xs125.7594555.com/o/1wer?BKAT4CaZP
302 Found 232 B URL HTTP/1.1 xs125.7594555.com/o/1wer?BKAT4CaZP
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cae0ba3aee9415c1d5c51892675bed0a
ef553bf8e481891aa828d9c757b7ac54b3996d01
9397cf85e4f86b405065e432452bb456f363290078d8f612e5af78f980fb82ee
GET /o/1wer?BKAT4CaZP HTTP/1.1
Host: xs125.7594555.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 19 Oct 2022 06:48:23 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Location: https://ghfyhjgj.inoferia.xyz/JTPSd1Fh?BKAT4CaZP
Content-Length: 232
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 19 Oct 2022 05:51:34 GMT
Expires: Wed, 19 Oct 2022 05:57:07 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fNh5W4wOHuByfi2l_eGc3UiFjDO8XRFK9DEr2gmqgdKfionBq5y5eQ==
Age: 3409
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 24a97183f836954e0f05c4dc794ff4d1
52778bbe39b9f736c16b5798575d1d96607ce9d0
01f6721f2674f54662fff590fdf7247cc8c58a3f84906cae75527fb7b6dd2436
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01F6721F2674F54662FFF590FDF7247CC8C58A3F84906CAE75527FB7B6DD2436"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Wed, 19 Oct 2022 08:39:30 GMT
Date: Wed, 19 Oct 2022 06:48:23 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 533e1d53f291993ed5886f88a85c6e55
eb4396e8422f71168d32ac6ff3ef49496f625e62
0d1b73b2a228fe76bf14688e603741025a40803971e05570f873b28788334b33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D1B73B2A228FE76BF14688E603741025A40803971E05570F873B28788334B33"
Last-Modified: Mon, 17 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14600
Expires: Wed, 19 Oct 2022 10:51:43 GMT
Date: Wed, 19 Oct 2022 06:48:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wS4E79hbe5xFgeyZRVqhzH+C2BHfWD+mhqTcUdw476Q/KKJ/DGkM7ujKwiETq/efzzqYM9G92q8=
x-amz-request-id: 8AAAY985FHR8ZM3G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 19 Oct 2022 06:36:12 GMT
age: 731
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7fb1a9e8df98bad5e292548d2b8b7049
39f32e7afc49df8cfe2e0c07fd2b8bb99e4bddae
24dd1e41b42dfddb22125fe0685e0d0721ba81f0d45fd6c916836ba42b676594
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "24DD1E41B42DFDDB22125FE0685E0D0721BA81F0D45FD6C916836BA42B676594"
Last-Modified: Mon, 17 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10787
Expires: Wed, 19 Oct 2022 09:48:10 GMT
Date: Wed, 19 Oct 2022 06:48:23 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7fb1a9e8df98bad5e292548d2b8b7049
39f32e7afc49df8cfe2e0c07fd2b8bb99e4bddae
24dd1e41b42dfddb22125fe0685e0d0721ba81f0d45fd6c916836ba42b676594
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "24DD1E41B42DFDDB22125FE0685E0D0721BA81F0D45FD6C916836BA42B676594"
Last-Modified: Mon, 17 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10786
Expires: Wed, 19 Oct 2022 09:48:10 GMT
Date: Wed, 19 Oct 2022 06:48:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 19 Oct 2022 06:43:40 GMT
Cache-Control: max-age=3600
Expires: Wed, 19 Oct 2022 07:01:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Qfqy4w2x6SEePE6cXpyg4fZ8PceqbIqeG-Rjo3yj7T_0CI0OXIg4lA==
Age: 284
nxtpsh.top/?pl=TQtU6PWtNEOKah41ApsDeg
302 Found 0 B URL HTTP/2 nxtpsh.top/?pl=TQtU6PWtNEOKah41ApsDeg
IP
ASN #35277 Llhost Inc. Srl
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /?pl=TQtU6PWtNEOKah41ApsDeg HTTP/1.1
Host: nxtpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Wed, 19 Oct 2022 06:48:24 GMT
content-length: 0
location: https://stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
set-cookie: TQtU6PWtNEOKah41ApsDeg=3; max-age=345600; path=/; samesite=lax
__pl=7e30d661-78ba-4c41-a579-98a940fb4be5; expires=Sat, 19 Oct 2024 06:48:24 GMT; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
200 OK 5.8 kB URL HTTP/1.1 stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1380), with CRLF line terminators
Hash 9ba2976369c694c92c0584dd129c8d3d
41dffa6d413638f11d5bacf5ac720ebc6b568f4e
484bc59b25aeb3834124110eb16c7e1bb8b63979eda8c164632c207d866fdcf6
GET /blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404 HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: text/html
Last-Modified: Fri, 15 Jul 2022 07:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d11a1d-39ca"
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash c9b278637bdca251f78b46e4a0850473
a48fe5095fc27af1c6b6628149d9e8f655295621
eea38f271e134a85a7b586631a8831888ab81f0edb33120b26bd35cdfa032e52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3177
Cache-Control: max-age=94278
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 06:48:24 GMT
Etag: "634e5e95-1d7"
Expires: Thu, 20 Oct 2022 08:59:42 GMT
Last-Modified: Tue, 18 Oct 2022 08:06:45 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
stream-core.xyz/blue-robot/assets/trls.js
200 OK 2.4 kB URL HTTP/1.1 stream-core.xyz/blue-robot/assets/trls.js
IP
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Hash c60aac62ff59dcdfc825d419d2b23f7d
53fd682694aa8b91c9852655740fe1360d61d880
db8e87b93f9317a495d30cc99cde81ce3d4b0707029d694a7698f9ef50c07a22
GET /blue-robot/assets/trls.js HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: application/javascript
Last-Modified: Fri, 15 Jul 2022 07:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d11a1d-2925"
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
js.nextpsh.top/ps/pl.js
200 OK 2.5 kB IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with very long lines (2483), with no line terminators
Hash 6982bc20fb38a972937273bffa0b8e99
0ec577d715a3bf8edf7ab7dafa55195f8804fdf1
97941a07b52668412df07a352d07085d961d3202186cfabe57a96a55111b406c
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/pl.js HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:24 GMT
content-type: application/javascript
content-length: 2483
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
stream-core.xyz/shared-js/assets/fnr.js
200 OK 2.3 kB URL HTTP/1.1 stream-core.xyz/shared-js/assets/fnr.js
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (751), with CRLF line terminators
Hash 1b26eacf5077aee06906daf060fa20fe
faee0d9cb6b4eb1c83c480a7e5638bcaf811dfca
d8d71d57da0c5eafb51e14175fccc4acb3889be6f43aa1eed5199ef7e85976e0
GET /shared-js/assets/fnr.js HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: application/javascript
Last-Modified: Fri, 15 Jul 2022 07:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d11a1d-165c"
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
stream-core.xyz/blue-robot/assets/style.css
200 OK 812 B URL HTTP/1.1 stream-core.xyz/blue-robot/assets/style.css
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash af9de103a87d3370be49846dfd5cd319
7d5010634707b69cd91af8a53bb431cfc210c13b
a5dce346ab4fe72d6d86b67b826f1c0ac79bee72abf09e43704d159023819bb6
GET /blue-robot/assets/style.css HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: text/css
Last-Modified: Fri, 15 Jul 2022 07:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d11a1d-f8e"
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
js.nextpsh.top/ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id=
200 OK 13 kB URL HTTP/2 js.nextpsh.top/ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id=
IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with very long lines (13015), with no line terminators
Hash 2cea3d478a508e6c281a9b49480ae749
d1fbd3befe4c97a801b3a44cfa361e55275bdf54
24e404ce20eb91d8cabd0e2ff2ae2bd91c7415aeef77d56ae7f5da904d95355f
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id= HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:24 GMT
content-type: application/javascript
content-length: 13015
set-cookie: __psu=8c89ec3c-532d-4def-8940-6c009c5d51aa; expires=Sat, 19 Oct 2024 06:48:24 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c190204159a1cbcfa30e3b35639f47ef
37f20a9f9e47377d8036d8cf8f2b5393d7e2a2d5
54acc7148382a5219d0c0d0ca5aa83c6fe65d6269415adc56a69d1c89373d9c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c190204159a1cbcfa30e3b35639f47ef
37f20a9f9e47377d8036d8cf8f2b5393d7e2a2d5
54acc7148382a5219d0c0d0ca5aa83c6fe65d6269415adc56a69d1c89373d9c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stream-core.xyz
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 14 Oct 2022 00:48:31 GMT
expires: Sat, 14 Oct 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 453593
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15440, version 1.0\012- data
Hash 55536c8e9e9a532651e3cf374f290ea3
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf
GET /s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stream-core.xyz
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15440
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Oct 2022 01:47:26 GMT
expires: Sun, 15 Oct 2023 01:47:26 GMT
cache-control: public, max-age=31536000
age: 363658
last-modified: Mon, 16 Oct 2017 17:32:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.nextpsh.top/ps/config.js?id=TQtU6PWtNEOKah41ApsDeg
200 OK 356 B URL HTTP/2 js.nextpsh.top/ps/config.js?id=TQtU6PWtNEOKah41ApsDeg
IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with CRLF line terminators
Hash f2fcc436a60ac708b7b831cc8a5914ae
8c38d94993c3f1645bfb9706d30bf41b4744117a
caa62d754242d0cbf6498a9c6747ae39362572e1c37e1a8723e5de1da1cfbb0f
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/config.js?id=TQtU6PWtNEOKah41ApsDeg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Cookie: __psu=8c89ec3c-532d-4def-8940-6c009c5d51aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:24 GMT
content-type: application/javascript
content-length: 356
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LAKvf/AAxLW5Rpr0Hx7v1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: exR1o63P8Vkh/8VAcJ4CehzE43k=
stream-core.xyz/favicon.ico
200 OK 318 B URL HTTP/1.1 stream-core.xyz/favicon.ico
IP
ASN #24940 Hetzner Online GmbH
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0eb6a3e58fb0f61f080bfd48d9be4a2d
669802179243bd9c47aae26d03090f5f8e40a015
3755ed10fae26af17e06f7ff740b9138c0f6b47b524d6bbbaae98f999433e1ea
GET /favicon.ico HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Fri, 15 Jul 2022 07:53:21 GMT
Connection: keep-alive
ETag: "62d11cf1-13e"
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c190204159a1cbcfa30e3b35639f47ef
37f20a9f9e47377d8036d8cf8f2b5393d7e2a2d5
54acc7148382a5219d0c0d0ca5aa83c6fe65d6269415adc56a69d1c89373d9c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 19 Oct 2022 06:48:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
200 OK 6.8 kB URL HTTP/2 www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
File type ASCII text, with very long lines (21158)
Hash cc9770d1cd023f5acf160f83840856fe
3b9c4a75943e3101e25a612ff975d03e9ef6f5ab
6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e
GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 12 Oct 2022 14:08:03 GMT
expires: Thu, 12 Oct 2023 14:08:03 GMT
cache-control: public, max-age=31536000
age: 578421
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
File type ASCII text, with very long lines (40976)
Hash 65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 16 Oct 2022 18:55:14 GMT
expires: Mon, 16 Oct 2023 18:55:14 GMT
cache-control: public, max-age=31536000
age: 215590
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stream-core.xyz/sw-224aef2506dda1722b6574aa40434287.js
200 OK 934 B URL HTTP/1.1 stream-core.xyz/sw-224aef2506dda1722b6574aa40434287.js
IP
ASN #24940 Hetzner Online GmbH
Hash 9535576332b026ff996c24bc22604736
1f33268df101827aaf8789e200bd7c50eb21ba46
90c3c703674fc94272287541c8ae0e89f10cc0a46037261a8d9fc365afad0051
GET /sw-224aef2506dda1722b6574aa40434287.js HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Oct 2022 06:48:24 GMT
Content-Type: application/javascript
Last-Modified: Thu, 17 Feb 2022 13:24:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"620e4c7d-954"
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
304 Not Modified 0 B URL HTTP/1.1 stream-core.xyz/blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /blue-robot/?pl=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&hash=7ugUh33bjUBTRWicuBh6vA&exp=1666162404 HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 15 Jul 2022 07:41:17 GMT
If-None-Match: W/"62d11a1d-39ca"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Wed, 19 Oct 2022 06:48:25 GMT
Last-Modified: Fri, 15 Jul 2022 07:41:17 GMT
Connection: keep-alive
ETag: "62d11a1d-39ca"
Strict-Transport-Security: max-age=63072000
js.nextpsh.top/ps/pl.js
200 OK 2.5 kB IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with very long lines (2483), with no line terminators
Hash 6982bc20fb38a972937273bffa0b8e99
0ec577d715a3bf8edf7ab7dafa55195f8804fdf1
97941a07b52668412df07a352d07085d961d3202186cfabe57a96a55111b406c
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/pl.js HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Cookie: __psu=8c89ec3c-532d-4def-8940-6c009c5d51aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:25 GMT
content-type: application/javascript
content-length: 2483
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
js.nextpsh.top/ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id=
200 OK 13 kB URL HTTP/2 js.nextpsh.top/ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id=
IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with very long lines (13015), with no line terminators
Hash 2cea3d478a508e6c281a9b49480ae749
d1fbd3befe4c97a801b3a44cfa361e55275bdf54
24e404ce20eb91d8cabd0e2ff2ae2bd91c7415aeef77d56ae7f5da904d95355f
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/ps.js?pl=true&id=TQtU6PWtNEOKah41ApsDeg&sm=blue-robot&click_id=&sub_id= HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Cookie: __psu=8c89ec3c-532d-4def-8940-6c009c5d51aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:25 GMT
content-type: application/javascript
content-length: 13015
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
js.nextpsh.top/ps/config.js?id=TQtU6PWtNEOKah41ApsDeg
200 OK 356 B URL HTTP/2 js.nextpsh.top/ps/config.js?id=TQtU6PWtNEOKah41ApsDeg
IP
ASN #35277 Llhost Inc. Srl
File type ASCII text, with CRLF line terminators
Hash f2fcc436a60ac708b7b831cc8a5914ae
8c38d94993c3f1645bfb9706d30bf41b4744117a
caa62d754242d0cbf6498a9c6747ae39362572e1c37e1a8723e5de1da1cfbb0f
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/config.js?id=TQtU6PWtNEOKah41ApsDeg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://stream-core.xyz/
Cookie: __psu=8c89ec3c-532d-4def-8940-6c009c5d51aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 19 Oct 2022 06:48:25 GMT
content-type: application/javascript
content-length: 356
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0fcfa6b657f8e34f9eeaf49d51ccbc73
e508c6dbaaa34541005d8307a48f17a724471048
af4ef3ecc726fe0cd395a395a8449b985991df26ccdabc67eddd22c70eb78a1e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF4EF3ECC726FE0CD395A395A8449B985991DF26CCDABC67EDDD22C70EB78A1E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Wed, 19 Oct 2022 07:51:53 GMT
Date: Wed, 19 Oct 2022 06:48:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0fcfa6b657f8e34f9eeaf49d51ccbc73
e508c6dbaaa34541005d8307a48f17a724471048
af4ef3ecc726fe0cd395a395a8449b985991df26ccdabc67eddd22c70eb78a1e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF4EF3ECC726FE0CD395A395A8449B985991DF26CCDABC67EDDD22C70EB78A1E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Wed, 19 Oct 2022 07:51:53 GMT
Date: Wed, 19 Oct 2022 06:48:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0fcfa6b657f8e34f9eeaf49d51ccbc73
e508c6dbaaa34541005d8307a48f17a724471048
af4ef3ecc726fe0cd395a395a8449b985991df26ccdabc67eddd22c70eb78a1e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF4EF3ECC726FE0CD395A395A8449B985991DF26CCDABC67EDDD22C70EB78A1E"
Last-Modified: Mon, 17 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3808
Expires: Wed, 19 Oct 2022 07:51:53 GMT
Date: Wed, 19 Oct 2022 06:48:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a93e847-d046-46de-bbdc-764ba175f07b.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a93e847-d046-46de-bbdc-764ba175f07b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b571387c948f6bdaa98e35bddec3f0
5142ae2e93decbc42bae5bfffd45e41c8283dc24
74b131b79c088a251e7006a8db2269befb6459b55592bf06e31947fe460e0464
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a93e847-d046-46de-bbdc-764ba175f07b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10835
x-amzn-requestid: 9ad78117-d4f5-4275-b92e-19083ce9a780
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aOFDpENQIAMFpGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f1bb0-177e54e73ec483f87c1d248a;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 21:33:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ipFC9XkKM_UOpDzfTrtbumihvYzGeaYQjBCrnSRVLREChUVZDrmAGA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 21:41:09 GMT
age: 32836
etag: "5142ae2e93decbc42bae5bfffd45e41c8283dc24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa93498e0-0d58-4395-9b74-9288b70d3169.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa93498e0-0d58-4395-9b74-9288b70d3169.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1afd9e3ed9813a01fc28ea84553b2675
76e1ca27983e04d48694ad21a126b0543d2e21cf
f46026e97bcafe56b19324c30ce283282f35ed448f19fef82197cd648b04b70f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa93498e0-0d58-4395-9b74-9288b70d3169.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7139
x-amzn-requestid: 7b6e9f7c-87cf-4f9b-9ee1-31374d4ecc01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aCQtHFWjoAMFmRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634a6186-7c0d1ffd0b4067d936c92d56;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 07:30:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Byd1eeYrleYGMFTjfC17cqhkR6Zzd0UVTLpZJFT9KVmcMjHAnIt7Rg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 21:43:15 GMT
age: 32710
etag: "76e1ca27983e04d48694ad21a126b0543d2e21cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee8c2210-894f-43bd-af5d-1606fbec4020.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee8c2210-894f-43bd-af5d-1606fbec4020.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3929b112db87050a189b6e9139728c3
75e5afd319715b86898706c29b37f19949489d78
8349323fa83f2044c64836719c46fe69c5a4025e42efa7e7abd0cf569d3f1059
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee8c2210-894f-43bd-af5d-1606fbec4020.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7818
x-amzn-requestid: dcf2c60a-0040-4ae9-a284-80cddacbc221
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZxvA5FzEIAMFQuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6343c538-04ce22bb4f96e73f5457a23d;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 07:09:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lpFWPbKLxqyBn3JiYLd6pgdgP8IffxGRUoHYndm9zQHukOVAPSt-iA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 19 Oct 2022 02:39:31 GMT
age: 14934
etag: "75e5afd319715b86898706c29b37f19949489d78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87514736-0d8f-4476-92ba-b15762c98332.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87514736-0d8f-4476-92ba-b15762c98332.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7cf86d59e28da601117810faf66d57c4
7ea3dc5cec73e3003430fd4ecfd0b5eb58a4d513
2dc2bfcbd1ae97396ee2f95c436d48b27b056a2922b9415329e34144a5950472
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87514736-0d8f-4476-92ba-b15762c98332.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: 8a14fadf-4f6f-4dca-9d39-75d89cbf9a4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z1CmlEKeIAMFUWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634517c3-6d1f242d2dd574235f570b87;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 07:14:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OMzWsYlVqsbTPBEeWtnrubbI_xJJQSvWz9GtsQ-Yna5AfDWpOn4OUQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 08:35:04 GMT
age: 80001
etag: "7ea3dc5cec73e3003430fd4ecfd0b5eb58a4d513"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4aa09fc-f62d-4799-a1c4-465488877462.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4aa09fc-f62d-4799-a1c4-465488877462.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39da57495ea698fe534e5d166081a28f
ce392e596465ef9bacb1ad517a7053b6d9cf34a8
417e0dc9684cf6244b1ef78fb58b18d8eed290b4da174030cd6567229c085b88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4aa09fc-f62d-4799-a1c4-465488877462.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13134
x-amzn-requestid: 69c84abf-826b-4505-b72b-068af95e12e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z09pjGkuIAMFa7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63450fd6-3966cd917655b77a0c593bbd;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 06:40:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wcUIIE0E0AFd-6hTqtH9xIEAVBV8rInhIp9FiBVh5ilFX2R0vWVJxw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 22:00:44 GMT
age: 31661
etag: "ce392e596465ef9bacb1ad517a7053b6d9cf34a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg
200 OK 35 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b683fafb36238c7da6be76247f60600b
e975f7a307a970ab45b03f861fd7d875ec66028d
b65fa7f3e7e0d999ebdfc1a4beb74e21221e4ceabd9e57ed0af6ab4560e12fdd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc809406-f843-4494-9a76-eab77bec4daa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 35276
x-amzn-requestid: 6e8a79ad-d0f3-4290-a1ed-ef9b1239f193
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aOFApGzbIAMFRGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f1b9d-65cf1b926ab122b1716a2983;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 21:33:17 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z25FLjYXE2AbAQpLftrPxmMMo3eioc8IODJO6Tj4BhCAeNBZ3kPHtQ==
via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 18 Oct 2022 21:41:57 GMT
age: 32788
etag: "e975f7a307a970ab45b03f861fd7d875ec66028d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stream-core.xyz/sw-224aef2506dda1722b6574aa40434287.js
304 Not Modified 0 B URL HTTP/1.1 stream-core.xyz/sw-224aef2506dda1722b6574aa40434287.js
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw-224aef2506dda1722b6574aa40434287.js HTTP/1.1
Host: stream-core.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 17 Feb 2022 13:24:13 GMT
If-None-Match: W/"620e4c7d-954"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Wed, 19 Oct 2022 06:48:26 GMT
Last-Modified: Thu, 17 Feb 2022 13:24:13 GMT
Connection: keep-alive
ETag: "620e4c7d-954"
Strict-Transport-Security: max-age=63072000
ghfyhjgj.inoferia.xyz/JTPSd1Fh?BKAT4CaZP
302 Found 0 B URL HTTP/2 ghfyhjgj.inoferia.xyz/JTPSd1Fh?BKAT4CaZP
IP
GET /JTPSd1Fh?BKAT4CaZP HTTP/1.1
Host: ghfyhjgj.inoferia.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 19 Oct 2022 06:48:24 GMT
content-type: text/html; charset=UTF-8
location: https://nxtpsh.top/?pl=TQtU6PWtNEOKah41ApsDeg
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=376l60j32d21a;Expires=Saturday, 19-Nov-2022 06:48:24 GMT;Max-Age=2678400;Path=/
0252d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEzOVwiOjE2NjYxNjIxMDN9LFwiY2FtcGFpZ25zXCI6e1wiMjBcIjoxNjY2MTYyMTAzfSxcInRpbWVcIjoxNjY2MTYyMTAzfSJ9.7diOHKFDaorswTHYbtShzSV36FxkuXsXvdqXn81gsPA;Expires=Wednesday, 07-Aug-2075 13:36:48 GMT;Max-Age=1666248504;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzPC3rFvgyCJoNsdDAch8813jyjAjbxx66kIvXd8DfoxvBlomCUvQGeIwm5UOxmgz9WKNUB0TkVZKO%2FwItuXTy8eK%2BYMUqwIs6QVElbs4lgtUxHcholoUvWlvf0QbjxC5Jdn8A08Za8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75c7915d6c40b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
95.161.131.182
54.191.251.76
46.148.125.182
23.36.76.226
116.202.184.109
104.21.81.102
93.184.220.29