f6da597d94d52fa441735c88c

HTTP Headers

GET /bn/8bb/9f7/8bf/8bb9f78bf7d01a053ac73b34735468c1c488b3cc.jpg HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/jpeg
content-length: 24956
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25602, status=webp_bigger
etag: 8111d6709b49f39d21f280836ae2b038
expires: Wed, 08 Feb 2023 13:55:13 GMT
last-modified: Fri, 30 Dec 2022 09:28:13 GMT
x-openstack-request-id: txb4f123edf91e42e286674-0063aeaf77
x-proxy-cache: HIT
x-timestamp: 1672392492.78160
x-trans-id: txb4f123edf91e42e286674-0063aeaf77
cf-cache-status: HIT
age: 27940
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 79570bf9ff28b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.bncloudfl.com/bn/d72/57c/872/d7257c872cf09e6feb0eb555b20920ff28aea08f.gif

104.22.15.198

200 OK

270 kB

URL HTTP/2
cdn.bncloudfl.com/bn/d72/57c/872/d7257c872cf09e6feb0eb555b20920ff28aea08f.gif
IP
104.22.15.198:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 300 x 100\012- data
Size
270 kB (269988 bytes)
Hash
bf697efd67c7bc916699a5cfe1dd005f
d7257c872cf09e6feb0eb555b20920ff28aea08f
39fce10f59ebb9da307d8f32d1b3827cc7a580a31dfe2e2a4397d595ff1badba

HTTP Headers

GET /bn/d72/57c/872/d7257c872cf09e6feb0eb555b20920ff28aea08f.gif HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/gif
content-length: 269988
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: bf697efd67c7bc916699a5cfe1dd005f
expires: Tue, 07 Feb 2023 16:37:31 GMT
last-modified: Thu, 12 Jan 2023 16:20:25 GMT
x-openstack-request-id: txca243b4299ce4be1b000e-0063c033b3
x-proxy-cache: HIT
x-timestamp: 1673540424.69581
x-trans-id: txca243b4299ce4be1b000e-0063c033b3
cf-cache-status: HIT
age: 104602
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 79570bfa0f3cb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

280 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
280 B (280 bytes)
Hash
5661196684e8851fd71656049c561b3e
9ff563831db43603871763c2aa54ebb11b8f2f58
dc230a0c22ae32ad72912e2456dc0441bb5c2a0b800695e419b769af24830030

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:40:53 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 16:43:12 GMT
Expires: Sun, 12 Feb 2023 16:43:11 GMT
Etag: "9ff563831db43603871763c2aa54ebb11b8f2f58"
Cache-Control: max-age=499937,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79570bf9ea870b39-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

280 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
280 B (280 bytes)
Hash
5661196684e8851fd71656049c561b3e
9ff563831db43603871763c2aa54ebb11b8f2f58
dc230a0c22ae32ad72912e2456dc0441bb5c2a0b800695e419b769af24830030

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:40:53 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 16:43:12 GMT
Expires: Sun, 12 Feb 2023 16:43:11 GMT
Etag: "9ff563831db43603871763c2aa54ebb11b8f2f58"
Cache-Control: max-age=499937,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79570bf9e820b521-OSL

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5352
Expires: Mon, 06 Feb 2023 23:10:05 GMT
Date: Mon, 06 Feb 2023 21:40:53 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7976fce1eaffa01f3d8f9cf15d7a6577
3351590a53cb4a86d6e872a11d60af98d347b3bc
75114aabc76d4feb7ddf3c5a75c9f1c5544442bc4c30c94044afa2b5a55e3179

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4945
Cache-Control: max-age=159549
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 21:40:53 GMT
Etag: "63e12cd1-117"
Expires: Wed, 08 Feb 2023 18:00:02 GMT
Last-Modified: Mon, 06 Feb 2023 16:37:37 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279

owlunimmvn.com/chicken.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
owlunimmvn.com/chicken.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0 HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2302061640a3a4b3786f6c494ea2012846b6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACPunQAAAAAAAAAB; Path=/; Expires=Wed, 08 Mar 2023 21:40:53 GMT; Secure; SameSite=None
OACIBLOCK=ACPunQAAAABj4WpQ; Path=/; Expires=Wed, 08 Mar 2023 21:40:53 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 07 Feb 2023 21:40:53 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

owlunimmvn.com/chicken.gif?z=1944052&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qVywBK1nRtsIr8ymtnRRphLeFeY9F43qz9dB5mG4u7Cl9x4w6T7PuW0qCaG3WHKqeqC-AMUatn12aMzu7wYUuYquWm1qJs7WNGxOoCdMcZN0_U-d1ecB1ymJ-vbsnPAdmqjzNBHxnGZueFCSZmDTP-PEOuJdRJspqwBU6HV6ppAiPI090ND1CV-9klNKHXA3EQfY6_NW7fh6jv1hXc-emIFxCU8OZ9A72uM56qLsaTw0YaM3oFO0OYX_wiC0I-0yA4arqiTdKauZLqCFzheS-ddK3uzKEbvdviw6p72YBQ5iV-hSfFodTEj0ATtqw19pPqTHtrXLoQGXH9W7wp2lZyYZze8kN7giIMS8t3u3f1fXE7Y3j1DMniopS5_W38ketnbNBL7FeA99zkeK1QhS9AUzYoFHcAc41e0v-MYflwO4BkDglNHbBKXQfkFR7ofXlCxnK7Q5LWpq19Ufu799YSPBLTNGKs5meGsc5obCtk-xPCUvTU9t_DefQcueqa8-c31MQELyj2BJg-XRgrM949ho8FqTnkuywqN94DZZLvhxq48UJT5KVkRrBBSkGkmI45g2HHGXUKYK5aEBpQW89kfz8arHxvq8UsqzWgF0M-6ADlXpD4U3gt3pLEetmF53G84GBs9BFeWwDQ0IraFfdl3MQcOCoTaWoc2Sc40EYSghkvMSR8UyBtRKUJ4nybXWAx7gVI0lJut3q6KYzobDSTlDZCgEgpRD6XXUKifcpnZfwsOT7tUWfUaSoo7KrGuKT56ubyWzEpt25Hq5MVq59RSeUzNNWDUdMdwgMPD3IbxNGitR5ahyt4ocdylS3uRg1P3Cs10yhsVIpLbiexcGoBMqISwAa0XzUO-psnQQLuOG9_cQLeCs51K9nh7AtVGrl2gkZu1tmwkggCPXC36mBbHhvdL25FlZD9Abu3aa4QGR_RYVVHVU2ulL91I7VYwDbJjIGk1m1IfpvIwSXg==&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
owlunimmvn.com/chicken.gif?z=1944052&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qVywBK1nRtsIr8ymtnRRphLeFeY9F43qz9dB5mG4u7Cl9x4w6T7PuW0qCaG3WHKqeqC-AMUatn12aMzu7wYUuYquWm1qJs7WNGxOoCdMcZN0_U-d1ecB1ymJ-vbsnPAdmqjzNBHxnGZueFCSZmDTP-PEOuJdRJspqwBU6HV6ppAiPI090ND1CV-9klNKHXA3EQfY6_NW7fh6jv1hXc-emIFxCU8OZ9A72uM56qLsaTw0YaM3oFO0OYX_wiC0I-0yA4arqiTdKauZLqCFzheS-ddK3uzKEbvdviw6p72YBQ5iV-hSfFodTEj0ATtqw19pPqTHtrXLoQGXH9W7wp2lZyYZze8kN7giIMS8t3u3f1fXE7Y3j1DMniopS5_W38ketnbNBL7FeA99zkeK1QhS9AUzYoFHcAc41e0v-MYflwO4BkDglNHbBKXQfkFR7ofXlCxnK7Q5LWpq19Ufu799YSPBLTNGKs5meGsc5obCtk-xPCUvTU9t_DefQcueqa8-c31MQELyj2BJg-XRgrM949ho8FqTnkuywqN94DZZLvhxq48UJT5KVkRrBBSkGkmI45g2HHGXUKYK5aEBpQW89kfz8arHxvq8UsqzWgF0M-6ADlXpD4U3gt3pLEetmF53G84GBs9BFeWwDQ0IraFfdl3MQcOCoTaWoc2Sc40EYSghkvMSR8UyBtRKUJ4nybXWAx7gVI0lJut3q6KYzobDSTlDZCgEgpRD6XXUKifcpnZfwsOT7tUWfUaSoo7KrGuKT56ubyWzEpt25Hq5MVq59RSeUzNNWDUdMdwgMPD3IbxNGitR5ahyt4ocdylS3uRg1P3Cs10yhsVIpLbiexcGoBMqISwAa0XzUO-psnQQLuOG9_cQLeCs51K9nh7AtVGrl2gkZu1tmwkggCPXC36mBbHhvdL25FlZD9Abu3aa4QGR_RYVVHVU2ulL91I7VYwDbJjIGk1m1IfpvIwSXg==&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1944052&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qVywBK1nRtsIr8ymtnRRphLeFeY9F43qz9dB5mG4u7Cl9x4w6T7PuW0qCaG3WHKqeqC-AMUatn12aMzu7wYUuYquWm1qJs7WNGxOoCdMcZN0_U-d1ecB1ymJ-vbsnPAdmqjzNBHxnGZueFCSZmDTP-PEOuJdRJspqwBU6HV6ppAiPI090ND1CV-9klNKHXA3EQfY6_NW7fh6jv1hXc-emIFxCU8OZ9A72uM56qLsaTw0YaM3oFO0OYX_wiC0I-0yA4arqiTdKauZLqCFzheS-ddK3uzKEbvdviw6p72YBQ5iV-hSfFodTEj0ATtqw19pPqTHtrXLoQGXH9W7wp2lZyYZze8kN7giIMS8t3u3f1fXE7Y3j1DMniopS5_W38ketnbNBL7FeA99zkeK1QhS9AUzYoFHcAc41e0v-MYflwO4BkDglNHbBKXQfkFR7ofXlCxnK7Q5LWpq19Ufu799YSPBLTNGKs5meGsc5obCtk-xPCUvTU9t_DefQcueqa8-c31MQELyj2BJg-XRgrM949ho8FqTnkuywqN94DZZLvhxq48UJT5KVkRrBBSkGkmI45g2HHGXUKYK5aEBpQW89kfz8arHxvq8UsqzWgF0M-6ADlXpD4U3gt3pLEetmF53G84GBs9BFeWwDQ0IraFfdl3MQcOCoTaWoc2Sc40EYSghkvMSR8UyBtRKUJ4nybXWAx7gVI0lJut3q6KYzobDSTlDZCgEgpRD6XXUKifcpnZfwsOT7tUWfUaSoo7KrGuKT56ubyWzEpt25Hq5MVq59RSeUzNNWDUdMdwgMPD3IbxNGitR5ahyt4ocdylS3uRg1P3Cs10yhsVIpLbiexcGoBMqISwAa0XzUO-psnQQLuOG9_cQLeCs51K9nh7AtVGrl2gkZu1tmwkggCPXC36mBbHhvdL25FlZD9Abu3aa4QGR_RYVVHVU2ulL91I7VYwDbJjIGk1m1IfpvIwSXg==&abvar=0&os=0 HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2302061640a3a4b3786f6c494ea2012846b6; OACICAP=ACPunQAAAAAAAAAB; OACIBLOCK=ACPunQAAAABj4WpQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACPunQAAAAAAAAABACQzCgAAAAAAAAAB; Path=/; Expires=Wed, 08 Mar 2023 21:40:53 GMT; Secure; SameSite=None
OACIBLOCK=ACPunQAAAABj4WpQACQzCgAAAABj4WpQ; Path=/; Expires=Wed, 08 Mar 2023 21:40:53 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Tue, 07 Feb 2023 21:40:53 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.buypass.com/

23.36.76.129

200 OK

1.7 kB

URL HTTP/1.1
ocsp.buypass.com/
IP
23.36.76.129:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.7 kB (1701 bytes)
Hash
7e87cb5d27995939e311372dd7ecb21d
1a7780a3de52edb9047b25da569f310544d6cd5a
1b425d03b334f011aad436d246f1be594b0db2d7c06faab1c2a0f8f262a1b03c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 329b50a0-f741-4fad-b52e-db14e8e8c1c6
Content-Length: 1701
Date: Mon, 06 Feb 2023 21:40:53 GMT
Connection: keep-alive

limurol.com/ssp/req/1944053/?pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=pRs9KgBQ3sS0dRnwMwuui-oExF9MG23uEDO_Z6zQqYZYWLqZPaTa2lgI3duXPUPiRz8AWDQzFD925zoNLWHphwATdTIg4CtscdF_XleNgwP2cp5MtNeKf8bqaZEBC_MO8r4t2nxAC7h8jOy0k8C23jN7SNtLzfFlIEioTDiFDpkzBgVj-dXM7NFQYGF8BwTuV6KiVHoEHZ6dGqh3evmT7pBwIwksUe9McUdtl3wMOuPYm7Ay8031Sjr1CGMA1X0ONiPdw6CmAEvpg1mGYIV_JzcUvm3TZoGLCigJTaGcsaFivZmSknMf59Zrc-bQ5-GuLbl5b495LbVK3NpWxwskKJJp-RwtGnLKyVgglXWL9NchM2-SnEQtKIapo-xnf86p-zChk_RuEc3_cAUdnZ9tlHsgAk1-g6RAfBiaX6JuD8O63UWlHS374CZNQMWbf0JEa3f_ZqZ1uP5pe7FY0vTPaRsAqJvCD2jM2i87Qvfzvh6ECZNoV_HpcxugyN6-mNj4edbe4ordemWjPz35kjl3rpfPJ3dQZcFyEEXUPgzZIjynne3AlEm3CeAQgSYkoVH7XImamwCFcZKoo37WUSF5pdnaKGer1pmuuT885DlYTJ6OBYn2-XpcoD-_TQqteiM2AnQQCCfqFXWH_J35332JPPo=&cb=_cl0s1lrn1x0adkwcnoacyw&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1944053/?pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=pRs9KgBQ3sS0dRnwMwuui-oExF9MG23uEDO_Z6zQqYZYWLqZPaTa2lgI3duXPUPiRz8AWDQzFD925zoNLWHphwATdTIg4CtscdF_XleNgwP2cp5MtNeKf8bqaZEBC_MO8r4t2nxAC7h8jOy0k8C23jN7SNtLzfFlIEioTDiFDpkzBgVj-dXM7NFQYGF8BwTuV6KiVHoEHZ6dGqh3evmT7pBwIwksUe9McUdtl3wMOuPYm7Ay8031Sjr1CGMA1X0ONiPdw6CmAEvpg1mGYIV_JzcUvm3TZoGLCigJTaGcsaFivZmSknMf59Zrc-bQ5-GuLbl5b495LbVK3NpWxwskKJJp-RwtGnLKyVgglXWL9NchM2-SnEQtKIapo-xnf86p-zChk_RuEc3_cAUdnZ9tlHsgAk1-g6RAfBiaX6JuD8O63UWlHS374CZNQMWbf0JEa3f_ZqZ1uP5pe7FY0vTPaRsAqJvCD2jM2i87Qvfzvh6ECZNoV_HpcxugyN6-mNj4edbe4ordemWjPz35kjl3rpfPJ3dQZcFyEEXUPgzZIjynne3AlEm3CeAQgSYkoVH7XImamwCFcZKoo37WUSF5pdnaKGer1pmuuT885DlYTJ6OBYn2-XpcoD-_TQqteiM2AnQQCCfqFXWH_J35332JPPo=&cb=_cl0s1lrn1x0adkwcnoacyw&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1944053/?pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=pRs9KgBQ3sS0dRnwMwuui-oExF9MG23uEDO_Z6zQqYZYWLqZPaTa2lgI3duXPUPiRz8AWDQzFD925zoNLWHphwATdTIg4CtscdF_XleNgwP2cp5MtNeKf8bqaZEBC_MO8r4t2nxAC7h8jOy0k8C23jN7SNtLzfFlIEioTDiFDpkzBgVj-dXM7NFQYGF8BwTuV6KiVHoEHZ6dGqh3evmT7pBwIwksUe9McUdtl3wMOuPYm7Ay8031Sjr1CGMA1X0ONiPdw6CmAEvpg1mGYIV_JzcUvm3TZoGLCigJTaGcsaFivZmSknMf59Zrc-bQ5-GuLbl5b495LbVK3NpWxwskKJJp-RwtGnLKyVgglXWL9NchM2-SnEQtKIapo-xnf86p-zChk_RuEc3_cAUdnZ9tlHsgAk1-g6RAfBiaX6JuD8O63UWlHS374CZNQMWbf0JEa3f_ZqZ1uP5pe7FY0vTPaRsAqJvCD2jM2i87Qvfzvh6ECZNoV_HpcxugyN6-mNj4edbe4ordemWjPz35kjl3rpfPJ3dQZcFyEEXUPgzZIjynne3AlEm3CeAQgSYkoVH7XImamwCFcZKoo37WUSF5pdnaKGer1pmuuT885DlYTJ6OBYn2-XpcoD-_TQqteiM2AnQQCCfqFXWH_J35332JPPo=&cb=_cl0s1lrn1x0adkwcnoacyw&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2302061640a1ea6aa1d72b44b5990426330b; Path=/; Expires=Tue, 06 Feb 2024 21:40:53 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ad.a-ads.com/2103286?size=300x250

148.251.53.118

200 OK

4.7 kB

URL HTTP/2
ad.a-ads.com/2103286?size=300x250
IP
148.251.53.118:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
4.7 kB (4730 bytes)
Hash
69636dbf72da08c51e9372b306f02b22
129ee1f03ddbb78ad373da7f4a7089d32b048471
0134b68a9999a00e23a0e769fedff2014d17c90c03ce2b00537f1d4ddba1a134

HTTP Headers

GET /2103286?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://epicload.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2

epicload.com/templates/default/assets/js/app.js?time=1675719652

188.114.97.1

200 OK

8.1 kB

URL HTTP/2
epicload.com/templates/default/assets/js/app.js?time=1675719652
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
8.1 kB (8078 bytes)
Hash
8a336c17d5d91fe68d7c03659972895b
f284e357ed3405db9e0c5a4b228740bf73a84f41
8b670c13543e2b5e08d4af7fe0f0414aae9e57430e57c7d531d4e254ca25bc3e

HTTP Headers

GET /templates/default/assets/js/app.js?time=1675719652 HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 19 Oct 2022 03:24:53 GMT
etag: W/"634f6e05-3b3b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xRYlcgtErjlane7UvoLwAJ7k0fQrOGfo9W56BZd%2BsMsXl7bKZ24523EuJL09qZ9TYjqOyo4Ankb0MAFWfAvlw4R44hzxTYkpG%2BMM2hmSL6oppp0gVGcq7rqzAHbmAGk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf71d92fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/js/bootstrap.min.js

188.114.97.1

200 OK

16 kB

URL HTTP/2
epicload.com/assets/js/bootstrap.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (60201)
Size
16 kB (16079 bytes)
Hash
1d2bf47dd78cd62663f3cbc992bb55bf
294b31758a764287377f5406a742a33cd60c0593
e8907b7d69fd8bd3d4602ec92d745cf98074bfdf57562cb60ff95e36b7bd4dcd

HTTP Headers

GET /assets/js/bootstrap.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:37 GMT
etag: W/"634c3e55-ec40"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzltX8B07OfLbnE1Ax16vp8VkeCzPdfnAvsiaSBHndaSD8cBE7KtuFWbfq9djDqLP3sZepHb1wkBuliExvPO4FQI9l%2FVvB0ocH5d48LS%2FHp%2F5YuvKnkKlhH4SxlX388%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d6bfac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.a-ads.com/a-ads-banners/425767/300x250?region=eu-central-1

148.251.53.118

200 OK

553 kB

URL HTTP/2
static.a-ads.com/a-ads-banners/425767/300x250?region=eu-central-1
IP
148.251.53.118:0
ASN
#24940 Hetzner Online GmbH

File type
GIF image data, version 89a, 300 x 250\012- data
Size
553 kB (552597 bytes)
Hash
5c0fd175092e25b5de58f290130b733e
000b2ac0d1c8995e66b7b4ae791669d68f0ab5c0
3f58e323e0745728f7fd308f10db7937e3a8a5489eeae60b9bbb74f43a51390c

HTTP Headers

GET /a-ads-banners/425767/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/gif
content-length: 552597
x-amz-id-2: //ufrwfbpSGrCDPfOqrhfjthwzkuLOs3L8eDnaVDOM75cztcLDGJUb+HfRZL7mYkzZctIyjlwGg=
x-amz-request-id: DYASMG9BX8MPQQJG
x-amz-replication-status: COMPLETED
last-modified: Mon, 14 Nov 2022 10:39:43 GMT
etag: "5c0fd175092e25b5de58f290130b733e"
cache-control: max-age=315360000
x-amz-version-id: pn1p08TBgSXsvFMFjZkGq2BsNKxSewr9
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

owlunimmvn.com/whob.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
owlunimmvn.com/whob.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /whob.gif?z=1944051&pb=7fee08b43daecc994d9fbd445cd7312a1675726853&psp=qviB3YYWQpEWYAqfwGlw3ddat6k8I3UnaTVluhB4wmcE27PQTtWgQhYq9mIYeThfO9qd_YwuTZhzY-rgFrguxRfWHM6vIEwxYeKO3W0qQCMej431sEA1x36Mvj7YSviw8gUEjs3yKVqss2B0ZG4wLT3VCMOx3tcFEjxIiYqNMxC3NBu4gVw1v1SGjVIq-w_AOu5cREV6-xB6H9g2Pw4jOKpa324qZywV5ptfepcbkwuODfLBaCG6dzjS8X2k1s5b9XjT2CrKE5vba9vbzdhOuSIexeFwPwU3sj1sEeUE7C_ejeUOhffALbE3iMeoFKusV56npaa6Dyt13trUqru4gRTd54gePI3l2DZdivGyDTfPbhNfzJ-bRKdpoJz5vkfsGMkJjcH8ywml9Z7XfeKf-0-qL9Tt7MXISWyVKEmjDAYJXnUjdSXuBUZ8RWx9jT-D6RKx3sjSrsjRRO7YYQxtAYGol2qz6jB7xQwDhAqBqwDnR3Z7CvGaJjBOX8xN4PqbBWn8_ZdzTQPRTfcCI9nMvSGCj3urs7t6Fqyw9mUsDu1Hihc-usF0V54-LqMLUBY8P6ZuIWeJbe1kcT8ecWJo3vDmr9DTojPwgZSRb5a3WaqjssjWUHwY6_MaSqTzsl4xvV-LSM0gYSdKU2C1uHkGEDesmZSVhQx-PtixvpGehe6TTgOMM-Ta2lmvRUdmKqNtyEC2_hbYjOKOOkM1FA5bRDqEugcDZypW4Mqdsd-YxKzZXyIuY5UH3bWeOOS71kGTT5Xz63pWOjB1gDAdiuJQdp5QKnlsE8opTpJ3ml2KC7pQc4D39HoaDxj3kP0wxQXD3hfje6YDcOfJ-vBFFGEJsKDfdm90QMQ4s3sShky_18j6FqW9g1ZQQbEWkr2AXwTTAgzn7OQhKjb6LO_NRmq-v_af01Pg9z0MLZLNZVoVz4BV15HOmoxxiTvcGqWlwMNYAFW0GlcrNJpv7D5CPg==&abvar=0&os=0 HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2302061640a3a4b3786f6c494ea2012846b6; OACICAP=ACPunQAAAAAAAAABACQzCgAAAAAAAAAB; OACIBLOCK=ACPunQAAAABj4WpQACQzCgAAAABj4WpQ; ppucnt=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

epicload.com/assets/js/clipboard.min.js

188.114.97.1

200 OK

3.7 kB

URL HTTP/2
epicload.com/assets/js/clipboard.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
3.7 kB (3713 bytes)
Hash
4c4fff6ad9e92fbefe049f6d627bff2a
ae75c55d6c9f12914a896b7419e14f44c0fb006b
52a47a99fcd904de94f0a158b8cd06b44c9f18d12c99b4c1330025c9a71a1913

HTTP Headers

GET /assets/js/clipboard.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:37 GMT
etag: W/"634c3e55-23c8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2oAKVEmaSP4cJTXMVhgmFIFzdfKTQttkujrUIi9LkQjFV3%2FcmKO9RroKIdA%2FqonCTirc%2B67MuQm%2Ffbq7qK0yx38U%2BccrgrFzj6rtQDGB8XyuQtFwv8%2FIxPeDDQJ4TE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d6dfac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9634
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 21:40:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9634
Expires: Tue, 07 Feb 2023 00:21:28 GMT
Date: Mon, 06 Feb 2023 21:40:54 GMT
Connection: keep-alive

owlunimmvn.com/lv/esnk/1944051/code.js

62.122.171.6

200 OK

54 kB

URL HTTP/2
owlunimmvn.com/lv/esnk/1944051/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
54 kB (53797 bytes)
Hash
913ce8dc15abc51282236c5bd7faba91
913cd3c82a0fbf7bd0c3cc918cd41ba3ee36cec1
8b517a540858762af235d5650c2a54edaab217cea16536be9a8564ec73f3d5e3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1944051/code.js HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 10:48:43 GMT
vary: Accept-Encoding
etag: W/"63d8f20b-1a5bb"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4442 bytes)
Hash
7d8c3ebd17a435401c7f9fe3b8f842be
f2106be148fea23bf961fcdb69ea4cb127aa5f3e
ee708e68414539c75ddc077e0be7b75a86fd4fc9b6c1ddd1da86d0b9aca35558

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4442
x-amzn-requestid: 1bb3d1b3-ff58-4b0d-9a2b-c25797530c5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQG1JoAMFRtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1bb478453ececa9613e7e4a2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9U-7wtL1xaLoE87hXcnrcTp-LCseI5ne10812N_9F_arqyi703w7Ng==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:10 GMT
age: 85844
etag: "f2106be148fea23bf961fcdb69ea4cb127aa5f3e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12256 bytes)
Hash
062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q5tAmSUsPHlKjkJSksZpvVrOAsduYKg0uuTlc03yvuhtO1BUKlHyuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:54:29 GMT
age: 49585
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7851 bytes)
Hash
13572f84ad268caedcc897f2ad7b9baf
afb91ab43953e8915a2169618d2ab5e330cde0a1
0fb8b09608dc293b2084953b948cc7d8a7aa7bcb525090a7e44d5cb2a725fab3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7851
x-amzn-requestid: 11d3fe95-844b-4e5d-b31c-f99e96e2b608
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHeEIAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-602b91422dff88a750b8e3e9;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LXNdWi5iKCUI61c2z3spsg5_DGu1jnZ4cIACc3MCmqWP57RveBMGw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 85851
etag: "afb91ab43953e8915a2169618d2ab5e330cde0a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10514 bytes)
Hash
9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:33:53 GMT
age: 421
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

owlunimmvn.com/get/1944051?zoneid=1944051&jp=_clhpjjw93dlkfxxzd4m2tz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8272594290812661

62.122.171.6

200 OK

10 kB

URL HTTP/2
owlunimmvn.com/get/1944051?zoneid=1944051&jp=_clhpjjw93dlkfxxzd4m2tz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8272594290812661
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
10 kB (10237 bytes)
Hash
f75e67eecf4ebad36e86c20625ca7458
a63b09b52cf34141184bfd3ce44c760d8655f950
983522b40ec082f50dfb1c7f117a02f1facd4b518534e799ba4c98d82b753f1e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1944051?zoneid=1944051&jp=_clhpjjw93dlkfxxzd4m2tz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8272594290812661 HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=23020616409658a89b814649e7a9f288aaee; Path=/; Expires=Tue, 06 Feb 2024 21:40:53 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

bg4nxu2u5t.com/aas/r45d/vki/1944053/8542c595.js

62.122.171.6

200 OK

0 B

URL HTTP/2
bg4nxu2u5t.com/aas/r45d/vki/1944053/8542c595.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1944053/8542c595.js HTTP/1.1
Host: bg4nxu2u5t.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 10:48:43 GMT
vary: Accept-Encoding
etag: W/"63d8f20b-12684"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

epicload.com/assets/js/jquery.min.js

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/js/jquery.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:39 GMT
etag: W/"634c3e57-15e40"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83hrUm4aTqmGfaacZ8TyfB6b8J%2Bn6tHOaQBRkHCe2biHoMcNWXGkunaDlXHJDzBQbsX8Fh8WJrujD33jxpSmLVbEzz1i%2BNf1ftE3dVoND4oZfnfbFA6f9MRwiwGzTog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf6fd68fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/js/sweetalert.min.js

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/js/sweetalert.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/sweetalert.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:40 GMT
etag: W/"634c3e58-f9ad"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQK1R9662C12c1%2FsVkb4%2FMAvg8Md6H0okQHRRXpDZuKMTx%2FI7sinvhkoahAlY5ISkJy2D9UR8Qi9gG6Tj3fQb7R86QisOOTT6RgHIuldRAe%2FSIrDv8NCbkXZtsKDl0U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d6efac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/js/dropzone.min.js

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/js/dropzone.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/dropzone.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:38 GMT
etag: W/"634c3e56-1bc91"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBQ%2BZRZnasCHASEE9mTewMxNy0bnHlIIT67lkqQALiSLBqDZg9ZyY8AW8yBey8LHEbFW6NCjvDZpl76wVY9ZAV5TkY9e7zXgxa4B9BKjVwBtyxc0vKgihbUy6PHYn1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d6cfac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bg4nxu2u5t.com/get/1944053?zoneid=1944053&jp=_clfowgcuxkwbzrqwk3c4ez&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050469640236085

62.122.171.6

200 OK

0 B

URL HTTP/2
bg4nxu2u5t.com/get/1944053?zoneid=1944053&jp=_clfowgcuxkwbzrqwk3c4ez&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050469640236085
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1944053?zoneid=1944053&jp=_clfowgcuxkwbzrqwk3c4ez&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050469640236085 HTTP/1.1
Host: bg4nxu2u5t.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2302061640d87bc2480e9c480292b8d6a44f; Path=/; Expires=Tue, 06 Feb 2024 21:40:53 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /files/e4q2D1Cr/Ennid%20Wong.zip HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; expires=Mon, 06 Feb 2023 23:40:52 GMT; Max-Age=7200; path=/; samesite=lax
epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D; expires=Mon, 06 Feb 2023 23:40:52 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq4j8vnMMNidi%2BvLnJfaccYKeFRb3kEggFD1S29kn9AZHTHP3Hh7OjuRy%2BZzDX15oix99oRsVd7VxXTcE7vIP9OWCS2Dbki6cJOpmTjtC3IquUGMOiU%2B3jeqHWVLs0U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf56c15fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/css/bootstrap.min.css

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/css/bootstrap.min.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/css
last-modified: Sun, 16 Oct 2022 17:24:28 GMT
etag: W/"634c3e4c-2f955"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFyN2sIMDQc8k5uJ0Ff3utefwkvXle7rvT5AB01%2BrGZU3K1H6q6%2BBFiVRFMhSlTZFw71hAxU1Ai%2BIwu0LmPGW%2F30a4Y0vd%2BJoEaenoL6P8uh%2BedeYHRn0Rnhfs4zUFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf6fd63fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/js/popper.min.js

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/js/popper.min.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/popper.min.js HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Oct 2022 17:24:40 GMT
etag: W/"634c3e58-4e7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2BqOIusAtfKEmt5fznVSZjm9rPMtgMv4LbNgZBao27TXS8NbNNfQjMYVBAXtoVgGcRNQtvVCoTE3oab7PKLAB%2Fi9RqcKCxD8KE2Y1Pe0Hm69bTEwwkCvmtGd%2FohwG3E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d69fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.ouo.io/js/full-page-script.js

104.22.22.162

200 OK

0 B

URL HTTP/2
cdn.ouo.io/js/full-page-script.js
IP
104.22.22.162:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/full-page-script.js HTTP/1.1
Host: cdn.ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
etag: W/"5a17d83f-5e9e"
expires: Tue, 07 Feb 2023 00:27:33 GMT
last-modified: Fri, 24 Nov 2017 08:28:47 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 33200
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf798950b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

owlunimmvn.com/get/1944052?zoneid=1944052&jp=_clo2lisk7a85kecttl5qyc&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4050469640272437

62.122.171.6

200 OK

0 B

URL HTTP/2
owlunimmvn.com/get/1944052?zoneid=1944052&jp=_clo2lisk7a85kecttl5qyc&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4050469640272437
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1944052?zoneid=1944052&jp=_clo2lisk7a85kecttl5qyc&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4050469640272437 HTTP/1.1
Host: owlunimmvn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2302061640a3a4b3786f6c494ea2012846b6; Path=/; Expires=Tue, 06 Feb 2024 21:40:53 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

epicload.com/templates/default/assets/css/app.css?time=1675719652

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/templates/default/assets/css/app.css?time=1675719652
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /templates/default/assets/css/app.css?time=1675719652 HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/css
last-modified: Fri, 21 Oct 2022 02:35:54 GMT
etag: W/"6352058a-3495"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btyRWQY0frSH3jvu%2BkaOJcDL%2BxJk6MjEwTyoQAS4mdgXTc397DZ%2Fy2thpQYg76OAmeUF3SZdBnH72mx9MOaQR1eTWA%2F8xGeBVe4g2tHOX%2BcZ%2BoLPfsyfESQY5bYyun4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf70d70fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

epicload.com/assets/css/sweetalert.min.css

188.114.97.1

200 OK

0 B

URL HTTP/2
epicload.com/assets/css/sweetalert.min.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/css/sweetalert.min.css HTTP/1.1
Host: epicload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://epicload.com/files/e4q2D1Cr/Ennid%20Wong.zip
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMDV5MnlmTVpuRFFBY21Jc3loR1E9PSIsInZhbHVlIjoienh0UXBaNTBxS3NXVUlXbDNRMlRsS3BtRU9IMEJnOEVsTEx2ZUdwRTBDQUl0SlFCUDVZM2JteGNRSm1PZytsYy9sSnJFc3gvYnhZLzNqRGVERGRpdWtqYVl1cnlQUW9BdTQ3NkN1ZEhaY1RtTTA0YUdLTW5HcHUrdFNqcTJ0OVciLCJtYWMiOiI1Yzg1ZjZiMGJhYjJkZTQ4ZjQ0MzAzNjk5YWU0N2M2ZmYzMzMxOWNiMmI3OTZkMDc3YTdkNjMxZmY3ZTlmMGY5IiwidGFnIjoiIn0%3D; epicloadcom_session=eyJpdiI6ImNJU080NEtYNmwzVHBManpwYkxjbHc9PSIsInZhbHVlIjoic1Q5WC9yL3J3UVVsRnBUdjdSNXFrTUxjYi91eXNYWE5CcWJVaE9XNmhlZjJ6QlcrSUNPRmZ2RDkraTVVTExydWVNWlp5eUxIeVRYTnNXQXlLSHBWL0U5OXRKTUJhYkJIWVJvdnBVWWZlYndzREVWYVZ1SlA4MnFHUzM4dHVGVGQiLCJtYWMiOiI3M2I1YWZiNGFlNDhjZmE3NDg1Mzk3NjUxZjVlM2ExZjZlMTY3ZTdlMGI4NmVmOWRlOWJjYmRlMDc2MzMzZTJkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 21:40:53 GMT
content-type: text/css
last-modified: Sun, 16 Oct 2022 17:24:30 GMT
etag: W/"634c3e4e-50e4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGjiZqvI7GW5gEqq3Nt1v244%2FjnewLDJOMeX677XOsaTZ04lC7DQLkbkJNXVZtO0q6TX1WZXa3fCzqRoLQin%2FuwnuSHb8wRSodY42Pwxt2Jc%2FlG0c2vca6DzuUSRRDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79570bf6fd66fac4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML