Report - softenedcollar.com/wsf1nit26j?dev=r&gxqah=77&key=7ff94e9461629d2f54ff14725863196e&kw=["onejav","com","-","free","jav","torrents"]&pst=&refer=https://onejav.com/&res=7.31&scrHeight=1440&scrWidth=2560&ship=&tz=8&v=20.8.v.1

Report Overview

Visited public
2024-08-19 17:37:23
Tags
URL
softenedcollar.com/wsf1nit26j?dev=r&gxqah=77&key=7ff94e9461629d2f54ff14725863196e&kw=["onejav","com","-","free","jav","torrents"]&pst=&refer=https://onejav.com/&res=7.31&scrHeight=1440&scrWidth=2560&ship=&tz=8&v=20.8.v.1
Finishing URL
never2never.com/ALL-C2/index-no.htm
IP / ASN
192.243.61.225
#39572 DataWeb Global Group B.V.
Title
SEX DATING!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
r11.o.lencr.org	unknown	981 B	2.7 kB	23.36.76.226
singelstodate.com	unknown	593 B	1.1 kB	68.66.228.109
tsyndicate.com	13042	974 B	1.2 kB	46.4.114.55
ocsp.r2m03.amazontrust.com	unknown	338 B	942 B	54.230.218.11
r10.o.lencr.org	unknown	1.3 kB	3.5 kB	23.36.77.32
softenedcollar.com	unknown	3.0 kB	4.5 kB	192.243.59.20
never2never.com	unknown	10 kB	628 kB	104.21.73.52
o.pki.goog	unknown	325 B	699 B	142.250.74.131
ads.traffichunt.com	68632	464 B	757 B	107.23.156.77
www.googletagmanager.com	75	421 B	221 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-19	medium	softenedcollar.com	Sinkholed
2024-08-19	medium	softenedcollar.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	never2never.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js	ScriptElement	439 B	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen778 Hash 214043f54f832678850fca8c5e01f3a6 30a66237b506392e073971e55aff32b53367354c b4460c164ed593fcd7f1abc940c60890bccdf25cb31761e68cef2370f4ea6416 Loading...

	never2never.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js	ScriptElement	96 kB	2023-03-07	2025-03-31
Pretty URL never2never.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2025-03-31 21:30 Times Seen788 Hash 60710551d19f77e6496b01207365a0e4 837fcb824626afc559093c2c835f8fa064b72010 cb28bc8f8098b56206d0af5cda644951777e8d8fbc053c8ee3b88eca2bca4e3a Loading...

	never2never.com/ALL-C2/index-no.htm	ScriptElement	282 B	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/index-no.htm IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen765 Hash fc6d88580399436c7982d85867b5626d 1a534fca040fd9ea27cc378bfdaa842c4351f02a 4215d621eefa5c805c853b12b4f6bd69a8ed583130f372507a64128ff05d7785 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TMR4NP	ScriptElement	220 kB	2024-08-21	2024-08-21
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TMR4NP IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 10:21 Last Seen2024-08-21 10:21 Times Seen1 Hash 26d3efc760ec1f17a3e4b1c9f6bd724e 7a5edeaee09d0d1887b96e1fa7203fcd9f06ca66 37dfb21c9d3f4c9aac24ef1cf0f017f1a50bbe1b6c62ac1b482d956f1d4c973c Loading...

	never2never.com/ALL-C2/index-no.htm	ScriptElement	3.3 kB	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/index-no.htm IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen774 Hash 395e7a55cb02d8c58aeaa6854639bfcd 95f166c5bab7ddca8714505091d238ac5e675775 bf5f5dbb24973305dddf3514ebad216607114d15bf0682d3e9e2eece25745dd9 Loading...

	never2never.com/ALL-C2/index-no.htm	ScriptElement	19 B	2023-03-07	2025-04-27
Pretty URL never2never.com/ALL-C2/index-no.htm IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-04-27 22:30 Times Seen1174 Hash 8c224cde3b7d658749aeb97930395f6a 8c967cf6f32bcc87a44a1dbee74fc8b75f3d1a9b 76b420fe98146a6f6647792a8cf2bbc4ead5c4a33cc7bfdf1403abc7787c9edf Loading...

	never2never.com/ALL-C2/index-no.htm	ScriptElement	334 B	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/index-no.htm IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen764 Hash 27d31884a6866c7c46de6993ef6c4252 cf66cd1517520a7aa49e821c289024c501555b7d 23715e820b1d021e8ddae0e8de03bb79b9ab5d701e7898c30b83db3ce4c14e97 Loading...

	never2never.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js	ScriptElement	656 B	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen784 Hash a61d704122db565646eb89e6f96e2f2b 03730a50625daef938a880ae4bb90a2c79def1e5 7d38f99686fefc6855ad62b4827d3724d08c4e77744638b5a9ab2ca1609e71db Loading...

	never2never.com/ALL-C2/index-no.htm	ScriptElement	25 B	2023-03-07	2025-03-09
Pretty URL never2never.com/ALL-C2/index-no.htm IP 104.21.73.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-03-09 16:55 Times Seen767 Hash 527c16542dff022aade0b1d236538c2a 80050264540010ac514ee5e03d30f1b7dad020ca 4e64345f573a3e2a800ab5b7cd892c22f87a2090e26bb91e8dffc0ad8ddedb34 Loading...

HTTP Transactions (37)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
18cce98073c1bf25df62a3ca026dedbf
26ea37fc15ead14ac2047d074f6c4153d57775d0
c5fdde15e0dc09e045c2df21c77d2c87e6c7d4abe86048426f468fcd696054e0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C5FDDE15E0DC09E045C2DF21C77D2C87E6C7D4ABE86048426F468FCD696054E0"
Last-Modified: Sun, 18 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5922
Expires: Mon, 19 Aug 2024 19:15:38 GMT
Date: Mon, 19 Aug 2024 17:36:56 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50a89b39234eb6cc4eda70d7e27be17f
306340eb26b6817fd8851a085563a88eed7e2b6b
eaabd011ed0722deeee97e566b8318b17d8e993d31db4c2cc31cf0e3cd8191f5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EAABD011ED0722DEEEE97E566B8318B17D8E993D31DB4C2CC31CF0E3CD8191F5"
Last-Modified: Mon, 19 Aug 2024 12:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7137
Expires: Mon, 19 Aug 2024 19:35:53 GMT
Date: Mon, 19 Aug 2024 17:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
69a9603269726ce602d708bf57058c4c
8689e9ea81ea9636e7b08c3ed42650553a0c4e3b
1a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897"
Last-Modified: Sat, 17 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13660
Expires: Mon, 19 Aug 2024 21:24:36 GMT
Date: Mon, 19 Aug 2024 17:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
18f75729f3e25e2eb7f12b70dfce3849
479177b92dda7c4e8763c80a15cbc71c3386d06c
0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A"
Last-Modified: Sun, 18 Aug 2024 15:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4677
Expires: Mon, 19 Aug 2024 18:54:53 GMT
Date: Mon, 19 Aug 2024 17:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
89bf42e7f573a8ac26af63c47f6021fc
c38ad69bd303841c586722963c54e2cbfa45003f
08eeee8cfb80cdf25ce72a6d5ddab3acdc5293192095729df0519e6e73bfacdc

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "08EEEE8CFB80CDF25CE72A6D5DDAB3ACDC5293192095729DF0519E6E73BFACDC"
Last-Modified: Mon, 19 Aug 2024 12:14:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6376
Expires: Mon, 19 Aug 2024 19:23:12 GMT
Date: Mon, 19 Aug 2024 17:36:56 GMT
Connection: keep-alive

softenedcollar.com/wsf1nit26j?dev=r&gxqah=77&key=7ff94e9461629d2f54ff14725863196e&kw=[%22onejav%22,%22com%22,%22-%22,%22free%22,%22jav%22,%22torrents%22]&pst=&refer=https://onejav.com/&res=7.31&scrHeight=1440&scrWidth=2560&ship=&tz=8&v=20.8.v.1

192.243.59.20

1.5 kB

URL
softenedcollar.com/wsf1nit26j?dev=r&gxqah=77&key=7ff94e9461629d2f54ff14725863196e&kw=[%22onejav%22,%22com%22,%22-%22,%22free%22,%22jav%22,%22torrents%22]&pst=&refer=https://onejav.com/&res=7.31&scrHeight=1440&scrWidth=2560&ship=&tz=8&v=20.8.v.1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, ASCII text, with very long lines (655)
Size
1.5 kB (1496 bytes)
Hash
2552cd7d16cc84c8dff8aee2ce8b55e5
8fdbc1a24849b3c922ab88f15a9a8aca5ae45178
6038e72f898c0020571db7e64a49db708244d5af40be7606169a750261d5db91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wsf1nit26j?dev=r&gxqah=77&key=7ff94e9461629d2f54ff14725863196e&kw=[%22onejav%22,%22com%22,%22-%22,%22free%22,%22jav%22,%22torrents%22]&pst=&refer=https://onejav.com/&res=7.31&scrHeight=1440&scrWidth=2560&ship=&tz=8&v=20.8.v.1 HTTP/1.1
Host: softenedcollar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 19 Aug 2024 17:36:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=14217017; expires=Tue, 20 Aug 2024 17:36:56 GMT; path=/
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNDIxNzAxNywiayI6IjdmZjk0ZTk0NjE2MjlkMmY1NGZmMTQ3MjU4NjMxOTZlIiwic2lkIjoiIiwiaXNpZCI6MSwiYXNpZCI6MSwiemlkIjo3MDM4OSwicGlkIjo2MDIxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoid3NmMW5pdDI2aiIsImNwa3MiOnsiMjkiOiI4NmJlNzdkNjI2Y2I2NGM4ZTgwNmE5YjQ3ZjhlMGQ5ZSIsIjM0IjoiNjU4NTg1YjY0MGJlOWU2ZmU2MmE1MjVkN2Y1OWE0MDcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL29uZWphdi5jb20vIiwiYXIiOltdfX0.7cSYM2n_CEHc7gG_ihiL1cg_P56AyeExaQaepGggjSs; expires=Mon, 19 Aug 2024 17:37:56 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: fa5aa0fec306552c468c7779a93b9d27
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

softenedcollar.com/api/users?uuid=&pii=&in=false&ship=&token=L3dzZjFuaXQyNmo_ZGV2PXImZ3hxYWg9Nzcma2V5PTdmZjk0ZTk0NjE2MjlkMmY1NGZmMTQ3MjU4NjMxOTZlJmt3PSU1QiUyMm9uZWphdiUyMiUyQyUyMmNvbSUyMiUyQyUyMi0lMjIlMkMlMjJmcmVlJTIyJTJDJTIyamF2JTIyJTJDJTIydG9ycmVudHMlMjIlNUQmcHN0PTE3MjQwODkwNzYmcmVmZXI9aHR0cHMlM0ElMkYlMkZvbmVqYXYuY29tJTJGJnJlcz03LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNodT04MzMyZTEyMTEzMjM3NzExZWM5NjdiNDllMzI4MDc2Yzc0NTkxOTI3YzNiMmI2NjIyNGI0NjAwYTgxZmFmNjI0OTM0ZjZiZWM4NDNkOGU3YWZjM2I0MTU1M2JiODFhMDIxOThjMDBmNDQ3ZDYwYWFiM2NmNmMxMGY4MGUzYzM4NDFiOGYxYjU1Y2NmNWE3OTBjNzA0YjRiNzFjYzZlZjk5NmZmZGEyYTY5NDliMTgwYmYwNmM1NDkxZjAyNjE1JnR6PTgmdj0yMC44LnYuMQ

192.243.61.225

302 Found

0 B

URL User Request GET HTTP/1.1
softenedcollar.com/api/users?uuid=&pii=&in=false&ship=&token=L3dzZjFuaXQyNmo_ZGV2PXImZ3hxYWg9Nzcma2V5PTdmZjk0ZTk0NjE2MjlkMmY1NGZmMTQ3MjU4NjMxOTZlJmt3PSU1QiUyMm9uZWphdiUyMiUyQyUyMmNvbSUyMiUyQyUyMi0lMjIlMkMlMjJmcmVlJTIyJTJDJTIyamF2JTIyJTJDJTIydG9ycmVudHMlMjIlNUQmcHN0PTE3MjQwODkwNzYmcmVmZXI9aHR0cHMlM0ElMkYlMkZvbmVqYXYuY29tJTJGJnJlcz03LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNodT04MzMyZTEyMTEzMjM3NzExZWM5NjdiNDllMzI4MDc2Yzc0NTkxOTI3YzNiMmI2NjIyNGI0NjAwYTgxZmFmNjI0OTM0ZjZiZWM4NDNkOGU3YWZjM2I0MTU1M2JiODFhMDIxOThjMDBmNDQ3ZDYwYWFiM2NmNmMxMGY4MGUzYzM4NDFiOGYxYjU1Y2NmNWE3OTBjNzA0YjRiNzFjYzZlZjk5NmZmZGEyYTY5NDliMTgwYmYwNmM1NDkxZjAyNjE1JnR6PTgmdj0yMC44LnYuMQ
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectsoftenedcollar.com
Fingerprint78:F9:34:B9:DC:C5:CA:E3:77:61:C8:FC:4E:DF:55:AD:DD:ED:F5:81
ValidityThu, 01 Aug 2024 14:39:08 GMT - Wed, 30 Oct 2024 14:39:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?uuid=&pii=&in=false&ship=&token=L3dzZjFuaXQyNmo_ZGV2PXImZ3hxYWg9Nzcma2V5PTdmZjk0ZTk0NjE2MjlkMmY1NGZmMTQ3MjU4NjMxOTZlJmt3PSU1QiUyMm9uZWphdiUyMiUyQyUyMmNvbSUyMiUyQyUyMi0lMjIlMkMlMjJmcmVlJTIyJTJDJTIyamF2JTIyJTJDJTIydG9ycmVudHMlMjIlNUQmcHN0PTE3MjQwODkwNzYmcmVmZXI9aHR0cHMlM0ElMkYlMkZvbmVqYXYuY29tJTJGJnJlcz03LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNodT04MzMyZTEyMTEzMjM3NzExZWM5NjdiNDllMzI4MDc2Yzc0NTkxOTI3YzNiMmI2NjIyNGI0NjAwYTgxZmFmNjI0OTM0ZjZiZWM4NDNkOGU3YWZjM2I0MTU1M2JiODFhMDIxOThjMDBmNDQ3ZDYwYWFiM2NmNmMxMGY4MGUzYzM4NDFiOGYxYjU1Y2NmNWE3OTBjNzA0YjRiNzFjYzZlZjk5NmZmZGEyYTY5NDliMTgwYmYwNmM1NDkxZjAyNjE1JnR6PTgmdj0yMC44LnYuMQ HTTP/1.1
Host: softenedcollar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://softenedcollar.com/api/users?token=L3dzZjFuaXQyNmo_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0xNDIxNzAxNw
Cookie: u_pl=14217017; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNDIxNzAxNywiayI6IjdmZjk0ZTk0NjE2MjlkMmY1NGZmMTQ3MjU4NjMxOTZlIiwic2lkIjoiIiwiaXNpZCI6MSwiYXNpZCI6MSwiemlkIjo3MDM4OSwicGlkIjo2MDIxOCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoid3NmMW5pdDI2aiIsImNwa3MiOnsiMjkiOiI4NmJlNzdkNjI2Y2I2NGM4ZTgwNmE5YjQ3ZjhlMGQ5ZSIsIjM0IjoiNjU4NTg1YjY0MGJlOWU2ZmU2MmE1MjVkN2Y1OWE0MDcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL29uZWphdi5jb20vIiwiYXIiOltdfX0.7cSYM2n_CEHc7gG_ihiL1cg_P56AyeExaQaepGggjSs; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 19 Aug 2024 17:36:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://singelstodate.com/base.php?c=4466&key=2c1b613a024e60e948a357c16c51a854&plc=14217017&subs=&ban=3051235
Set-Cookie: iprc7653e6338c828e05bcd886e1cec44f97=5457396; expires=Tue, 20 Aug 2024 17:36:57 GMT; path=/
pdhtkv=true; expires=Tue, 20 Aug 2024 17:36:57 GMT; path=/
uncs=1; expires=Tue, 20 Aug 2024 17:36:57 GMT; path=/
pdhtkv28=true; expires=Tue, 20 Aug 2024 17:36:57 GMT; path=/
uncs28=1; expires=Tue, 20 Aug 2024 17:36:57 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 081cf5ede87d28796b46e898130c26ae
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

singelstodate.com/base.php?c=4466&key=2c1b613a024e60e948a357c16c51a854&plc=14217017&subs=&ban=3051235

68.66.228.109

302 Found

0 B

URL User Request GET HTTP/2
singelstodate.com/base.php?c=4466&key=2c1b613a024e60e948a357c16c51a854&plc=14217017&subs=&ban=3051235
IP
68.66.228.109:443
ASN
#55293 A2HOSTING

Certificate
IssuerLet's Encrypt
Subject*.singelstodate.com
Fingerprint21:9D:6E:3B:7A:27:A1:9D:E8:5A:7F:5D:0D:E2:59:F0:73:61:51:B2
ValiditySat, 29 Jun 2024 06:38:21 GMT - Fri, 27 Sep 2024 06:38:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /base.php?c=4466&key=2c1b613a024e60e948a357c16c51a854&plc=14217017&subs=&ban=3051235 HTTP/1.1
Host: singelstodate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://softenedcollar.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
set-cookie: PHPSESSID=5c4de3e069504ad08691a85ba4ed3fb8; path=/; secure
cpvlabclick=YTlpbDNhN2tfNDQ2Nl8yNjkxNl8zNzQwOV8zMzMzMjYyM184; expires=Wed, 18-Sep-2024 17:36:58 GMT; Max-Age=2592000; secure; SameSite=None
cpvlablevel=1; expires=Wed, 18-Sep-2024 17:36:58 GMT; Max-Age=2592000; secure; SameSite=None
cpvlabclicks=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; SameSite=None
location: https://never2never.com/ALL-C2/index-no.htm
content-type: text/html; charset=UTF-8
content-length: 0
date: Mon, 19 Aug 2024 17:36:58 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9401
Expires: Mon, 19 Aug 2024 20:13:39 GMT
Date: Mon, 19 Aug 2024 17:36:58 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9401
Expires: Mon, 19 Aug 2024 20:13:39 GMT
Date: Mon, 19 Aug 2024 17:36:58 GMT
Connection: keep-alive

never2never.com/ALL-C2/Image/2.jpg

104.21.73.52

200 OK

22 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/2.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
22 kB (22496 bytes)
Hash
47d593c74044f2a192085257c67b1e07
1059878b933e61c123ccdfbb6da3941363a08b70
cd11ce18fcb7d51524156a0b7769900c08ef1f080fa9eb79907965c9b2f5c54f

HTTP Headers

GET /ALL-C2/Image/2.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 22496
last-modified: Tue, 27 Feb 2024 10:13:44 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5833
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djtiNm3CIzPejobD8TZXi9mOAy5rmBO0vjyxirRrIoo1Q1FbMDiPO2aMUAqVnOJR0ekZvnp8aXRbMBM4B9P77d8EhQ7DVR4VacFH4JUrZ2Aaig9jhHKREDgMJTVBTrqGh9w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc790b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/3.jpg

104.21.73.52

200 OK

30 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/3.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
30 kB (29911 bytes)
Hash
56db82910f76fe7d59cba458a17970b3
d748b32b4a0dbc278f87a2e9d2b468e641a9f9d0
74257146a10a93e4d43b572f42fe22e949797082078a3719511d5e571a9b549a

HTTP Headers

GET /ALL-C2/Image/3.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 29911
last-modified: Tue, 27 Feb 2024 10:13:45 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2829
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FN52XtiNnmq2xYczY6WmMZm5J2gHLOtUSwMGGKYCOC7bkvtv8HI2eJS6rQ90ABhzvplZjeO929Hvv7Ap%2FWLbS7EYidIXE0TMjMAtFwogWM48P1Fvm5MVZjFLQxjip3YBjPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc7a0b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/4.jpg

104.21.73.52

200 OK

35 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/4.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
35 kB (34786 bytes)
Hash
043696db7ed948497328831799fbd89e
9aa73d3e99241defda1fe290b0b6c6247bc03174
9dd19012c59ab11ff01ed222feac5b39adbfc75311748de84f94d10f8691020c

HTTP Headers

GET /ALL-C2/Image/4.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 34786
last-modified: Tue, 27 Feb 2024 10:13:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2829
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xwGl3vYgJtuukRxY5J0nF9nGJ1OGyoGOagO9%2BGq5AaaW%2B67d4lNvGI3S74lrpoe7zXWyXj8xftTDTMtvk%2FJuiDu2ig%2BWNEjRwIoJob8sUimaw6I4Bl2Me3ZChVvCsICOcN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b00c7b0b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/5.jpg

104.21.73.52

200 OK

41 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/5.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
41 kB (40890 bytes)
Hash
bf013d4ebdfddcf6de1101b1982515b4
b0da1c9301b8cfd248a909c249b4234fb566c48b
f60d846147bcfaad8ecb150fabf90ead601aff0e7a575c5201312c50f920304e

HTTP Headers

GET /ALL-C2/Image/5.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 40890
last-modified: Tue, 27 Feb 2024 10:13:49 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1137
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lp4fIOpdaqNav%2BGsyHWYwAWBH2Wjh%2FaLbOSmC8qQnjr4EolV%2F%2FT6slV1GjxgjI%2BQBGLfQJcB9GJh8Oepq3RMiDaBv3uxTmhcK1OxyEmZmY8S0diJzpDoPpr9QQVQHa7Zvgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b00c7d0b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/6.jpg

104.21.73.52

200 OK

16 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/6.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
16 kB (16169 bytes)
Hash
aef0fdc85ace36ccdaa77d5f61c3ec2a
eac5ed946a1b9dae710fadfe95d87e1d19a00ca7
88cfaeb3e79a71fc7ff180de55abcd7050357ede78abd83a484f9eb3d68b4c0f

HTTP Headers

GET /ALL-C2/Image/6.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 16169
last-modified: Tue, 27 Feb 2024 10:13:50 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1137
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BbP75jo6ljmeC4UR5ApNy8%2FdqSrMVTA8bApJhBKXroSSNxZ0dUY2TluZDYcvS1wNoI6OiBekj9rG9icLirIMLl0BngL4jwaClCv4534LmsPsq0OnxBJqlhsDBNrhkEZrwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b00c800b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/1.jpg

104.21.73.52

200 OK

41 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/1.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
41 kB (40611 bytes)
Hash
2406e5669cb75853b085400248d1622f
d84da06636acf5c3597bd6a62e8ce8ef1ee3287a
f0657a5cc4a40ab3b76d476f91bce56eddaa44dc15db329a9bad4f9cb1da8787

HTTP Headers

GET /ALL-C2/Image/1.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 40611
last-modified: Tue, 27 Feb 2024 10:13:43 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5833
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YopuO8s9M9bQikqH36rqgfrM1Am5biwh5qB4Vb7dfT9vyez%2BixsVvRfRKHhdjTTldlGyTit1QHx3ohcvkAJ%2BTyv1naF0mJvSGYn8CaKCnTsDHEP0wVuWVfxcRzzwc%2B8Xk8k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc780b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/7.jpg

104.21.73.52

200 OK

31 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/7.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
31 kB (31122 bytes)
Hash
9060c63a6ea2eea5af82884a9e08622a
5aae2dc9c2b29c4449b0f426e2d78fb25a9e9ae3
ba0ece8e00c4d638ff2f4f316a300c075119f941a9a0562eca78038e60eb5c94

HTTP Headers

GET /ALL-C2/Image/7.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 31122
last-modified: Tue, 27 Feb 2024 10:13:51 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1137
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=psRfhZKHaM%2FcvUddVD56%2F%2Fv3RtpLK7o1IoSKo2nJbZC64OuWvVIXZHmi7fLyHwK%2BkieKSR81pljW%2F%2Fc8WvVeyugNDjAr5WmlcxmsgPgiDf8ZWUkWJml%2By0pgeZW2Nau1VLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b00c860b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/8.jpg

104.21.73.52

200 OK

34 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/8.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3
Size
34 kB (34489 bytes)
Hash
ad047e5458e605126d282fd4888f61f1
23c3c0c25957e8041e4a5726513d59a62a94a12c
f8614fba335c92e0e4ff4398b056a32bbd5ef8f91930bf9e81d3b5a7bc6f272d

HTTP Headers

GET /ALL-C2/Image/8.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: image/jpeg
content-length: 34489
last-modified: Tue, 27 Feb 2024 10:13:53 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1137
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nJFY%2BabjlbbUdq6mJL6Ux%2FJ9As%2B84Ab1lVKDaMq%2F7NadElEl%2BxK6cy4OOnpRumnhs22RwkkZY1Pz%2BXc82WvLz%2F6RPReJwpX4mauEu%2BNwWMfIsD4Y35Cu%2BAl%2BZ5OSWQIRxkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b00c900b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css

104.21.73.52

200 OK

63 kB

URL GET HTTP/3
never2never.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
ASCII text, with very long lines (5562), with no line terminators
Size
63 kB (62903 bytes)
Hash
42e60f03d305141c7c1c2c48637b7327
852ae2cfcb8a185bb3119c5bd9630f1ab7891d69
cc8c755fbcfe4a1bb14ee07b3f6fe5ccb4c51a5fc4e9b77642093fe3e7aadf5b

HTTP Headers

GET /ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: text/css
last-modified: Tue, 27 Feb 2024 10:13:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5833
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUwwMXfB%2BNQLQw1StHnnAJT5yk7EKpJICDEXSdAbiSG53oDwYNK0l23PHJuiP7XcgnkxJ0nMBr5K%2FnNnQmq6LM8qVLJIT9vcs80P1f2nVx5ksHPd1CuORLP%2BsU%2FK9wEPA3Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc710b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/index-no.htm

104.21.73.52

200 OK

4.2 kB

URL User Request GET HTTP/2
never2never.com/ALL-C2/index-no.htm
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3322), with CRLF line terminators
Size
4.2 kB (4152 bytes)
Hash
07e5d4fc054403b268a9726fc3a34b3c
7d7b76726fe8ec4b252ea40e05a98ca74cd879dd
638dc280a6f8575970cb54434bb6d846d6c5fd36519b6e3680701ee4c6317d0b

HTTP Headers

GET /ALL-C2/index-no.htm HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://softenedcollar.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: text/html
last-modified: Tue, 27 Feb 2024 10:14:11 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BC%2BXztU%2F1gKtFPC1ebbGE7teINTKb%2F2FKixi%2BSYWInBxE9dtAQbWvXWccnKlTvgxYaZNvNoJdQeFy5yrb7IYv6m7DRBNadJRZBcKVLMxrIFNdAjx6sn3ENWqGLKuK8crVp4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b5be8ad29195688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

never2never.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js

104.21.73.52

200 OK

109 kB

URL GET HTTP/3
never2never.com/ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108550 bytes)
Hash
60710551d19f77e6496b01207365a0e4
837fcb824626afc559093c2c835f8fa064b72010
cb28bc8f8098b56206d0af5cda644951777e8d8fbc053c8ee3b88eca2bca4e3a

HTTP Headers

GET /ALL-C2/Javascript/jquery.695b55bf947b588e5fad6be1acfdc1f6.js HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: application/javascript
last-modified: Tue, 27 Feb 2024 10:14:22 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ReIIQgD%2FRcJ4udRr4U9BVFFVSX%2BOxyZZCvTDIZp%2Fhucs8nRTWbfzB6umKOS3nrCKSwKNpehb0NH5HNoQsFeIsBYbjBG64%2F7EA%2BTy5LLuN%2BP0q%2Fp4C8CAgY31YfPh6lPVAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc730b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
67b85fd468e50f3b0c89587d6c40e6f1
0ec04bd08b355fc00db61887b21e6988edc0f398
370cfaa819cc1fa7aae490331ea623d9bc4d191ed47ef313cb1fed31af4efe74

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Aug 2024 17:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1631282658

46.4.114.55

200 OK

43 B

URL GET HTTP/2
tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1631282658
IP
46.4.114.55:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
Fingerprint4D:12:60:AA:74:8F:2E:44:38:74:D2:5E:33:2E:CB:10:F3:F5:0A:39
ValidityMon, 12 Aug 2024 09:07:54 GMT - Sun, 10 Nov 2024 09:07:53 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ba036c43037cfe89320d1ef7b64cd43f
88c72d3e26047eb1e45e5564a76427734f120efe
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb

HTTP Headers

GET /api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=1631282658 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: image/gif
content-length: 43
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
set-cookie: ts_rt_06eb0705-463f-4b96-836b-64bf3cfa8631=AM_QaTNGTI8YNmbEkIFDho0aOAIC; expires=Tue, 19 Aug 2025 17:36:59 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

never2never.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js

104.21.73.52

200 OK

935 B

URL GET HTTP/3
never2never.com/ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JavaScript source, ASCII text, with very long lines (439), with no line terminators
Size
935 B (935 bytes)
Hash
214043f54f832678850fca8c5e01f3a6
30a66237b506392e073971e55aff32b53367354c
b4460c164ed593fcd7f1abc940c60890bccdf25cb31761e68cef2370f4ea6416

HTTP Headers

GET /ALL-C2/Javascript/error.1c4710d4434f595f8a835f40daa776b8.js HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: application/javascript
last-modified: Tue, 27 Feb 2024 10:14:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwTioCXVZ4qku2%2FcYKB8RTc1HSPLgAKXjzjy5kMR%2FX9d%2BvETb8l7PIRnYr0s0%2BthbVu3mbjyeZs9xEPdE7Wqq1QBZI%2BgRNunkz6Y9gfJUFf7b%2BjsWUAoUAtTe1GvWqAY2iM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc6a0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8c05522a2e04a86a44e999b7f061a84e
b3e9a3bec140dcdf8c351cf790b511ec3f480135
c0494f48551a82b40e668ce86d212a295c62994fc65f168fefca0a85b63dfb94

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 19 Aug 2024 17:36:59 GMT
Last-Modified: Mon, 19 Aug 2024 16:02:04 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xpaL2p6NaBxpQyaPKE4mNh7w2WenqSYjBiZ3lAIFltMU_M-C3rq_7w==
Age: 5695

never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css

104.21.73.52

200 OK

12 kB

URL GET HTTP/3
never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
ASCII text, with very long lines (500), with no line terminators
Size
12 kB (11532 bytes)
Hash
d27807a5e380abceff57872d83c7c4e5
f166a734c87196ef7d87ff2c8b0c2ceca7eac271
d415bede567d42f1f937691235fcbd91cc80b2ef2d48bc238dd997ee1da130b8

HTTP Headers

GET /ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: text/css
last-modified: Tue, 27 Feb 2024 10:13:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5833
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNV6ajSQWSrrwbzaocBlkeH14zTJ3a0Jm93Nyz9Hw0Rhz4KuWFAjZrg1IEvGv8GWLFBL%2BFixU9rX1Wh6HVK4MU4koWTcKk4d3QPNxCjBnghfv0I%2BFScvc53GcLuqzgCUwdc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc6f0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css

104.21.73.52

200 OK

113 kB

URL GET HTTP/3
never2never.com/ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
113 kB (113146 bytes)
Hash
7014b18fd53c1230fcac0d5a10bbc92e
e41f7322ac46299c2f444e0668b5a877c252f3fa
957ec84708a01f197df5ac2f01abf9b966afd696f711eb200ebafdd8fceaadd2

HTTP Headers

GET /ALL-C2/CSS/bootstrap.47407f28f6b047490b60b0854c97a929.css HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: text/css
last-modified: Tue, 27 Feb 2024 10:13:37 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5833
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O6fLmrvacVrYiK9N09eWlnXcZ9I4zmQsOCLe5QZfVcGJ3sqNIQE5aARYipItfVlWCrfgyIEEhH1l7Kuq2xWQgyrKMFj6uXBO6O6vpu7Ngb4d8JlMpgwTSTVXLxz2EOzjH6I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc6c0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/maincontainerPicture1.jpg

104.21.73.52

200 OK

61 kB

URL GET HTTP/3
never2never.com/ALL-C2/Image/maincontainerPicture1.jpg
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 792x1103, components 3
Size
61 kB (61278 bytes)
Hash
926894b12cfdf2cd3f04ebe2b25800c0
3b9a12994076ec004248e64f93a9d1697b07d98f
be01e5eafebe629f566093af14700274b908f7f4d572b2e3e5a1fa3b43bba6fe

HTTP Headers

GET /ALL-C2/Image/maincontainerPicture1.jpg HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/CSS/style.a699b1caf61e690ba1b00116d51c9269.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: image/jpeg
content-length: 61278
last-modified: Tue, 27 Feb 2024 10:13:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYa3K7ESsTY0cLV8SD4BD%2FzxXPOti%2BaM3TW42AWqY5rOlAKXalxhIFlRLeoh9kk3eviGBq47zBaq5sO7hLAAqZjI01GwSAAeZZHzEbkbN%2FdCpYzGx6ZOxxCwV4eDLPhgAEE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b0cdaf0b69-OSL
alt-svc: h3=":443"; ma=86400

ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3&gtmcb=267074890

107.23.156.77

200 OK

0 B

URL GET HTTP/2
ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3&gtmcb=267074890
IP
107.23.156.77:443
ASN
#14618 AMAZON-AES

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerAmazon
Subjecttraffichunt.com
FingerprintFB:E0:74:3B:A7:41:0E:9C:CC:0F:49:8F:DA:FB:E6:8D:2E:31:F8:52
ValidityWed, 29 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adv_ret/?adv_pixel_id=861&nid=3&gtmcb=267074890 HTTP/1.1
Host: ads.traffichunt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 19 Aug 2024 17:36:59 GMT
server: nginx
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
set-cookie: new_adx_profile_guid=1d7db233-bce3-4ccc-a98e-e038aa5a8086;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_daily_rt_0=861;Max-Age=22980;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
3.adx_rt_0=861; Max-Age=7776000; Expires=Sun, 17 Nov 2024 17:36:59 GMT; Path=/
3.adx_daily_rt_0=861; Max-Age=22980; Expires=Mon, 19 Aug 2024 23:59:59 GMT; Path=/
adx_profile_guid=1d7db233-bce3-4ccc-a98e-e038aa5a8086; Max-Age=7776000; Expires=Sun, 17 Nov 2024 17:36:59 GMT; Path=/
X-Firefox-Spdy: h2

never2never.com/ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2

104.21.73.52

404 Not Found

315 B

URL GET HTTP/3
never2never.com/ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /ALL-C2/Image/CWB0XYA8bzo0kSThX0UTuA.woff2 HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ivZkzZvtw7hE7qESLxOYnwccTxQ6UE6unp7nhW5ADg%2F%2FKMBlPL9UginW7yy0Xmn59Lf1tOla29AwNhTD%2Flcr9YsQnKkXPs87ptdTfIhVA%2F7l7oIAR%2FrUCoosjftfhDcyCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b0ddba0b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js

104.21.73.52

200 OK

656 B

URL GET HTTP/3
never2never.com/ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
JavaScript source, ASCII text, with very long lines (659), with no line terminators
Size
656 B (656 bytes)
Hash
553653151691538ba5638ae536836742
0f339b674ead22ab107b5a9b4c980eab0d369adc
4dbbcf10a17424e0dcf6a2bcffee555989aba1ebac97f7cfb606ea80eecef896

HTTP Headers

GET /ALL-C2/Javascript/main.7d815901029a10bbd862c4f5e3ada540.js HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 19 Aug 2024 17:36:58 GMT
content-type: application/javascript
last-modified: Tue, 27 Feb 2024 10:14:23 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i5pgV6xvvlAyu8xLNX7ruVR26dv%2B9BzyuD6iR44vpLvOwg34tgCGom1pgxuN%2FAulcOeNFLN3KpWf49hxeWP3QkOM6UC%2Bkas6%2FWzCA5sOn2dEkksTRsaFhACQCkWX%2F1jAm8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8affc760b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2

104.21.73.52

404 Not Found

315 B

URL GET HTTP/3
never2never.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /ALL-C2/Image/mnpfi9pxYH-Go5UiibESIltXRa8TVwTICgirnJhmVJw.woff2 HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76BWrdyeJheflSPCESdoaGNA4iLsfbUfUcwnYpPaHfDkld61hiri78H3dqz%2FDJwtpA5MrpayOxIK%2BtgppjM9PGTG4J9KJ7VtmKbVvEssqNBUMy5fygDJD8y44Id70gVN4BE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b0ddbe0b69-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtm.js?id=GTM-TMR4NP

142.250.74.168

200 OK

220 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint27:BF:6E:8E:D6:51:1C:C5:B2:CF:E2:E9:0F:87:D0:F3:33:23:E7:37
ValidityTue, 30 Jul 2024 12:32:47 GMT - Tue, 22 Oct 2024 12:32:46 GMT

File type
JavaScript source, ASCII text, with very long lines (17349)
Size
220 kB (220264 bytes)
Hash
26d3efc760ec1f17a3e4b1c9f6bd724e
7a5edeaee09d0d1887b96e1fa7203fcd9f06ca66
37dfb21c9d3f4c9aac24ef1cf0f017f1a50bbe1b6c62ac1b482d956f1d4c973c

HTTP Headers

GET /gtm.js?id=GTM-TMR4NP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Aug 2024 17:36:59 GMT
expires: Mon, 19 Aug 2024 17:36:59 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Aug 2024 16:06:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74326
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

never2never.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff

104.21.73.52

404 Not Found

315 B

URL GET HTTP/3
never2never.com/ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /ALL-C2/Image/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jJBdA0xhn3zaYb8FBMKKt8Og8TiaU%2FYuTUSHssTtiLUMMG4d%2Bj7BkPx7BCo9P5iaqwurhM8CoMj48xz%2BKXfF3fNdUdm6SJKxTXAfnI5XswHlljPHqL4gYCr1R%2BUJw7Ym7KM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b23f590b69-OSL
alt-svc: h3=":443"; ma=86400

never2never.com/ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff

104.21.73.52

404 Not Found

315 B

URL GET HTTP/3
never2never.com/ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /ALL-C2/Image/2UX7WLTfW3W8TclTUvlFyQ.woff HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/CSS/css.e2f687a79a5c017217d9bc8f923fba6a.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gyuzki0Hmhor%2BFZa3sg%2F2Oko4P84ThL%2BW5qC2E%2Fm8a7iO26cfleaY3fePonZFXQEgy4R%2BjfCHyjwc5siWZoj5oi3ElSnWObbLzeSSuxPa850hYppd9BC8HFchRfWd47RtVA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b5be8b1ceed0b69-OSL
alt-svc: h3=":443"; ma=86400

tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1016440199

46.4.114.55

200 OK

43 B

URL GET HTTP/2
tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1016440199
IP
46.4.114.55:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
Fingerprint4D:12:60:AA:74:8F:2E:44:38:74:D2:5E:33:2E:CB:10:F3:F5:0A:39
ValidityMon, 12 Aug 2024 09:07:54 GMT - Sun, 10 Nov 2024 09:07:53 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ba036c43037cfe89320d1ef7b64cd43f
88c72d3e26047eb1e45e5564a76427734f120efe
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb

HTTP Headers

GET /api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1016440199 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: image/gif
content-length: 43
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
set-cookie: ts_rt_e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70=AM_QaTNGTI8YMGLYoEEjYY4cAQE=; expires=Tue, 19 Aug 2025 17:36:59 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2

never2never.com/ALL-C2/favicon.html

104.21.73.52

404 Not Found

315 B

URL GET HTTP/3
never2never.com/ALL-C2/favicon.html
IP
104.21.73.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://never2never.com/ALL-C2/index-no.htm
Certificate
IssuerGoogle Trust Services
Subjectnever2never.com
FingerprintC9:E2:3D:DB:11:68:E6:36:6D:D9:02:85:AE:61:ED:DC:26:D6:F1:63
ValidityTue, 02 Jul 2024 14:42:41 GMT - Mon, 30 Sep 2024 14:42:40 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /ALL-C2/favicon.html HTTP/1.1
Host: never2never.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://never2never.com/ALL-C2/index-no.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 19 Aug 2024 17:36:59 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UTExxwDou4EjdcidulZv9QBQidcmDovOKrtA69uAhfQTaUJYAdytTmmsavpBu3SLCdDq0bic9A%2FnLaAmNhVhwhzDbersTH1fHtR5Yiyhj4o4tW4BlEIQOoNYd6ceRwjrbys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b5be8b4bac20b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (37)

URL

IP

ASN