r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5030
Expires: Sat, 28 Jan 2023 22:40:57 GMT
Date: Sat, 28 Jan 2023 21:17:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5814
Expires: Sat, 28 Jan 2023 22:54:01 GMT
Date: Sat, 28 Jan 2023 21:17:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 20:43:06 GMT
content-type: application/json
age: 2042
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9356
Expires: Sat, 28 Jan 2023 23:53:04 GMT
Date: Sat, 28 Jan 2023 21:17:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7STu3gsZUPTmc8bS5RndHruYz9EjSsWWPgg5yzqCGdKO0tOJOb+lnF0hLh3p0qhihwOj/xCIpUg=
x-amz-request-id: M398K4WWQXYMS705
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 20:50:03 GMT
age: 1625
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 21:17:08 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 20:41:40 GMT
age: 2128
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4514
Expires: Sat, 28 Jan 2023 22:32:22 GMT
Date: Sat, 28 Jan 2023 21:17:08 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1zFHxl/HIpzvOdOx30zGsQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /SiRE8xh5jcYfXe5ToHH0vmGkdw=
apps4win.com/empire-earth-3.html
200 OK 14 kB URL HTTP/1.1 apps4win.com/empire-earth-3.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10494)
Hash d61bc6080ffc43866df835b84d1ab6e6
227465eeaebd44b28303f99b13acd7cc108b0ac3
f48c3254bb861e4115e56c6b94b0fa2329152012f85595b77a814f027b7aa2dd
GET /empire-earth-3.html HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Railgun: direct (starting new WAN connection)
Link: <https://apps4win.com/wp-json/>; rel="https://api.w.org/", <https://apps4win.com/?p=8260>; rel=shortlink
Vary: Accept-Encoding
X-Litespeed-Cache: miss
X-Litespeed-Cache-Control: public,max-age=604800
X-Litespeed-Tag: 70f_HTTP.200,70f_post,70f_URL.dccd39d262f5e16bce837b2d63d55d0b,70f_Po.8260,70f_,70f_MIN.bb4520bc4b168737adf3c63ccc6ba45e.css
X-Powered-By: PHP/7.4.33
X-Turbo-Charged-By: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGWvtiCD%2FkZKzNeIp7TR4YNOVglqixuEhmC2VttlrVRAtDfTy01ANAcoRf1HAB8E5FmeyJwYXTNPHdoMZoZsnCQyhyevM1%2Bge5hUVr%2B1fdrO10xzXcr8BUo9gnUqjoI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0cb0aedb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash e361e8b487c842a2eb9e3b5f598b2463
3cb554f848236623ea2186aa029f0414875a4623
56cc91487a0b105e91054608d691c2a56ba5fecc0d6e15184784c2009088c687
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "56CC91487A0B105E91054608D691C2A56BA5FECC0D6E15184784C2009088C687"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14474
Expires: Sun, 29 Jan 2023 01:18:23 GMT
Date: Sat, 28 Jan 2023 21:17:09 GMT
Connection: keep-alive
apps4win.com/wp-content/themes/astra/assets/js/minified/style.min.js
200 OK 3.0 kB URL HTTP/1.1 apps4win.com/wp-content/themes/astra/assets/js/minified/style.min.js
IP
File type ASCII text, with very long lines (10239), with no line terminators
Hash 20d05c9503d7852ddb7da295f14ce21d
4b627479a86af772d37befef754f9d351d64a2b1
5cc2d833c811a1e431d013e84ea76a3293cba47344f56a9f19f9e9c162e1d7a1
GET /wp-content/themes/astra/assets/js/minified/style.min.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 3045
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Wed, 21 Aug 2019 07:01:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVaSPNLn1aAjoFNXCy6SV%2BUQWZKAalIm81gaLyXlATPkkxBXNstH6YF5SRGe3DHN1EVp70g73GrX8gMJ4mrThGskaWVjORM9dgwnqhtMFDwg0fJqdUqnHYeJTAl3Rz4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d50c7ab512-OSL
alt-svc: h2=":443"; ma=60
apps4win.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js
200 OK 9.2 kB URL HTTP/1.1 apps4win.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js
IP
Hash cbf74ed1634b0be0214e1229e22f5e71
1b7b072a20b2ec3898995b0689964d3faeaa4bc5
0a3b9d51ceb55ea639ae12707040300af348c0924c87cb60094b4c88c932d2e8
GET /wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 9204
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Wed, 25 May 2022 13:32:13 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWVI4EzAQQrER%2F%2BGzXJywyMjRnQd0oj7Lv837Unomo3MO8CcuXm9TtUD%2F4c0m%2FTsMxymqtcDUW%2BJlUAAE8ozS4oySjamaVxHPPNUg0ui7o9QBxbJEzaN0IKqYsnRaEY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d4feba1c0e-OSL
alt-svc: h2=":443"; ma=60
apps4win.com/wp-includes/js/jquery/jquery-migrate.min.js
200 OK 4.3 kB URL HTTP/1.1 apps4win.com/wp-includes/js/jquery/jquery-migrate.min.js
IP
File type ASCII text, with very long lines (9959)
Hash 481f980fc669b7b40694394421813cf5
e6eb02466e5242666924567e4de8c9f8a39913ef
4b37967650498f93eb3cf92be96b598a5a34e3dccba8b5f76620eea01be44051
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 4251
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Fri, 20 May 2016 18:41:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWFLD%2FJbkILMBcNREtGicufnsIw74mj5jqLwZpYwFXVNTUpcyKXQQAl0TlhunZ2PzYsJGepnS5cR%2B23LebhGcEy%2FqQ5MB4suwWxXnZKZP5pUDv%2Bit4cb2JmA5aUdoMs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d4fa7bfab4-OSL
alt-svc: h2=":443"; ma=60
apps4win.com/wp-content/plugins/mystickysidebar/js/detectmobilebrowser.js
200 OK 1.4 kB URL HTTP/1.1 apps4win.com/wp-content/plugins/mystickysidebar/js/detectmobilebrowser.js
IP
File type ASCII text, with very long lines (2065)
Hash 7212a84c131807b7f9c4922ba0a45f3c
addcd775b4418810e304bad0f201cf2f56615ba4
adbdc0da133f2762d04c74a6d7ad4ba989d2e2fc3fd1f3fc22c132dd90b71332
GET /wp-content/plugins/mystickysidebar/js/detectmobilebrowser.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 1381
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Wed, 25 May 2022 13:32:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VaCLo9UPq8tEahVfV2sS5d5uPxhsa97BabgCsv%2Bj3Q80pWAIrc2mv852HjzNgYDWpmAk3KeWjaE8KSTqE8qGibnCFCZS0W2Gmjm5OjNk%2BFx7X0P22CvYawcaSIdf0SY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d50f57b515-OSL
alt-svc: h2=":443"; ma=60
apps4win.com/wp-content/plugins/mystickysidebar/js/theia-sticky-sidebar.js
200 OK 4.6 kB URL HTTP/1.1 apps4win.com/wp-content/plugins/mystickysidebar/js/theia-sticky-sidebar.js
IP
File type HTML document, ASCII text
Hash ff710cd88d8b37787e20058120af5d82
2cccadbfb69923e9fb371beb51a2b93b4457e3fb
bb855db796648b638357b33007a9d5f67b36dee2ebc54ecdbb5f824a1a843855
GET /wp-content/plugins/mystickysidebar/js/theia-sticky-sidebar.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 4585
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Wed, 25 May 2022 13:32:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojOelqipnN486gjGKiw2ED5BEIEoMtCm3I7EwE1j%2FZflAvsxbL8iwW73kszmLcf0ZBLzmAPn1zQ%2BtGtKsBVFsH8RdnfI%2FwNER9Lbbh2IuqEbrwPaoTx2LXFj35XiIlU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d50de4b50c-OSL
alt-svc: h2=":443"; ma=60
apps4win.com/wp-includes/js/jquery/jquery.js
200 OK 38 kB URL HTTP/1.1 apps4win.com/wp-includes/js/jquery/jquery.js
IP
File type ASCII text, with very long lines (31997)
Hash ae1d8396fa7a2c9e1b596ed4e3319fbd
5d83ee734228e0b4d4b42fb9d57599a011f12c2e
073e20dc911daf41506f642f26380f8a8f793dd2dbc603d12eb6d5727bbc2b04
GET /wp-includes/js/jquery/jquery.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Content-Length: 38045
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Sat, 18 May 2019 05:38:54 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YcEYqKuRAmo9bbPtaVoikFhrHNVPfKsShqaOvT5UO%2B3SDhJMKUEG1DWp6%2FVTBvNRNjBDA%2BAarVxPL9ouv3mUbKLrCPeIDI05BQjHm7MUiavz3M0LGNDHxZ65yZDGr9w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d4fa3bb4ff-OSL
alt-svc: h2=":443"; ma=60
brotherhoodonionbuttons.com/5d/85/a8/5d85a8e9fe98ee92f1aba3ee2351ea5d.js
200 OK 13 kB URL HTTP/1.1 brotherhoodonionbuttons.com/5d/85/a8/5d85a8e9fe98ee92f1aba3ee2351ea5d.js
IP
File type ASCII text, with very long lines (37150), with no line terminators
Hash bda1049ec66d27224c9aa77bf35e36e3
8862bf33d769831f7f5e252d43acb8baf7cd001b
51a97ddf23b4ecadd8b0ac04b71740715a695cf18f7a74be3e3cc8e0e5c7cfdb
GET /5d/85/a8/5d85a8e9fe98ee92f1aba3ee2351ea5d.js HTTP/1.1
Host: brotherhoodonionbuttons.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 30eed861b671d6be68b7597ecf668573
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
apps4win.com/wp-includes/js/wp-embed.min.js
200 OK 751 B URL HTTP/1.1 apps4win.com/wp-includes/js/wp-embed.min.js
IP
File type ASCII text, with very long lines (1391), with no line terminators
Hash 204c443a7de1de1504250d7d7afa5b37
9293366ded99791e97c79efd0033faccb4bfae58
3aa9d181f5425f879e8bc828dfbe4b3a8d2e2b44444cad4fd9edcb5555b0b522
GET /wp-includes/js/wp-embed.min.js HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/empire-earth-3.html
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Type: application/javascript
Content-Length: 751
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Fri, 05 Feb 2021 16:50:06 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2FGz3KNtHVmka4Nw6MAZKk323U%2Ftt7fqQBExc8WL0x7ZDOntexPtqRqHUvpIQFSEa22PhboggET2DHbra4SPCbd2TW9NRUKGa%2F3f4MqZKYRj%2BMCZc8UfH4sS96aYXE0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0d75fd0b512-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash e361e8b487c842a2eb9e3b5f598b2463
3cb554f848236623ea2186aa029f0414875a4623
56cc91487a0b105e91054608d691c2a56ba5fecc0d6e15184784c2009088c687
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "56CC91487A0B105E91054608D691C2A56BA5FECC0D6E15184784C2009088C687"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14473
Expires: Sun, 29 Jan 2023 01:18:23 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 534d071992ca3937fbcee75140a9f68b
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 28 Jan 2023 21:17:10 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SovtsNa7PUuMnD3EVBby%2FlU6%2Fsbu8eaoZLykFODv2KTDbPA4xIx8LJ4e%2BNlapB0qL%2F%2BCoUuRLTVF3bpH0NT6MbxAMwqb7Y249mHFP2%2BBoK8e%2Fcp24MWa4lmnEJX7vqldrz4fp%2BI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790cc0db2fe77780-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9507
Expires: Sat, 28 Jan 2023 23:55:37 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9507
Expires: Sat, 28 Jan 2023 23:55:37 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9507
Expires: Sat, 28 Jan 2023 23:55:37 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9507
Expires: Sat, 28 Jan 2023 23:55:37 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 81057
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 84024
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 80009
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f185f0b4f90d06dbb397b44ed9c73dbe
a48e2c369a048447e0e25e4791eb603859391c1c
b466060fc132cc8d23fcb83001206606e2d5502118c65e9f55795b5adbff2fa6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: e556be7b-567a-4c9a-931e-ff6fee42d3a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T8GbFoAMFySg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-6f4476e9388c77a057153277;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LPkLrx7l9Qf_GKdtJq_77RUkvgnKZlCaDN34xsB5bEO8c9VQEJPAew==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:38 GMT
etag: "a48e2c369a048447e0e25e4791eb603859391c1c"
content-type: image/jpeg
age: 84032
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 84492
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 84033
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
apps4win.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000
200 OK 18 kB URL HTTP/1.1 apps4win.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000
IP
File type ASCII text, with very long lines (39370), with no line terminators
Hash 6e2a27aaf26ebb51f7fc622805c80cfe
0cb851bbf7da6741ca45ab99524669a332054663
64c0f9321a5b10fc682a630d2944d586526741ed87767c0a7f5fc8b0332af5ee
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674936000 HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-functional=no; cookielawinfo-checkbox-performance=no; cookielawinfo-checkbox-analytics=no; cookielawinfo-checkbox-advertisement=no; cookielawinfo-checkbox-others=no
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
x-control-type-options: nosniff
cache-control: max-age=14400, public
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jNcfl49whYsKCDjT2lbbEnxLK9rU5bHPEo5RIHYH5YQezNhPWJ69KI57q0i5JHf9cGjM0TUzgzeFUekzS94UzZiHC9g%2F9XGEuZHTvi35TzgL3srBmL5k7%2BFLHbstUuc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790cc0dc1fe9b50c-OSL
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c2d37fd4f1678643fc9f53dd026cd7e3
1dd8510cd853835d82892664350acccfc6715f16
6506e317135169829b64f503a456bdd7d1a28dab8985bf20c2c5534d033779af
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151377
Date: Sat, 28 Jan 2023 21:17:10 GMT
Etag: "63d5239a-1d7"
Expires: Mon, 30 Jan 2023 15:20:07 GMT
Last-Modified: Sat, 28 Jan 2023 13:31:06 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3PaRvddHflibcYeFbNiCvQNd7RzR-DAkTzLSszTC3VeF8JSZNwe9gA==
Age: 6541
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash acc44c6bf0fcdac231e201eced086098
f6d0e83e1565790f55ee465159944d1327d72899
964e9e7b2bd0c7f3266422afb75e75d7c455d416b5955a7ce3153ebc6f0c6c9f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://apps4win.com
access-control-allow-credentials: true
set-cookie: uid_id2=178fcfb5-e62d-4cb8-804a-caaef38f49eb:1:1; expires=Tue, 25 Jan 2033 21:17:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
excretekings.com/6b/b5/18/6bb518a9d9682904534a22090c2d8701.js
200 OK 29 kB URL HTTP/1.1 excretekings.com/6b/b5/18/6bb518a9d9682904534a22090c2d8701.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 764e0ce1418fd33ff58c20f23828d0a2
c7a104e7c1f4240d08237d24d59182fa79727d98
88666214796c8bc392166e1dcdd830090f2e4bef0624433eff96866a87715313
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /6b/b5/18/6bb518a9d9682904534a22090c2d8701.js HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e187a07ef16e441b3c023c7165530db
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
apps4win.com/wp-content/themes/astra/assets/fonts/astra.woff
200 OK 3.3 kB URL HTTP/1.1 apps4win.com/wp-content/themes/astra/assets/fonts/astra.woff
IP
File type Web Open Font Format, TrueType, length 3304, version 1.0\012- data
Hash bfe0ed8503c926d68f58ed0408dfe0d0
0346d02d96ff7d2a0278bc10f4dfdf365c80eac3
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
GET /wp-content/themes/astra/assets/fonts/astra.woff HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Type: font/woff
Content-Length: 3304
Connection: keep-alive
last-modified: Wed, 21 Aug 2019 07:01:11 GMT
x-turbo-charged-by: LiteSpeed
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTeD2DgT30cOcMsDULwkn1f1vL6LDqEWiXIhglhwUux%2BQv4WcUNYIS3p7X7wdfkw2ADZVUclG8NFlNIKpGNeZQk3ajyTNzOMRZKK5CRiqTqCirS6QSEylI26VEfK8D4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790cc0db2c7e1c0e-OSL
alt-svc: h2=":443"; ma=60
feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=2988&rd=2988&fd=398&bv=22.10.v.10&tmpl=136
200 OK 0 B URL HTTP/1.1 feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=2988&rd=2988&fd=398&bv=22.10.v.10&tmpl=136
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2988&rd=2988&fd=398&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 21:17:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash acad64394e2cbaa5ffcc4be1a6e331c6
0aabce63699cd5454283bbdad108b6cbbe681fbb
c69a7463c054752c9036e5646f167ff689adcb605e3c063f4440749b71faa236
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C69A7463C054752C9036E5646F167FF689ADCB605E3C063F4440749B71FAA236"
Last-Modified: Fri, 27 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15229
Expires: Sun, 29 Jan 2023 01:30:59 GMT
Date: Sat, 28 Jan 2023 21:17:10 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7938224887741360
200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7938224887741360
IP
File type ASCII text, with very long lines (3649)
Hash cd81ad178283c934941feecbbb72d484
6d9842cdf55d73234d0db1a8e3da345c3239be7c
acec32d6b5555a1ab52f0180340ec3b21e9bfef3d743dca70884b55409ae0ebd
GET /pagead/js/adsbygoogle.js?client=ca-pub-7938224887741360 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 21:17:11 GMT
expires: Sat, 28 Jan 2023 21:17:11 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 4863372508010892067
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50077
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
File type ASCII text, with very long lines (3649)
Hash b55f66c0d4ff2a3d7a4b610b441c30c5
7117b2507124e4204801d8e39dd987d3622db33e
1674ed75c1318e64a6d808296644f49b167a5f6628e1417daa3c825c2a8b6034
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 21:17:11 GMT
expires: Sat, 28 Jan 2023 21:17:11 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 537106614615247845
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.w3counter.com/track/pv?id=116006&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&webpageName=%E2%88%9A%20Empire%20Earth%203%20App%20Free%20Download%20for%20PC%20Windows%2010&ref=&url=http%3A%2F%2Fapps4win.com%2Fempire-earth-3.html&width=1280&height=1024&rand=73<=2602
200 OK 4.2 kB URL HTTP/2 www.w3counter.com/track/pv?id=116006&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&webpageName=%E2%88%9A%20Empire%20Earth%203%20App%20Free%20Download%20for%20PC%20Windows%2010&ref=&url=http%3A%2F%2Fapps4win.com%2Fempire-earth-3.html&width=1280&height=1024&rand=73<=2602
IP
Hash ff6b715b2e1ae92a0a0d89d40da35f18
e522c2928550d95f6606d4ed28597f3335dd7bb5
ed1f6f922f949411506b9bb34014e52bd3677789f4591a228cdbbed27a6052a3
GET /track/pv?id=116006&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&webpageName=%E2%88%9A%20Empire%20Earth%203%20App%20Free%20Download%20for%20PC%20Windows%2010&ref=&url=http%3A%2F%2Fapps4win.com%2Fempire-earth-3.html&width=1280&height=1024&rand=73<=2602 HTTP/1.1
Host: www.w3counter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.3.15
cache-control: no-cache
cf-cache-status: DYNAMIC
set-cookie: 116006_visit=1; expires=Mon, 27-Feb-2023 21:17:11 GMT; Max-Age=2592000; path=/; domain=w3counter.com; secure; SameSite=None
SERVERID=s4; path=/; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zniAYoQtvbCrX7aWHPYLBNrCaH6juXqrp1N2kp90KtV%2BptVRCWfudIXft6TLZN3paqNmKhIntO2yThaZFh%2BBM47spQcuY1qQBmXV2jVsNdcWjMu6hpGNykcbdoKjcQt6Aoss"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790cc0dfb94d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
excretekings.com/sbar.json?key=5d85a8e9fe98ee92f1aba3ee2351ea5d&uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb%3A1%3A1
200 OK 4.3 kB URL HTTP/1.1 excretekings.com/sbar.json?key=5d85a8e9fe98ee92f1aba3ee2351ea5d&uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6164), with no line terminators
Hash 152a41a78ef197a524658c58d9c8e5e8
fc7753a6b6c060d5a1fe20c15fd44dacd91f4c48
d630f289f3af1973dd188458e4a8c643d76447d87ee5ecc750dfd7e389c287fb
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=5d85a8e9fe98ee92f1aba3ee2351ea5d&uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb%3A1%3A1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://apps4win.com
Access-Control-Allow-Origin: http://apps4win.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16898732; expires=Sun, 29 Jan 2023 21:17:11 GMT; secure; SameSite=None
uid_id2=178fcfb5-e62d-4cb8-804a-caaef38f49eb:1:1; expires=Sat, 04 Feb 2023 21:17:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 21:17:11 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 21:17:11 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 29 Jan 2023 21:17:11 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 29 Jan 2023 21:17:11 GMT; secure; SameSite=None
slec5d85a8e9fe98ee92f1aba3ee2351ea5d=[3952979]; expires=Sat, 28 Jan 2023 21:17:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f485f2e3688bf4a92ab2e2813dca655c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e34c204daf6f65e512d7168b01268c76
793aacf3316ca30d6bef3acaaf097e42e2013e49
a748e66ab50d8c910a381a0e653c9b3e95c15043c5c52e91fbaeb20282b9fd49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A748E66AB50D8C910A381A0E653C9B3E95C15043C5C52E91FBAEB20282B9FD49"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3521
Expires: Sat, 28 Jan 2023 22:15:52 GMT
Date: Sat, 28 Jan 2023 21:17:11 GMT
Connection: keep-alive
excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuNpTyt78SA04kHBTLpnppMZIwTjGgmuSdysBDxZv3pSpqarqeqengweoguyF2E86bHzTbJBDbL7B8jKxIvk4o7oEsV48uJJEARvMpOBsA%2B633v1vcP3fe99sp%2BfkwA5Pdt42%2FSU1nQuqgT%2Bi1sqEaZw%2FtptPwwqwaK%2FpZL5%2BqLfHf9s55UwiCrBS%2F6bku%2BYuWoQBkEYhP6KsjI23bkJCpUeN8NKM6jUq5UwqqNrn%2Bxd7sFRD6JzTp6BEqOnt394AMWHSNr3b0i3k5n05TfauaaZseiIo3eTncQUCdqXZWw9xMnRdBrGjQj54gpMcjRVANM5GCsAUyPiPQ7BkqMpTbDO4QVTpiETMHEVRWcIqYdQdAhu7kCJRwTgAmvrSNr31owt6O4FSsfoiMz8%2Bw9UMSIzv19H0v5mWauuv2l0nimTOHTjEqo7hGoNkeYnyHoeVHECnn0MJQiSdgklzl4IFxoxj1k0K%2BerYrbOWWO2EdTpLKdUxrVGXG9KNrFGqSFUPISWfVDnIR9%2FykMee8hTD21x5tOoGQfBQsziWq1R55zXapxHjXkRiVq9EQfI%2BZh7H1naB9d9cLuH1O5hR%2FVh8%2B%2Fgtks44cFlBB1RopAEhSMoKEGhCIqMoOiUh0K7qivvCe1yFk5zdZpr5cBkrX16aLKWTMh%2Bek6ujQ3zvF%2BPsSPP%2FEg0ItqQzVg2G1I2q3FIGa1JWa1FoaSRgFMllLsykdlTI0L%2BYkjVo2sPwegJnD4BV9dB8%2BdAi8FCNQDdHtQbAXrJ%2FXbuFKeJSDXdrXR3exCmRJrNINv19vU5eXayulff2YTkp0u%2F%2FPfb8z%2F%2B%2BT64LZHaEh%2Bo7wla%2Bu7glinIwS1TOPJgPc1UW%2FXoeK2bGc3kzFdvyd3CWLF6w%2FW%2FfI2PgXF5fFu67CZNhEpajny9rISQdsVYLsm3q25Lso3cbS%2FnNsnTmxuvr6y2UyudUyYZgo5FfvQhuBqRq14yOVm%2Few5lh7B5iXZ%2BSqYBZU7A0z249HTp80%2FX%2F1gU78EZAqsvZ1jqocjLga2yy0etCLS87Ckr4eSlCUyePvz7Att3d9GyHmh2Z3KoHVuio0tQ3YfLnxpkqT1d%2Bqk2CTDtDZi23gHTVn92Ya5TZ76M4iCWQVWyuMniBRqIZlxvMtoM5QKLaIjMjfjP%2Fcf%2FAwAA%2F%2F8BAAD%2F%2F1XbcVGKBAAA
200 OK 7 B URL HTTP/1.1 excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuNpTyt78SA04kHBTLpnppMZIwTjGgmuSdysBDxZv3pSpqarqeqengweoguyF2E86bHzTbJBDbL7B8jKxIvk4o7oEsV48uJJEARvMpOBsA%2B633v1vcP3fe99sp%2BfkwA5Pdt42%2FSU1nQuqgT%2Bi1sqEaZw%2FtptPwwqwaK%2FpZL5%2BqLfHf9s55UwiCrBS%2F6bku%2BYuWoQBkEYhP6KsjI23bkJCpUeN8NKM6jUq5UwqqNrn%2Bxd7sFRD6JzTp6BEqOnt394AMWHSNr3b0i3k5n05TfauaaZseiIo3eTncQUCdqXZWw9xMnRdBrGjQj54gpMcjRVANM5GCsAUyPiPQ7BkqMpTbDO4QVTpiETMHEVRWcIqYdQdAhu7kCJRwTgAmvrSNr31owt6O4FSsfoiMz8%2Bw9UMSIzv19H0v5mWauuv2l0nimTOHTjEqo7hGoNkeYnyHoeVHECnn0MJQiSdgklzl4IFxoxj1k0K%2BerYrbOWWO2EdTpLKdUxrVGXG9KNrFGqSFUPISWfVDnIR9%2FykMee8hTD21x5tOoGQfBQsziWq1R55zXapxHjXkRiVq9EQfI%2BZh7H1naB9d9cLuH1O5hR%2FVh8%2B%2Fgtks44cFlBB1RopAEhSMoKEGhCIqMoOiUh0K7qivvCe1yFk5zdZpr5cBkrX16aLKWTMh%2Bek6ujQ3zvF%2BPsSPP%2FEg0ItqQzVg2G1I2q3FIGa1JWa1FoaSRgFMllLsykdlTI0L%2BYkjVo2sPwegJnD4BV9dB8%2BdAi8FCNQDdHtQbAXrJ%2FXbuFKeJSDXdrXR3exCmRJrNINv19vU5eXayulff2YTkp0u%2F%2FPfb8z%2F%2B%2BT64LZHaEh%2Bo7wla%2Bu7glinIwS1TOPJgPc1UW%2FXoeK2bGc3kzFdvyd3CWLF6w%2FW%2FfI2PgXF5fFu67CZNhEpajny9rISQdsVYLsm3q25Lso3cbS%2FnNsnTmxuvr6y2UyudUyYZgo5FfvQhuBqRq14yOVm%2Few5lh7B5iXZ%2BSqYBZU7A0z249HTp80%2FX%2F1gU78EZAqsvZ1jqocjLga2yy0etCLS87Ckr4eSlCUyePvz7Att3d9GyHmh2Z3KoHVuio0tQ3YfLnxpkqT1d%2Bqk2CTDtDZi23gHTVn92Ya5TZ76M4iCWQVWyuMniBRqIZlxvMtoM5QKLaIjMjfjP%2Fcf%2FAwAA%2F%2F8BAAD%2F%2F1XbcVGKBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuNpTyt78SA04kHBTLpnppMZIwTjGgmuSdysBDxZv3pSpqarqeqengweoguyF2E86bHzTbJBDbL7B8jKxIvk4o7oEsV48uJJEARvMpOBsA%2B633v1vcP3fe99sp%2BfkwA5Pdt42%2FSU1nQuqgT%2Bi1sqEaZw%2FtptPwwqwaK%2FpZL5%2BqLfHf9s55UwiCrBS%2F6bku%2BYuWoQBkEYhP6KsjI23bkJCpUeN8NKM6jUq5UwqqNrn%2Bxd7sFRD6JzTp6BEqOnt394AMWHSNr3b0i3k5n05TfauaaZseiIo3eTncQUCdqXZWw9xMnRdBrGjQj54gpMcjRVANM5GCsAUyPiPQ7BkqMpTbDO4QVTpiETMHEVRWcIqYdQdAhu7kCJRwTgAmvrSNr31owt6O4FSsfoiMz8%2Bw9UMSIzv19H0v5mWauuv2l0nimTOHTjEqo7hGoNkeYnyHoeVHECnn0MJQiSdgklzl4IFxoxj1k0K%2BerYrbOWWO2EdTpLKdUxrVGXG9KNrFGqSFUPISWfVDnIR9%2FykMee8hTD21x5tOoGQfBQsziWq1R55zXapxHjXkRiVq9EQfI%2BZh7H1naB9d9cLuH1O5hR%2FVh8%2B%2Fgtks44cFlBB1RopAEhSMoKEGhCIqMoOiUh0K7qivvCe1yFk5zdZpr5cBkrX16aLKWTMh%2Bek6ujQ3zvF%2BPsSPP%2FEg0ItqQzVg2G1I2q3FIGa1JWa1FoaSRgFMllLsykdlTI0L%2BYkjVo2sPwegJnD4BV9dB8%2BdAi8FCNQDdHtQbAXrJ%2FXbuFKeJSDXdrXR3exCmRJrNINv19vU5eXayulff2YTkp0u%2F%2FPfb8z%2F%2B%2BT64LZHaEh%2Bo7wla%2Bu7glinIwS1TOPJgPc1UW%2FXoeK2bGc3kzFdvyd3CWLF6w%2FW%2FfI2PgXF5fFu67CZNhEpajny9rISQdsVYLsm3q25Lso3cbS%2FnNsnTmxuvr6y2UyudUyYZgo5FfvQhuBqRq14yOVm%2Few5lh7B5iXZ%2BSqYBZU7A0z249HTp80%2FX%2F1gU78EZAqsvZ1jqocjLga2yy0etCLS87Ckr4eSlCUyePvz7Att3d9GyHmh2Z3KoHVuio0tQ3YfLnxpkqT1d%2Bqk2CTDtDZi23gHTVn92Ya5TZ76M4iCWQVWyuMniBRqIZlxvMtoM5QKLaIjMjfjP%2Fcf%2FAwAA%2F%2F8BAAD%2F%2F1XbcVGKBAAA HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Cookie: u_pl=16898732; uid_id2=178fcfb5-e62d-4cb8-804a-caaef38f49eb:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5d85a8e9fe98ee92f1aba3ee2351ea5d=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cc97e77bcf1314ebafa73eb4ec6e06e3
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 28 Jan 2023 22:17:11 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=apps4win.com
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=apps4win.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=apps4win.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 21:17:11 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 21:17:11 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 21:17:11 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 21:17:11 GMT
Connection: keep-alive
adservice.google.no/adsid/integrator.js?domain=apps4win.com
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=apps4win.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=apps4win.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 21:17:11 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4675bd0dbda20e272b32eb9db03f35d8
aa655fd97778059913ab170765257aaef33e7119
a9bb5d439a01135af6d41e60455509b20fee27f7661ad81f6cb955ffdc9c1f12
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9BB5D439A01135AF6D41E60455509B20FEE27F7661AD81F6CB955FFDC9C1F12"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1854
Expires: Sat, 28 Jan 2023 21:48:05 GMT
Date: Sat, 28 Jan 2023 21:17:11 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Mon, 30 Jan 2023 21:17:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
apps4win.com/wp-content/litespeed/css/bb4520bc4b168737adf3c63ccc6ba45e.css?ver=d45d9
200 OK 27 kB URL HTTP/2 apps4win.com/wp-content/litespeed/css/bb4520bc4b168737adf3c63ccc6ba45e.css?ver=d45d9
IP
File type ASCII text, with very long lines (63194)
Hash ca0bc18f104498b1efd082a36a626199
aa64ce014ecf22914074279ace95453da8fe4045
d4862fc0e37f5c09bb313afbffd0809cb56d543a95144bf9b3e0c0472203272a
GET /wp-content/litespeed/css/bb4520bc4b168737adf3c63ccc6ba45e.css?ver=d45d9 HTTP/1.1
Host: apps4win.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:10 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 21:17:09 GMT
last-modified: Thu, 17 Nov 2022 10:47:10 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AoF2USSH0PuZ857WThD7pb%2B9zI7HZfYILZWyOOfjVpz0k7iV2JyGyxMZt6jReE4iZDrDpy%2F2aRUUQ%2FelgyL6Ea%2FIJEMktPCDtgfvo9dShPFFVDBFKwOq4%2BJKS2zynJg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790cc0d5aa6e1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.w3counter.com/tracker.js?id=116006
200 OK 4.7 kB URL HTTP/2 www.w3counter.com/tracker.js?id=116006
IP
Hash 57257db0004ea24804437898d0e6a2dd
88071597f095fb8b2c7d8b292fa573989299f04f
b879770328408a2dbb45964e95b28b813465c15b0426ca5d65c6be80a333716b
GET /tracker.js?id=116006 HTTP/1.1
Host: www.w3counter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:09 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.3.15
cache-control: no-cache
set-cookie: SERVERID=s3; path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6KkjwT2JH%2BAv6fp2CNKVoAU2olbAhhxAesve%2FNi9Mm7GmUvC%2Fb%2BDe6GZFwgklT%2FokpIX3urT2IKQsYSYhtRPZMb2Eh54ITv966jYBs4BDWM%2FNusIfQUckrdjiP7PBTxl2WVU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790cc0d56ef50b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
200 OK 5.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP
Hash 663067d0d1876097ec46232b6e39e5ad
1d3ce3d1df481b8ed624c8d542644edde670280b
9b2e8e94735f501c69ef034784fda52700b8a03585251d85a6ed1060d687b7b0
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9d8TkiZgGPBzPsFwwysqOKUOUeJpP7geJspu9ZTdwKtw9NXA2EnsbQGs5dw8F8qDOvO%2BalG6GvH5nWnUnr2fVWu4fvcNU9j08i8PPny6khAjsCJXQabIPldE4iFSirzN%2BnEwYE7LomMd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790cc0e4799935da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
200 OK 189 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP
Hash 1d0fa0ba8245544cc13df3c4ad152fe5
4dab7828317a03f52e7b0a2d4e9955b7b598e38e
238d866c643309c7d8f3bec3647906efc75cdac992728b99d0dd779479ffdba8
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKPj%2FquXLis2G72Ux8tIMq3Jq61OAcxPzAh8t3jcpyVamhXHY9rQsjKLzj1drFWPyfUFZ49b4D3QpHz%2B9NNTWLtAAUkmsCaiLbkNWPEMOhj5%2F7AUDt9qXhU%2B8bA0Nd5dK4xtlmwTwQac"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790cc0e4698835da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4025
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 21:17:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae45eeb8e62398ce3fc49c0234699163
f5506898f66248b331e84b573a010c5c1a8ad0d2
3d298a54e6d0f6e8f6a48a398e372720fb871623080b7408d66f296068ec6ddc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ae45eeb8e62398ce3fc49c0234699163
f5506898f66248b331e84b573a010c5c1a8ad0d2
3d298a54e6d0f6e8f6a48a398e372720fb871623080b7408d66f296068ec6ddc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3l9%2Bpz2t7MWD0IgHBTPbPT2d6TFCMK6R4JrEzUrAk9VV1ZMyNV1NVff0ZPAQXZC9CONJj51vkg1qkN0%2FQFYmXiQXd0SXKMaTF0%2BCIHiTmQwEH3S%2F9%2Bp7h%2B%2F73vtovzgnHgp6tvGm7kul6I2w5rnPb8mU69K6a3dc36t5i%2B6WTBcai25v8jPdl3wvrHkvuK8LtqNv1D3f83zPd1ekEYnu3ZiikNlxy6%2B1vFqjXvPDBnrmv70tHFjqgHfPyVOQfPz%2F7e8eQrIR0s6Dm8Lu5Dp78bVOoWiuDbr86O10J9Vlis5lmRgHSXo0m4a2Y0I%2BuwKdHs0UQHcPJgoQyzFxnviI06MZTcTdwwumsYJIEfOrKLsjCDWCpCMwfReSPyYA41hbR9q5v6ZNSXcvUDpBx2Tu778gyzGZ%2B%2FU60s5Xy0r23E2tilzq1KKXVJC9EWR7hKw4Qd53IMsTsPxDSE6QdipIfvac34wSlsThvFio8%2FkGi6P5yGvQeUapSIIoabREPLVGyhFkMoISA1DroJh80kGROCgyBx1%2B5tKwlXheM4mTIIgajLEgYCyMFnjIg0aUeCjYhPsAeTYAUwMws4fM7GFHDmCKb2C3K1juwOYEXV6hFASlJSgpQSkJypyg7FaHXNm6re5zZYvYn%2BX6LAfVUOftfXqo87ZIyX52Tq5NDHOcn4%2BxI87ckEchjUQrEa1IiFY98WlMAyHqQegLGnJYWUHaK1OZfTkm5I8YmXx87RFiegKrTsDkddDiGdBy2Kx7oNvDRuShnz7oFFYymvJM0d1ab7cPritk%2BRzyXWdfnZOnp6t7%2Ba1NCHa69NM%2Fvzz7%2Fe%2FvgpkKmanwnvyWoK3uDW%2Frkhzc1qUlD9ezXHZkn07WupnTXMx98YbYLbXhqzft4PNX2ASYlMd3hM1v0ZTLtG3Jl8uSc2FWtGGCfL1qt0S8Udjt5cKkRXZr49WV1U5mhLVSpyPQicgP3geTY3LVSacn6%2FbOIc0IpqjQKU7JLCD1CVi2B5udLn368fpvi%2FwdWE1g1OVMnDkoi2po6vHlo5IESlz2NK5gxaUJsTh99OcFtm%2FvoW0c0Pzu9FC7pkJXVaBqAFv8b5hn5nTph2AaiJUzjJVxDmJl1CcX5lp55oZ%2BQ0Rx1GScx4Jxv1kPosDz6pw3mi3ht5DbMftx8ORfAAAA%2F%2F8BAAD%2F%2F0HT%2F7eKBAAA
200 OK 7 B URL HTTP/1.1 excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3l9%2Bpz2t7MWD0IgHBTPbPT2d6TFCMK6R4JrEzUrAk9VV1ZMyNV1NVff0ZPAQXZC9CONJj51vkg1qkN0%2FQFYmXiQXd0SXKMaTF0%2BCIHiTmQwEH3S%2F9%2Bp7h%2B%2F73vtovzgnHgp6tvGm7kul6I2w5rnPb8mU69K6a3dc36t5i%2B6WTBcai25v8jPdl3wvrHkvuK8LtqNv1D3f83zPd1ekEYnu3ZiikNlxy6%2B1vFqjXvPDBnrmv70tHFjqgHfPyVOQfPz%2F7e8eQrIR0s6Dm8Lu5Dp78bVOoWiuDbr86O10J9Vlis5lmRgHSXo0m4a2Y0I%2BuwKdHs0UQHcPJgoQyzFxnviI06MZTcTdwwumsYJIEfOrKLsjCDWCpCMwfReSPyYA41hbR9q5v6ZNSXcvUDpBx2Tu778gyzGZ%2B%2FU60s5Xy0r23E2tilzq1KKXVJC9EWR7hKw4Qd53IMsTsPxDSE6QdipIfvac34wSlsThvFio8%2FkGi6P5yGvQeUapSIIoabREPLVGyhFkMoISA1DroJh80kGROCgyBx1%2B5tKwlXheM4mTIIgajLEgYCyMFnjIg0aUeCjYhPsAeTYAUwMws4fM7GFHDmCKb2C3K1juwOYEXV6hFASlJSgpQSkJypyg7FaHXNm6re5zZYvYn%2BX6LAfVUOftfXqo87ZIyX52Tq5NDHOcn4%2BxI87ckEchjUQrEa1IiFY98WlMAyHqQegLGnJYWUHaK1OZfTkm5I8YmXx87RFiegKrTsDkddDiGdBy2Kx7oNvDRuShnz7oFFYymvJM0d1ab7cPritk%2BRzyXWdfnZOnp6t7%2Ba1NCHa69NM%2Fvzz7%2Fe%2FvgpkKmanwnvyWoK3uDW%2Frkhzc1qUlD9ezXHZkn07WupnTXMx98YbYLbXhqzft4PNX2ASYlMd3hM1v0ZTLtG3Jl8uSc2FWtGGCfL1qt0S8Udjt5cKkRXZr49WV1U5mhLVSpyPQicgP3geTY3LVSacn6%2FbOIc0IpqjQKU7JLCD1CVi2B5udLn368fpvi%2FwdWE1g1OVMnDkoi2po6vHlo5IESlz2NK5gxaUJsTh99OcFtm%2FvoW0c0Pzu9FC7pkJXVaBqAFv8b5hn5nTph2AaiJUzjJVxDmJl1CcX5lp55oZ%2BQ0Rx1GScx4Jxv1kPosDz6pw3mi3ht5DbMftx8ORfAAAA%2F%2F8BAAD%2F%2F0HT%2F7eKBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSwWskxReu3l9%2Bpz2t7MWD0IgHBTPbPT2d6TFCMK6R4JrEzUrAk9VV1ZMyNV1NVff0ZPAQXZC9CONJj51vkg1qkN0%2FQFYmXiQXd0SXKMaTF0%2BCIHiTmQwEH3S%2F9%2Bp7h%2B%2F73vtovzgnHgp6tvGm7kul6I2w5rnPb8mU69K6a3dc36t5i%2B6WTBcai25v8jPdl3wvrHkvuK8LtqNv1D3f83zPd1ekEYnu3ZiikNlxy6%2B1vFqjXvPDBnrmv70tHFjqgHfPyVOQfPz%2F7e8eQrIR0s6Dm8Lu5Dp78bVOoWiuDbr86O10J9Vlis5lmRgHSXo0m4a2Y0I%2BuwKdHs0UQHcPJgoQyzFxnviI06MZTcTdwwumsYJIEfOrKLsjCDWCpCMwfReSPyYA41hbR9q5v6ZNSXcvUDpBx2Tu778gyzGZ%2B%2FU60s5Xy0r23E2tilzq1KKXVJC9EWR7hKw4Qd53IMsTsPxDSE6QdipIfvac34wSlsThvFio8%2FkGi6P5yGvQeUapSIIoabREPLVGyhFkMoISA1DroJh80kGROCgyBx1%2B5tKwlXheM4mTIIgajLEgYCyMFnjIg0aUeCjYhPsAeTYAUwMws4fM7GFHDmCKb2C3K1juwOYEXV6hFASlJSgpQSkJypyg7FaHXNm6re5zZYvYn%2BX6LAfVUOftfXqo87ZIyX52Tq5NDHOcn4%2BxI87ckEchjUQrEa1IiFY98WlMAyHqQegLGnJYWUHaK1OZfTkm5I8YmXx87RFiegKrTsDkddDiGdBy2Kx7oNvDRuShnz7oFFYymvJM0d1ab7cPritk%2BRzyXWdfnZOnp6t7%2Ba1NCHa69NM%2Fvzz7%2Fe%2FvgpkKmanwnvyWoK3uDW%2Frkhzc1qUlD9ezXHZkn07WupnTXMx98YbYLbXhqzft4PNX2ASYlMd3hM1v0ZTLtG3Jl8uSc2FWtGGCfL1qt0S8Udjt5cKkRXZr49WV1U5mhLVSpyPQicgP3geTY3LVSacn6%2FbOIc0IpqjQKU7JLCD1CVi2B5udLn368fpvi%2FwdWE1g1OVMnDkoi2po6vHlo5IESlz2NK5gxaUJsTh99OcFtm%2FvoW0c0Pzu9FC7pkJXVaBqAFv8b5hn5nTph2AaiJUzjJVxDmJl1CcX5lp55oZ%2BQ0Rx1GScx4Jxv1kPosDz6pw3mi3ht5DbMftx8ORfAAAA%2F%2F8BAAD%2F%2F0HT%2F7eKBAAA HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Cookie: u_pl=16898732; uid_id2=178fcfb5-e62d-4cb8-804a-caaef38f49eb:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b84bbde98617156cfcfd4c1529797c64
Strict-Transport-Security: max-age=0; includeSubdomains
excretekings.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 excretekings.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Cookie: u_pl=16898732; uid_id2=178fcfb5-e62d-4cb8-804a-caaef38f49eb:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=6bb518a9d9682904534a22090c2d8701&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=6bb518a9d9682904534a22090c2d8701&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=6bb518a9d9682904534a22090c2d8701&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c427110d5479f6747cf82a36b2c1510
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://apps4win.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:12 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcrI33sZ21zdHlbo1Lo94mZqWzidGLqODamZOL%2FFQZGp8e2i1ufvZzRtaQVSNORsdlH2UcVb3Cdq1MdtPxyF8lrpHDDQan8b82jQfFe9vmgBQ69c9qs5kK4PJPzd%2F7d3scvip1R0Nw%2B4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790cc0e76e5635da-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=5d85a8e9fe98ee92f1aba3ee2351ea5d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=5d85a8e9fe98ee92f1aba3ee2351ea5d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=178fcfb5-e62d-4cb8-804a-caaef38f49eb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=5d85a8e9fe98ee92f1aba3ee2351ea5d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://apps4win.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 21:17:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bde28bc3e79ec39b78ca21a120af9acf
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 622fef0135648b055d1691ae97508eff
535c21115ccc50934d06c70e153df6ae542f1b5c
a66508fe21cab04638a3988ee90babe52167f0399a5440e329cf397182c813b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 28 Jan 2023 21:17:12 GMT
expires: Sat, 28 Jan 2023 21:17:12 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 22:10:29 GMT
expires: Mon, 22 Jan 2024 22:10:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 515203
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 86352d15c37831cf9bf1e41325029224
ac8b28bcc1e6dd026e1f62d1ef8b9f80a42eee21
154f5f5e116df41f5d3bd414c671138b2afc198071529a0f3573109277566cd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 21:17:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 55710544fb189a06db7e04d9ca47472d
b812a946f4b54d18cf1390613231e2c5655f8c24
3ba9eda41cf404aeefb4b781ba08ce37a36d97caff983fb33791d1758d95ee86
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://apps4win.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 28 Jan 2023 21:17:12 GMT
date: Sat, 28 Jan 2023 21:17:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-gBI4Wq3FuzI-93L0SGu0Dg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://apps4win.com
Connection: keep-alive
Referer: http://apps4win.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 21:17:11 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3FzoH6%2FdTKNbua8QnXIaBpO5udd4bp1XdioEu16XY%2F8P3v5VCx4knW3c8M3Z1xU3wszxP0Soz4XJNkuC%2F%2FxGVk0l24%2FgpDXOl1QQtDV0sFsbMPUPYvH5GBBTB%2BAE5S%2BlKz0V8laIYnY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790cc0e4698d35da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.161.59
104.21.42.104
23.36.77.32
35.156.167.37