| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2f796f6340ac7eef4fa2891ac8f8aa1a 27bbc7bb6314b31dcab89f198bc258b040593aa7 778d02decabf7dff03bf5ec4c4eb0f03ac789e89bcfe58353c266c9d66c08834
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "778D02DECABF7DFF03BF5EC4C4EB0F03AC789E89BCFE58353C266C9D66C08834"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2872
Expires: Tue, 23 Jul 2024 08:25:56 GMT
Date: Tue, 23 Jul 2024 07:38:04 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashf58a4b489ef65eff7896802c87e363e7 e7287b89b56c66407955bf95bd03133d2e5945d1 fb270cf16706247adde7efd430fe667555cb37ee35eae763593424a17c624bcd
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FB270CF16706247ADDE7EFD430FE667555CB37EE35EAE763593424A17C624BCD"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12976
Expires: Tue, 23 Jul 2024 11:14:20 GMT
Date: Tue, 23 Jul 2024 07:38:04 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash85a291090b5db764a5b5f1487dcb958f 9dadf7a0a7d6be86e491a10bbbc72c84f798cab9 60c84bb6c568871d3febe1e58c6aedf398fa06f5f7afc3e6087200be0a25ad3f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "60C84BB6C568871D3FEBE1E58C6AEDF398FA06F5F7AFC3E6087200BE0A25AD3F"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2567
Expires: Tue, 23 Jul 2024 08:20:52 GMT
Date: Tue, 23 Jul 2024 07:38:05 GMT
Connection: keep-alive
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/ | 78.47.114.255 | | 1.2 kB |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/ IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typeHTML document, ASCII text, with CRLF line terminators Hash2ccf871844c742a75211145e3ebfe8a8 0d32194a994d5ee5a57d8882d8c5ba0a166a33b6 37bfd26b193beb48ecda81d56b5f94faa4e18b7aeb866e97fb7eb8206b8575fa
GET /blocker/Blocker5_2/ HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash41b470cfcb4d809b7689783076e07c76 919b05dba2523cc4b8e9a6e873fe777fd753ee1b 951ae19e1eb066355bf55ff2163f6d14b689088fa3dd443fb01d889bb28fe095
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "951AE19E1EB066355BF55FF2163F6D14B689088FA3DD443FB01D889BB28FE095"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6347
Expires: Tue, 23 Jul 2024 09:23:52 GMT
Date: Tue, 23 Jul 2024 07:38:05 GMT
Connection: keep-alive
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/css/style.css | 78.47.114.255 | | 1.1 kB |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/css/style.css IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typeASCII text, with CRLF line terminators Hashbeef0c0ce13f25f65a84019bebe6378b 2f95dd2d3ba5e1c848487a4e28199d3ad32037df 1f3ad9786b942cf941cdbdb71e8fedaef63dbef237ce767e61229c838b46cb14
GET /blocker/Blocker5_2/css/style.css HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Nov 2023 20:08:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6542b05a-1077"
Content-Encoding: gzip
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/scripts/bbms.js | 78.47.114.255 | | 170 B |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/scripts/bbms.js IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
Hash7d28b6cbe87e8f21c3f3b924ad2fce84 a0fcb29b5007430efcedea382a71414b19a5700c 1fe518c0a3dc387ca3984382c6ed29c0c2c1018b40547523a619666040b3e760
GET /blocker/Blocker5_2/scripts/bbms.js HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 Nov 2023 15:08:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65426a0a-ed"
Content-Encoding: gzip
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashb714f7555261dae938703c6c875d7a69 d78e8e797a223230dc73e953e24d0ecea1d73a43 8c5737de70ae9e51eaf041c6b7d47966d13d040723de8d5a2d0bcc0a9c51a0b1
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 23 Jul 2024 07:38:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/js/main.js | 78.47.114.255 | | 405 B |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/js/main.js IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ASCII text, with CRLF line terminators Hashc3ed5ac7dda566870186c4c8e6cf0dcd 116f6823fde2478b194b03cc9c160e8c1a175d45 ee975a46a04968de8e8cc99c8a7784e05be0d2347245f6cefe4bd9072d319e7d
GET /blocker/Blocker5_2/js/main.js HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 Nov 2023 15:08:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65426a0a-346"
Content-Encoding: gzip
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/close_icon.png | 78.47.114.255 | | 248 B |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/close_icon.png IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hasheaf98c5e61ff92dcfd5568474e1f8d09 bb5a1dae13cf4c1de3111642d9132a89c453727a dc02cbd81ea7799f019a1687f57a2e0b2941a5c1d28bcd8b3aa2f89fb77e07a8
GET /blocker/Blocker5_2/images/close_icon.png HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: image/png
Content-Length: 248
Last-Modified: Wed, 01 Nov 2023 20:08:58 GMT
Connection: keep-alive
ETag: "6542b05a-f8"
Accept-Ranges: bytes
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/warning_icon.png | 78.47.114.255 | | 1.5 kB |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/warning_icon.png IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typePNG image data, 107 x 94, 8-bit/color RGBA, non-interlaced Hash3b9478bb5dc9a8fb3c5b80df7bcb8200 e553d00e0d91f52ae972549227f94a87c6b60947 2f09f151cb4af02177af559872b142d1898830598fe5866012189c2c616b06dd
GET /blocker/Blocker5_2/images/warning_icon.png HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: image/png
Content-Length: 1457
Last-Modified: Wed, 01 Nov 2023 20:08:58 GMT
Connection: keep-alive
ETag: "6542b05a-5b1"
Accept-Ranges: bytes
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/js/jquery.min.js | 78.47.114.255 | | 32 kB |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/js/jquery.min.js IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ASCII text, with very long lines (32065), with CRLF line terminators Hash4a49f85f5a02fa6fe11126720da50874 22d7cc863dff0e664cee95c7b42b2f2066114788 9efc83acac2e60262a78810abf089aed8e5a2832d64b0977ab0e2922fd01021f
GET /blocker/Blocker5_2/js/jquery.min.js HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 Nov 2023 15:08:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65426a0a-167ce"
Content-Encoding: gzip
|
|
| cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/android.png | 78.47.114.255 | | 29 kB |
URL cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/images/android.png IP78.47.114.255:0 ASN#24940 Hetzner Online GmbH
File typePNG image data, 144 x 148, 8-bit/color RGBA, non-interlaced Hashf75de32d9451cc905a7b3a6c34a72914 2044c1233cfbecbe1606349f3ad218186d540134 d94f23d6bd7b27a0e2923b621132bf2d30cc8ec9e59d36d542b59709579a2c1f
GET /blocker/Blocker5_2/images/android.png HTTP/1.1
Host: cqflra6sk0es73fjen1g.security-updater-now.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Jul 2024 07:38:05 GMT
Content-Type: image/png
Content-Length: 28700
Last-Modified: Wed, 01 Nov 2023 20:08:58 GMT
Connection: keep-alive
ETag: "6542b05a-701c"
Accept-Ranges: bytes
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashb714f7555261dae938703c6c875d7a69 d78e8e797a223230dc73e953e24d0ecea1d73a43 8c5737de70ae9e51eaf041c6b7d47966d13d040723de8d5a2d0bcc0a9c51a0b1
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 23 Jul 2024 07:38:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashe6c314eb686bed253260c40e91dc5c35 da964f06c2a99fb18fd4a260fcf87ce56083b0a8 0832780ac32df8102962d71dc203d6fb5024b19786f1bb679d5039f469f1bd85
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 23 Jul 2024 07:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashe6c314eb686bed253260c40e91dc5c35 da964f06c2a99fb18fd4a260fcf87ce56083b0a8 0832780ac32df8102962d71dc203d6fb5024b19786f1bb679d5039f469f1bd85
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 23 Jul 2024 07:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:443
Requested byhttps://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/ CertificateIssuerGoogle Trust Services Subject*.gstatic.com FingerprintEE:FE:75:C9:E5:09:76:EB:38:E8:5F:5F:31:DF:88:D1:BF:9A:93:09 ValidityMon, 24 Jun 2024 07:40:48 GMT - Mon, 16 Sep 2024 07:40:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15920, version 1.0 Hash3a44e06eb954b96aa043227f3534189d 23cef6993ddb2b2979e8e7647fc3763694e2ba7d b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cqflra6sk0es73fjen1g.security-updater-now.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Jul 2024 15:53:27 GMT
expires: Thu, 17 Jul 2025 15:53:27 GMT
cache-control: public, max-age=31536000
age: 488679
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://cqflra6sk0es73fjen1g.security-updater-now.com/blocker/Blocker5_2/ CertificateIssuerGoogle Trust Services Subject*.gstatic.com FingerprintEE:FE:75:C9:E5:09:76:EB:38:E8:5F:5F:31:DF:88:D1:BF:9A:93:09 ValidityMon, 24 Jun 2024 07:40:48 GMT - Mon, 16 Sep 2024 07:40:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cqflra6sk0es73fjen1g.security-updater-now.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Jul 2024 12:40:58 GMT
expires: Fri, 18 Jul 2025 12:40:58 GMT
cache-control: public, max-age=31536000
age: 413828
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | | 16 kB |
URL fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:0
CertificateIssuerGoogle Trust Services Subject*.gstatic.com FingerprintEE:FE:75:C9:E5:09:76:EB:38:E8:5F:5F:31:DF:88:D1:BF:9A:93:09 ValidityMon, 24 Jun 2024 07:40:48 GMT - Mon, 16 Sep 2024 07:40:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cqflra6sk0es73fjen1g.security-updater-now.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Jul 2024 09:25:36 GMT
expires: Tue, 22 Jul 2025 09:25:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 79950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| e6.o.lencr.org/ | 23.36.76.226 | | 344 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaeb98077b7aacef726188546efd204d1 022c05b2f940ab3ebfc03d9e34c76cf7f61dd4c1 7527deb430082ba01c03c4f36d2a03f16962a9c176bf40ffc4227ba6f5921c6f
POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7527DEB430082BA01C03C4F36D2A03F16962A9C176BF40FFC4227BA6F5921C6F"
Last-Modified: Sat, 20 Jul 2024 19:25:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9508
Expires: Tue, 23 Jul 2024 10:16:34 GMT
Date: Tue, 23 Jul 2024 07:38:06 GMT
Connection: keep-alive
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashe6c314eb686bed253260c40e91dc5c35 da964f06c2a99fb18fd4a260fcf87ce56083b0a8 0832780ac32df8102962d71dc203d6fb5024b19786f1bb679d5039f469f1bd85
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 23 Jul 2024 07:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| notix.io/ent/current/enot.min.js | 139.45.197.227 | | 44 kB |
URL notix.io/ent/current/enot.min.js IP139.45.197.227:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash94a898ff7c266c133a2810813f940b33 026511c42b4031496b1882e4f52082ca779912cd cae4151607c3af930ead3889755b7b63fc587e48042d7ab60a430d0cb62d7efc
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 23 Jul 2024 07:38:06 GMT
content-type: application/javascript
last-modified: Wed, 13 Mar 2024 11:17:39 GMT
etag: W/"65f18b53-2380d"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| notix.io/settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.16.4 | 139.45.197.227 | | 318 B |
URL notix.io/settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.16.4 IP139.45.197.227:0
Hash82b0c0f76512e60ea030da09ee18febf 2c4b11e5713c2f7e6a3da2ef87a1c0c78c3da195 a8ca49249ca90a131bba14405671cb243da2849145a3d8074b0b5c232c2b57d1
GET /settings?appId=1005f183164df77b0d72a2d487bc69b&ver=0.16.4 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/
Origin: https://cqflra6sk0es73fjen1g.security-updater-now.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 23 Jul 2024 07:38:06 GMT
content-type: application/json; charset=utf-8
content-length: 318
access-control-allow-origin: https://cqflra6sk0es73fjen1g.security-updater-now.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashabdbb83f974102baaaa6f77ee331d442 053c22e9dce284413f8a2d4433748edbdd91b77b 23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C"
Last-Modified: Sat, 20 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7609
Expires: Tue, 23 Jul 2024 09:44:56 GMT
Date: Tue, 23 Jul 2024 07:38:07 GMT
Connection: keep-alive
|
|
| fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap | 142.250.74.106 | | 6.0 kB |
URL fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap IP142.250.74.106:0
File typegzip compressed data, max compression Hash1a47edf19c34543f839c28b04b1cb36d 7e6c1fd4772e896db12bef0200307e575b603ca2 0f7795e635788d1cf857b28252d9e0987b17970b01c67ca710159e74504208a4
GET /css2?family=Roboto:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cqflra6sk0es73fjen1g.security-updater-now.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 23 Jul 2024 07:38:05 GMT
date: Tue, 23 Jul 2024 07:38:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|