var-trk.ju5p.in/ga/click/2-2406263-3739-673-1275-1944-3d73d613ad-01a1727e45
104.21.38.36301 Moved Permanently 0 B URL User Request GET HTTP/1.1 var-trk.ju5p.in/ga/click/2-2406263-3739-673-1275-1944-3d73d613ad-01a1727e45
IP 104.21.38.36:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Spam
GET /ga/click/2-2406263-3739-673-1275-1944-3d73d613ad-01a1727e45 HTTP/1.1
Host: var-trk.ju5p.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Mon, 17 Apr 2023 10:28:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 17 Apr 2023 11:28:52 GMT
Location: https://var-trk.ju5p.in/ga/click/2-2406263-3739-673-1275-1944-3d73d613ad-01a1727e45
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zFhF%2FpuW9I2gOv4OhGpFnjTFBfGwNjFQgUG%2BfJLo2N%2F53i48GMrPYh0qr1GCMAxoEP742M%2FaX5W0%2FX4XPWH2MiGiHP%2FpKQrdLK27YkFUwIVJdLPDmHB1eDWRLJibRqSG04Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b93fbd5b9591c0e-OSL
alt-svc: h2=":443"; ma=60
cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
104.18.18.183200 OK 872 B URL GET HTTP/2 cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
IP 104.18.18.183:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.by.wonderpush.com
FingerprintD2:AE:4F:4F:87:83:7F:70:F4:9C:33:8F:DC:24:22:81:76:B9:35:E8
ValidityTue, 11 Apr 2023 07:31:57 GMT - Wed, 05 Jul 2023 10:04:04 GMT
File type ASCII text, with very long lines (1790), with no line terminators
Hash ba8ce5899b9b480d7b747d6db614388c
6825f02819da97e4d3f03a1fbde0e7d38ebe8cc7
db7c368d3cbb82f3f3107806098e71ad9ad94e273d66c5f713f760a574433c87
GET /sdk/1.1/wonderpush-loader.min.js HTTP/1.1
Host: cdn.by.wonderpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 17 Apr 2023 10:28:54 GMT
content-type: application/javascript
content-length: 872
last-modified: Tue, 11 Apr 2023 16:49:11 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET
access-control-max-age: 86400
etag: "ba8ce5899b9b480d7b747d6db614388ced6e"
x-cache: Miss from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MXZWP6FPZ6KZenu_EnzN-Sp3Ru05kJKrNoO1XwdeZJFA44yI4Sp7hQ==
cf-cache-status: HIT
age: 506
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b93fbe35db6b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 7d946ecd85a4e6cb0baef36c5f5f4828
52b475dbe3db533416db4c872d570da32071b20d
d7d0c1b6ac1561730aa74001ce93c6a4a89326698ee5a005845468bf06c465d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Apr 2023 10:28:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/css/style2.css
199.241.143.10200 OK 16 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/css/style2.css
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
Hash f33c4012b7f7466fd81c25ab5ae5cf7c
05ee04c5f3dcc1e11e3bf8a315069a3f3b909e40
65e4bd696e2876c9ed550ee9e63bb3963036639df19536c72f384f2be323599a
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/css/style2.css HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "3d36-5f94b2fd52734"
Accept-Ranges: bytes
Content-Length: 15670
Content-Type: text/css
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/js/slide.js
199.241.143.10200 OK 41 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/js/slide.js
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
Hash 3ed69ab759d80bba8b1fe894aaf3aa5d
98924fd028940b4eed427162da74971bdf7677ee
daa96e69288b3934669dc8fbc3667291d7f4509eabac5e8c16a9b6c0570d5eb2
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/js/slide.js HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "9fc0-5f94b2fd532ec"
Accept-Ranges: bytes
Content-Length: 40896
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
172.217.21.170200 OK 31 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 172.217.21.170:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:74:DC:A1:79:64:AB:97:A4:EA:AB:80:90:A6:E2:B9:D4:16:79:64
ValidityTue, 28 Mar 2023 16:54:33 GMT - Tue, 20 Jun 2023 16:54:32 GMT
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 16 Apr 2023 23:13:48 GMT
expires: Mon, 15 Apr 2024 23:13:48 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 7d946ecd85a4e6cb0baef36c5f5f4828
52b475dbe3db533416db4c872d570da32071b20d
d7d0c1b6ac1561730aa74001ce93c6a4a89326698ee5a005845468bf06c465d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Apr 2023 10:28:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/cross.gif
199.241.143.10200 OK 211 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/cross.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 29 x 29\012- data
Hash 45b0c8a1e52d91e8cf84eaf75ebca9a9
0e358b8571f9062dedfacd0c31d54179270153cd
4e635bdab7a300d0ccb5aac26b4610a07ee1b33643578c1a4308e677d7eb595d
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/cross.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "d3-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 211
Content-Type: image/gif
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ring.gif
199.241.143.10200 OK 6.1 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ring.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 134 x 138\012- data
Hash 79df5a98f5151d5b565d6adbea71d3ef
9223b7bdfc9e87f240d53b420b4230b4565bf33c
9afb6d3873996ae7390d6ec92ed22496b67c2b873129b9f966d7237d0d9c4e71
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ring.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "17f0-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 6128
Content-Type: image/gif
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray1.png
199.241.143.10200 OK 364 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray1.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray1.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "16c-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 364
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ftr_img.png
199.241.143.10200 OK 13 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ftr_img.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 119 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash acb7c094e9515b22817d9ff5f4c88007
d1cc54c444e49f78730e1c11091b967bce69aa5d
e9ccb88291fc78135d4b98c6e09737ea9a5fd5f5bb7c382417e8e7c4512bc3aa
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ftr_img.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "32b7-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 12983
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/beep.mp3
199.241.143.10206 Partial Content 22 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/beep.mp3
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo\012- data
Hash 26dce6d55a5936f8999728719343f516
12fcea597e26b7bc97b40dd2946670727d3853e0
25c5e922a8b8ee52ac7bfcf5600f429e12aa04c53142d34e52cbf8753b4e0e57
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/beep.mp3 HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "55b6-5f94b2fd52734"
Accept-Ranges: bytes
Content-Length: 21942
Content-Range: bytes 0-21941/21942
Content-Type: audio/mpeg
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray1.gif
199.241.143.10200 OK 69 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray1.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 16 x 16\012- data
Hash 3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray1.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "45-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 69
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/logo2.png
199.241.143.10200 OK 24 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/logo2.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 443 x 142, 8-bit/color RGBA, non-interlaced\012- data
Hash e189b77e2ab9d70bbcde47b4e8d709af
c148dc7613026205c2e730b94881f2dfa2b3528b
e50d16ae48cd9e0c43e9f3ca4d61232cc5dda34aa3f766dc1df8ac76e2790efa
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/logo2.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "5f4d-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 24397
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray2.gif
199.241.143.10200 OK 377 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray2.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 16 x 16\012- data
Hash c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray2.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "179-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 377
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/win_min.png
199.241.143.10200 OK 128 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/win_min.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/win_min.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "80-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/win_cls.png
199.241.143.10200 OK 293 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/win_cls.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/win_cls.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "125-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 293
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray2.png
199.241.143.10200 OK 349 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray2.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Hash 7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_gray2.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "15d-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 349
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/bg.jpg
199.241.143.10200 OK 72 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/bg.jpg
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Converted from WebP to JPG using ezgif.com", baseline, precision 8, 1920x640, components 3\012- data
Hash 6af15a68906950ac94d1164ff2bbedae
6fbafd54bdf02e065ca6f803a195b560bc6af520
c41c9e19ad48e96024d0f47108f02d511a846edfe21c5b4514e68b90d4cea413
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/bg.jpg HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "118a0-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 71840
Content-Type: image/jpeg
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/pc_green.gif
199.241.143.10200 OK 723 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/pc_green.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 120 x 97\012- data
Hash ea44081971aed96fbfa38fa187b6df4a
a3ec8cd4c76f517584faef83f96e32683265bdb1
e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/pc_green.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "2d3-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 723
Content-Type: image/gif
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/corner.gif
199.241.143.10200 OK 102 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/corner.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 24 x 9\012- data
Hash ef14d57c065fdbd3c66d017a729ca91f
2e7b72d674361a9c2b41767ccfbed2486e6695dd
6fcbfcda8a36536a0f9b0bc8c4a6ca451d9bafd4a879d56697e48e209691ba36
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/corner.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "66-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 102
Content-Type: image/gif
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_bl2.gif
199.241.143.10200 OK 1.5 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_bl2.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 65 x 80\012- data
Hash af52e51f42fd0c55bc3cf2c8ece71492
016f83da68ff461a5c6aebcc2a45668317b2f24c
e91f304cf7409723968740e6363dda01b50acb8e94b5ca05b4a4617666ff095c
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_bl2.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "60b-5f94b2fd52b1c"
Accept-Ranges: bytes
Content-Length: 1547
Content-Type: image/gif
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray3.gif
199.241.143.10200 OK 234 B URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray3.gif
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type GIF image data, version 89a, 16 x 16\012- data
Hash 9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_tray3.gif HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "ea-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 234
Content-Type: image/gif
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_header.png
199.241.143.10200 OK 59 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_header.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data
Hash 15cac20be8d4fdd074e21a4a52604d2f
fd4c43583bec2c7bfae3cb9feb2699abbc50c578
d4ad291dfcf93d75db62260b5ba53ddda1f2a9c855a3019cf7ae52c3cd936739
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/ico_header.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "e6c6-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 59078
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/logo.png
199.241.143.10200 OK 24 kB URL GET HTTP/1.1 topnewofferssoon.com/eml/DE-Avira-Antvirus-AVI-Mar23/img/logo.png
IP 199.241.143.10:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerLet's Encrypt
Subjecttopnewofferssoon.com
Fingerprint66:3A:8E:59:6F:F8:F1:0C:A0:29:86:E1:63:88:54:F3:EE:FA:9A:FE
ValidityFri, 14 Apr 2023 11:20:33 GMT - Thu, 13 Jul 2023 11:20:32 GMT
File type PNG image data, 443 x 142, 8-bit/color RGBA, non-interlaced\012- data
Hash e189b77e2ab9d70bbcde47b4e8d709af
c148dc7613026205c2e730b94881f2dfa2b3528b
e50d16ae48cd9e0c43e9f3ca4d61232cc5dda34aa3f766dc1df8ac76e2790efa
Analyzer Verdict Alert quad9 Sinkholed
GET /eml/DE-Avira-Antvirus-AVI-Mar23/img/logo.png HTTP/1.1
Host: topnewofferssoon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 17 Apr 2023 10:28:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Fri, 14 Apr 2023 12:43:23 GMT
ETag: "5f4d-5f94b2fd52f04"
Accept-Ranges: bytes
Content-Length: 24397
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
cdn.by.wonderpush.com/sdk/1.1.33.29/wonderpush.min.js
104.18.18.183200 OK 119 kB URL GET HTTP/3 cdn.by.wonderpush.com/sdk/1.1.33.29/wonderpush.min.js
IP 104.18.18.183:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.by.wonderpush.com
FingerprintD2:AE:4F:4F:87:83:7F:70:F4:9C:33:8F:DC:24:22:81:76:B9:35:E8
ValidityTue, 11 Apr 2023 07:31:57 GMT - Wed, 05 Jul 2023 10:04:04 GMT
File type Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
Size 119 kB (118705 bytes)
Hash 284a29da9f60b3900926bdb104b93ea9
d827305e4ac0c24ae6c02c7215fb968a07a3dcab
300cc85f4a35f0048ac2e42985c114a16706dcf9fcfdecb66a920d2b4e120f8d
GET /sdk/1.1.33.29/wonderpush.min.js HTTP/1.1
Host: cdn.by.wonderpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.by.wonderpush.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:58 GMT
content-type: application/javascript
content-length: 118705
last-modified: Tue, 11 Apr 2023 16:49:06 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET
access-control-max-age: 86400
etag: "284a29da9f60b3900926bdb104b93ea9ed6e"
x-cache: Miss from cloudfront
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: j3WtrUkKsmkUzsxt09nADpZWWTdxeoEjyDvxwIGzwroteYCgsVhmNg==
cf-cache-status: HIT
age: 495576
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b93fbfbbd8cb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tangy.deltablues.de/favicon.ico
172.67.139.241200 OK 2.4 kB URL GET HTTP/3 tangy.deltablues.de/favicon.ico
IP 172.67.139.241:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.deltablues.de
FingerprintD5:9C:28:14:5F:FD:7E:43:AF:C3:2E:0C:62:FE:F2:3C:CC:71:AE:D5
ValidityFri, 24 Mar 2023 22:42:21 GMT - Thu, 22 Jun 2023 22:42:20 GMT
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash c2c13e17141cb7759a4e16b9f41bf6d1
8a63b0fef09fbd65e5e8a9887fd4c46828d15b11
17b14e1594e95aa7f947e224ebe887fdf5d7d19a49af96dcd706698bf7ab7a17
GET /favicon.ico HTTP/1.1
Host: tangy.deltablues.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:57 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 08 Feb 2023 11:58:04 GMT
etag: W/"985-5f42efa072b00"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3EhKdmyVtaB%2FUsTPJkid%2FhcizZR%2FBvhwdVpbPDdnqMogED5QZMrWfIotiWA51ipLfRKtgnbn7Djhk7%2FCMVRslDHLdNoUTwJ%2BX6XkaCSUsvMFTXb3N1onsR%2B8kTTTljcj2Ue8g4wf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b93fbf12e961c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
104.18.18.183200 OK 1.1 kB URL GET HTTP/3 cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
IP 104.18.18.183:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.by.wonderpush.com
FingerprintD2:AE:4F:4F:87:83:7F:70:F4:9C:33:8F:DC:24:22:81:76:B9:35:E8
ValidityTue, 11 Apr 2023 07:31:57 GMT - Wed, 05 Jul 2023 10:04:04 GMT
File type ASCII text, with very long lines (1347)
Hash eade35070a4a96bcbeb77c55c1856e96
851b26e7f4ccee60b15d540247f0b3b5506d1012
6e6d48d9811242e67473f8c26b3741179e03ab52bd1f9c68ac31180fc32f14ac
GET /plugins/geojs/1.0.2/geojs.js HTTP/1.1
Host: cdn.by.wonderpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.by.wonderpush.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:59 GMT
content-type: application/javascript
content-length: 1055
last-modified: Mon, 22 Jun 2020 15:30:23 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=2592000
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET
access-control-max-age: 86400
etag: "eade35070a4a96bcbeb77c55c1856e96ed6e"
x-cache: Miss from cloudfront
via: 1.1 0edd9f6bc061f9d64e77285b1cac290c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: _IZ6eI8gLeg9bqKrPtiqS8kjzS97kotd6mH4JksjCw1Dm1BTiXt1Xg==
cf-cache-status: HIT
age: 3673886
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b93fbfcef2fb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/s/gts1d4/slHzK8AzbDI
142.250.74.131 472 B URL ocsp.pki.goog/s/gts1d4/slHzK8AzbDI
IP 142.250.74.131:0
Hash b4e740133249dc8afee68ee03461375a
bd7b1951a8dc5c261a61c1abf68d013f6dd3ff03
408ae48a896c4c162ff4bddf84a643183fd3e395b6ca803aea1ff7de74fd751c
POST /s/gts1d4/slHzK8AzbDI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Apr 2023 10:28:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
measurements-api.wonderpush.com/v1/events
216.239.36.21202 Accepted 94 B URL POST HTTP/2 measurements-api.wonderpush.com/v1/events
IP 216.239.36.21:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subjectmeasurements-api.wonderpush.com
Fingerprint16:AB:B3:96:EB:12:68:63:70:38:24:FC:D8:D8:91:7D:28:EB:4A:63
ValiditySat, 08 Apr 2023 20:40:50 GMT - Fri, 07 Jul 2023 21:29:41 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash b5ea2a4704c060411d43aea1f36a1b33
0b605e6720c8d243233270e1650edebdf2ea62f7
92ebdb0a333062446a206476a308487813a499c84a6753a16b869bffc27f6874
POST /v1/events HTTP/1.1
Host: measurements-api.wonderpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 663
Origin: https://tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 202 Accepted
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://tangy.deltablues.de
x-cloud-trace-context: 5ec00d10e3598343e664e6a78db059f5
date: Mon, 17 Apr 2023 10:28:59 GMT
server: Google Frontend
content-length: 94
X-Firefox-Spdy: h2
tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
172.67.139.241200 OK 18 kB URL User Request GET HTTP/2 tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
IP 172.67.139.241:443
Certificate IssuerGoogle Trust Services LLC
Subject*.deltablues.de
FingerprintD5:9C:28:14:5F:FD:7E:43:AF:C3:2E:0C:62:FE:F2:3C:CC:71:AE:D5
ValidityFri, 24 Mar 2023 22:42:21 GMT - Thu, 22 Jun 2023 22:42:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4= HTTP/1.1
Host: tangy.deltablues.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 17 Apr 2023 10:28:54 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbDej8I754RQRoNcf5OKHCy33M9M9Rb0kVzwNZ5dXN4OkU4NTikOIzB%2BUwuxAb%2F32WfPh%2FsNdzHiEZyKR%2Fv9o0aP0Cf%2B7YKVi%2FxyTHK2%2FlCJEEtko0kUeWFRk3PzPp6sRBLcF%2FQn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b93fbd96aaeb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
get.geojs.io/v1/ip/geo.json
104.26.1.100200 OK 300 B URL GET HTTP/2 get.geojs.io/v1/ip/geo.json
IP 104.26.1.100:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEB:CA:6A:D8:FF:32:A1:B5:BE:F9:8E:E2:0F:EE:72:9C:7C:EF:7E:C3
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (350), with no line terminators
Hash 4f2b48959f03327c9020c1b2c064e1a7
c3b198cc40957c195cdae12ac53fd7c21736596c
b3aa2ed8a913297b32f534672d7b2c63aa89907edde5dd5a3a2424a5be13eead
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 17 Apr 2023 10:28:59 GMT
content-type: application/json
x-request-id: b440d76bcd8e0eebee74aa5971b13147-AMS
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
x-geojs-location: AMS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzM4pZU8ke27gYSBdIHvlr3X61%2FJS4EsrUHZgonz656KErvq9fmR5OE6i2yao1fnRvVQaoVCQffxphR7nbwcMt2LPPHxEmaSMmKhbHdDox0Z%2F056DsDBDsVG0yelVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7b93fbfd598bb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.by.wonderpush.com/config/webkeys/41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0?_=1681727450686
104.18.18.183200 OK 2.0 kB URL GET HTTP/3 cdn.by.wonderpush.com/config/webkeys/41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0?_=1681727450686
IP 104.18.18.183:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.by.wonderpush.com
FingerprintD2:AE:4F:4F:87:83:7F:70:F4:9C:33:8F:DC:24:22:81:76:B9:35:E8
ValidityTue, 11 Apr 2023 07:31:57 GMT - Wed, 05 Jul 2023 10:04:04 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2348), with no line terminators
Hash 6d07cff7145f21920d0d4b9f55bdb18f
429be33b0e55d73c5cbf32bab476280a7dee9fd0
5f97dedec1c3f1162e43e179c8399329a0de8bcad8fd31b186d97b19f78d8d1f
GET /config/webkeys/41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0?_=1681727450686 HTTP/1.1
Host: cdn.by.wonderpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:58 GMT
content-type: application/json
content-length: 810
last-modified: Thu, 13 Apr 2023 11:12:40 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET
access-control-max-age: 86400
etag: "97056899d03c7f7902260c5d0ca87629ed6e"
x-cache: Miss from cloudfront
via: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: qMz8RpPyGobR6xZBicsr_vmBVSFfdIRsSfy_JqYsG0kJNkUXE3bI_Q==
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b93fbfc8ebcb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tangy.deltablues.de/lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv
172.67.139.241200 OK 0 B URL GET HTTP/3 tangy.deltablues.de/lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv
IP 172.67.139.241:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.deltablues.de
FingerprintD5:9C:28:14:5F:FD:7E:43:AF:C3:2E:0C:62:FE:F2:3C:CC:71:AE:D5
ValidityFri, 24 Mar 2023 22:42:21 GMT - Thu, 22 Jun 2023 22:42:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv HTTP/1.1
Host: tangy.deltablues.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:56 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B3SCBjVeuPrF2ZmJo5aPCSsP%2Fr%2Fqj5G%2BFoeXwmMNctp6ncstxDQrPoQquQT0fwnqDtyZD6x0M9rRgzgvDssjuZPnOMmgP0LY3tZ7FQhZBQc6Ef1JiXlU2xgn4CuuyVBYNr4yAgcz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b93fbea3ed41c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tangy.deltablues.de/lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv
172.67.139.241200 OK 0 B URL GET HTTP/3 tangy.deltablues.de/lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv
IP 172.67.139.241:443
Requested by https://tangy.deltablues.de/tVMl_NH?kE5_3V=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286%40scb.co.th&s3=&s4=
Certificate IssuerGoogle Trust Services LLC
Subject*.deltablues.de
FingerprintD5:9C:28:14:5F:FD:7E:43:AF:C3:2E:0C:62:FE:F2:3C:CC:71:AE:D5
ValidityFri, 24 Mar 2023 22:42:21 GMT - Thu, 22 Jun 2023 22:42:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lander_lp?lp=ZIBwk2phpZVmlYamkmh2fmCDdZBuh5yeopabXHy0j2ljaGViYpuU/s43286@scb.co.th&p=rm-xyJ1Uc1VkY29tgaibnVVqVYFygWVUrpyUVYdjkGxUZVWYnLFjmVtobWaUZLN3lWtkcJViZIB1kFuv HTTP/1.1
Host: tangy.deltablues.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tangy.deltablues.de
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 17 Apr 2023 10:28:55 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtYRTfrG91IGoNElHLHLwo2n46UFaiTOhi3EhxVbdWfrd4RctdesMEZTS5R1EmOIneDzqeFw0ztJgfha9PfF2CsMWafdGjXWUIIT2dVhVhm0f%2B9tv8mJlQ1cNBRBx3VF62%2FK5jRp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b93fbe2dfe51c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400