Report - upfiles.com/FRCo9

Report Overview

Submitted URL
upfiles.com/FRCo9
IP
104.26.4.165
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 19:55:54
Access
public
Website Title
(1) New Message!
Final URL
efhjd.com/FRCo9
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
upfiles.com	282220	2004-06-05	2015-10-29	2024-04-18	1.1 kB	43 kB	104.26.4.165
absentcleannewspapers.com	unknown	2024-01-25	2024-01-25	2024-03-26	438 B	17 kB	172.240.127.234
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-09	419 B	416 B	18.185.9.67
d31uxzurj3z4fa.cloudfront.net	unknown	unknown	No data	No data	667 B	874 B	143.204.42.53
forhavingartistic.info	unknown	2024-03-31	2024-05-09	2024-05-09	1.0 kB	1.4 kB	188.114.97.1
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	468 B	205 kB	142.250.74.35
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20	2024-05-10	436 B	788 B	216.58.207.194
dampedvisored.com	unknown	2024-04-16	2024-04-16	2024-04-17	397 B	1.2 kB	23.109.170.113
efhjd.com	unknown	2023-10-27	2023-10-31	2024-03-11	16 kB	627 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	853 B	333 kB	142.250.74.40
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-09	2.9 kB	331 kB	172.67.141.24
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-09	650 B	1.4 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	909 B	27 kB	142.250.74.106
live.demand.supply	31265	2014-06-22	2018-03-13	2024-05-09	2.5 kB	105 kB	104.17.38.115
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	3.7 kB	178 kB	216.58.207.227
yonatallcolum.info	unknown	unknown	No data	No data	950 B	1.8 kB	108.157.229.60
www.recaptcha.net	2060	2007-01-06	2012-07-11	2024-05-09	451 B	1.4 kB	142.250.74.131
pogothere.xyz	unknown	2022-08-22	2022-09-04	2024-05-09	824 B	104 kB	188.114.97.1
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-09	406 B	87 kB	172.67.180.87
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	338 B	942 B	143.204.53.97
customarydesolate.com	unknown	2024-05-06	2024-05-07	2024-05-08	8.5 kB	44 kB	192.243.59.12
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-09	3.6 kB	11 kB	74.125.131.84
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-09	729 B	423 B	192.243.61.227
cdn.yourwebbars.com	62037	2020-08-21	2021-01-29	2024-05-09	471 B	2.2 kB	104.26.7.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	dampedvisored.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	customarydesolate.com	Sinkholed
2024-05-10	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	Size	First Seen	Last Seen
	securepubads.g.doubleclick.net/tag/js/gpt.js	13 kB	2023-04-05	2024-05-23
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46:03 Last Seen2024-05-23 07:00:13 Times Seen31968 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	efhjd.com/FRCo9	119 B	2023-03-08	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-22 10:51:17 Times Seen1146 Hash bbdd43a315309ebd811a1e555db11f7f 4f221fbceb33ca51ca52ebe80577f681bc8c17df 212dfa0151b22549ac14757d4e65f3909dd45c9cdb366d8bd00fd6b17b906a09 Loading...

	efhjd.com/FRCo9	2.9 kB	2023-03-12	2024-05-20
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 16:23:04 Last Seen2024-05-20 14:46:32 Times Seen1791 Hash b9dd502c04f179299a891e65a107e887 8e02ecbfb34c4371548dd0213076bcbf9a2b1523 fb6d9228943aa1956f95e9e330577772a47470e279ffbf84c2bc4e4ed4885c1a Loading...

	efhjd.com/FRCo9	191 B	2023-03-08	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-22 10:51:17 Times Seen1146 Hash da30bb47614694e4cc233b287d20eb05 33483604c226b92b61915d364fd6489029cafe57 c5db272b10d5a0729fecd702bbe86f8447f72e2a10049608007c8e2646c803f8 Loading...

	efhjd.com/sandbox%20eval%20code	147 B	2023-04-11	2024-05-23
Pretty URL efhjd.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-23 07:13:50 Times Seen353340 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	efhjd.com/FRCo9	284 kB	2024-05-10	2024-05-10
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 18:51:46 Last Seen2024-05-10 23:25:30 Times Seen5 Hash eb9b5030b2d2f2dea949cad9d47cde97 d12213edef3ac663460e713a7e4d8cf92c0e48e1 fab251f8f3b1207153ba268b10a80b4cd77676c6050c767217d82edf65308e30 Loading...

	efhjd.com/FRCo9	369 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:46 Last Seen2024-05-22 10:51:17 Times Seen41 Hash c8e0666542868b0a383fff775d20469d 0a0b01bead2d7087a125c44f668d491c6b8b78a1 6e14df89c6aae367b3458e1e9d5aea7465bc3de172a5ec982fcd7f82f10151f6 Loading...

	live.demand.supply/up.js	5.5 kB	2024-05-09	2024-05-10
Pretty URL live.demand.supply/up.js IP 104.17.38.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 18:45:46 Last Seen2024-05-10 21:56:02 Times Seen4 Hash 50a945b6104d6c06b320eb507ed24409 f54307b407b4167b2c57c002bf2651e263a8a01a c61788f28e4310f332bd06cf2d7c40c1b30c522164fced642368e9367afbad2d Loading...

	unknown	38 B	2023-04-11	2024-05-23
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-23 05:59:07 Times Seen32766 Hash caf13b633ab4249aeadda1952a9038ae 1eb64473acd8bff2d081a66f128c611d079f6cbe 30d90270fd3125eb763b9958a72bd513c90cd6207b97dd0ef40c06aa22111ac7 Loading...

	unknown	36 B	2023-04-11	2024-05-23
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-23 05:59:07 Times Seen2107 Hash c6417364696009e1ecada40d12c97a2f dd602b8bbd3a3656463ec3f6868c74f3a937859d 5a59e842a79e328e171f1da23754526329095be86fe355574fd7622f04ed3854 Loading...

	unknown	49 B	2023-04-11	2024-05-23
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-23 05:59:07 Times Seen2106 Hash efde3719ad2205f4e3b6504a9bf45646 83101bef8fc5445fd9dcf54dd04495fc490e939a d84287d2b4f27cb1c02d18a77c979f739a5107585cf81911fea18a14b204f9ba Loading...

	efhjd.com/sandbox%20eval%20code	136 B	2023-04-11	2024-05-23
Pretty URL efhjd.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-23 07:00:13 Times Seen32630 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	efhjd.com/FRCo9	92 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:46 Last Seen2024-05-22 10:51:17 Times Seen41 Hash 924b573984a2cf0a16b4dd9cb8a69654 2488d6723443ec0970fe0aafb6a1b6a9af9b9253 66d79d99e231d5b3a4f1cc425411ec91fb2650d974a59d45db4437ac5a0d68c8 Loading...

	dampedvisored.com/1clkn/34742	6 B	2023-03-07	2024-05-23
Pretty URL dampedvisored.com/1clkn/34742 IP 23.109.170.113 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:04 Last Seen2024-05-23 06:37:40 Times Seen15398 Hash 9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550 Loading...

	www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c	257 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:01 Last Seen2024-05-10 21:56:02 Times Seen2 Hash 92144bee6ea6e0d44e483342228cabff 809ffeeb319cba1b1df081d21b8d72459bd7e10e a0ef5cdae96ebe1372948eb0a86f1e50ac9abd19b8c0e37096a7bc18b1410566 Loading...

	www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit	921 B	2024-05-08	2024-05-16
Pretty URL www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:02:12 Last Seen2024-05-16 00:56:09 Times Seen62 Hash 0739bacc61dff1ef28b3f4633b3903dc 119b6f313c950e5f33800ad7f6c454091af8e248 99a35328f70daed10075b6fdcfd8a2c7876c3d53902c2d459a005a2f765c93ce Loading...

	efhjd.com/FRCo9	369 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:46 Last Seen2024-05-22 10:51:17 Times Seen41 Hash 1d10065d25b28372dcc5c80295d29252 be07b0098385887a12fb695e7b870864e28d018a b10a457e73a8a50c75bfde59b310af7319474ef792d1fc40beabfe04bb5a992c Loading...

	efhjd.com/FRCo9	92 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:47 Last Seen2024-05-22 10:51:17 Times Seen41 Hash cbb81176f4d0cd20eba1c3fa9c6403c4 27433274e8d88d5a81a7d4df8f84e9cc007de363 847a9f24fdee3dfc59910a1e3f9b2bae0f281cdef3e7ab90bea549a1101eacf5 Loading...

	efhjd.com/FRCo9	369 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:47 Last Seen2024-05-22 10:51:17 Times Seen41 Hash faeeec863f4ab81d212bca1f1da09011 ab83dded433e4fb6bb3376530bbd95fe1ddcbcd4 cbd6ee82c5ce472743bb7949e0c2444ad3235d2a303001676cb189042d5f2606 Loading...

	efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077	981 kB	2024-04-13	2024-05-22
Pretty URL efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 19:48:22 Last Seen2024-05-22 10:51:17 Times Seen128 Hash f7e07cec5812d52a9077a4baf1b4348b 669d6cfda9a2b056cebe7f5a31dfa50d7d73405e 24c59cb722ec2564f9f0ea38d57ebd2c6b66a88485aaa9035f3afd68376d4c87 Loading...

	unknown	9.7 kB	2024-05-02	2024-05-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 23:22:31 Last Seen2024-05-22 10:51:17 Times Seen54 Hash 242be01227f9a5383233c1dcd87557f2 e0ae4350c16053e1b82cc599a2eb6fd5351fd7f1 c2bf377c4f9c990973944b89f258fb6c6208e5505dc2844a57dd5e2d26bf406d Loading...

	efhjd.com/FRCo9	92 B	2024-05-09	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 18:45:47 Last Seen2024-05-22 10:51:17 Times Seen41 Hash b234fd713bcb1b4bc6165e3cc6a3099d e7a1082484ee684ca37adbe0533c4c8ca6db6702 3fa135794a9c09de8eef56310119b43b3eae8c90ed7b2e1f81c700a22d3b6a8f Loading...

	efhjd.com/FRCo9	1.0 kB	2024-05-10	2024-05-10
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 21:56:01 Last Seen2024-05-10 21:56:02 Times Seen2 Hash c8e951da17000931762ca09fbbd52048 d4c7f8fe8ebbd74a8037f11d475dbfc2361da9e0 da30e6096707f00546e0239988360561e39e6e8de6cd58e0ec0084042e934568 Loading...

	efhjd.com/FRCo9	155 B	2023-03-08	2024-05-22
Pretty URL efhjd.com/FRCo9 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:47 Last Seen2024-05-22 10:51:17 Times Seen1160 Hash a1e0d623f9e510e759498d67c8281999 65e9e9287fd8060ebb5b624463ff977040e3d154 c66a236b63a0191f0cc1cb5a3c1b675c0fb7bf7d5e56b8c5ed34d70b10059aa7 Loading...

	live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL0ZSQ285	156 B	2023-03-07	2024-05-23
Pretty URL live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL0ZSQ285 IP 104.17.38.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:02 Last Seen2024-05-23 05:59:07 Times Seen384 Hash ab3db78294876480edccd2b9ffe2259b 7690642b47fcef4e5be8e8c10d83633267eb02df fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0 Loading...

	www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js	514 kB	2024-05-08	2024-05-21
Pretty URL www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:24:03 Last Seen2024-05-21 18:55:57 Times Seen7138 Hash add520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4 Loading...

	absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js	44 kB	2024-05-10	2024-05-10
Pretty URL absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:02 Last Seen2024-05-10 21:56:02 Times Seen2 Hash e71ca1120115aca42cc27fd2912cf3ae 03308340d5a75dc25c3499af8a8579c23d02aeed 24c556dd682ae49cecda3b57b9ffde98f3befed1e88d5d1fe5a980306f328a55 Loading...

	live.demand.supply/impl.v17.32.0.js	91 kB	2024-04-26	2024-05-23
Pretty URL live.demand.supply/impl.v17.32.0.js IP 104.17.38.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 23:55:44 Last Seen2024-05-23 05:59:07 Times Seen255 Hash 3501fe52a8aeb0dc9b89aa1c12ea6e5a b6221b443437b86f096112d2ec77fab1975fd811 b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501 Loading...

	www.googletagmanager.com/gtag/js?id=UA-197252557-1	208 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-197252557-1 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:56:02 Last Seen2024-05-10 21:56:02 Times Seen2 Hash 0877eb5301987355918d9833a45d7310 2e68992e6ddbed47f183063c0cd85cf5bf4df42d c335be879d662338067074d07dfb9c0ecac08c47f22c7b024fd2e32d0a9a7cea Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-23
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-23 07:13:50 Times Seen352824 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	efhjd.com/js/ads.js	1.5 kB	2024-04-25	2024-05-22
Pretty URL efhjd.com/js/ads.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:40:06 Last Seen2024-05-22 10:51:18 Times Seen122 Hash 663675db8bdf037ef8a96ceec4c0eaac 00a32b1173b6c96bf349f6adb7f00e0c6a24faa4 54827120728e3e7d171b392b13b3f5fe2d2ec344d6bdd491c1d44eb2760eecbe Loading...

		Size	First Seen	Last Seen
	#1 Write - b4266e242eff23787e7b828376d99726	181 B	2023-03-12	2024-05-20
Pretty Observations First Seen2023-03-12 13:39:50 Last Seen2024-05-20 14:46:32 Times Seen2423 Hash b4266e242eff23787e7b828376d99726 2eabaa39d5f1dfa68dd681d3489db9798b74bd73 b5fdf3f7d7a1047cf080ba3ff3eb2d0a433c1c9e2a08960fe0ba078c21935d6c Loading...

HTTP Transactions (70)

URL IP Response Size

upfiles.com/

104.26.4.165

167 B

URL
upfiles.com/
IP
104.26.4.165:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET / HTTP/1.1
Host: upfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 10 May 2024 19:55:27 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 10 May 2024 20:55:27 GMT
Location: https://upfiles.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSAroZtRn5VJdCyzHpG02N1iy5eQbARWnkmd7QFf24OwN5up%2BJfvy0rXK%2BnpA6wUy%2FacLbvQsD1uawMl4G2i9WZ1RMjBjZ1gl9br7g7hN73wKSOX1SVpLmISMozH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881c7ca9d90c0afa-OSL
alt-svc: h2=":443"; ma=60

dampedvisored.com/1clkn/34742

23.109.170.113

200 OK

26 B

URL GET HTTP/1.1
dampedvisored.com/1clkn/34742
IP
23.109.170.113:443
ASN
#7979 SERVERS-COM

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectdampedvisored.com
Fingerprint49:EE:D2:FF:9B:98:5D:77:22:C4:3C:71:12:E6:8E:A0:00:64:2A:E5
ValidityTue, 16 Apr 2024 00:17:35 GMT - Mon, 15 Jul 2024 00:17:34 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
9082dc37e5e8046929da411544ad071a
41e0e3963ed94e59e8a2f115994c382712411537
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1clkn/34742 HTTP/1.1
Host: dampedvisored.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 19:55:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 11-May-2024 19:55:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 11-May-2024 19:55:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

efhjd.com/FRCo9?token=eyJpdiI6Im1RakFzMEtBR1pTVzJQL3dpRysxWUE9PSIsInZhbHVlIjoiNVJ3bUVrekhJS1lDa3NCV09XbXZMZz09IiwibWFjIjoiNGZlZTM4NjdmODdhYzZmZTA0OTU1NmY2MTIwNjgyOGM5YjQ0ODY5ZGM2ZWQ4YWRlNTllNTkyMDI3MTA1YzkxYSIsInRhZyI6IiJ9

188.114.96.1

302 Found

2.2 kB

URL User Request GET HTTP/2
efhjd.com/FRCo9?token=eyJpdiI6Im1RakFzMEtBR1pTVzJQL3dpRysxWUE9PSIsInZhbHVlIjoiNVJ3bUVrekhJS1lDa3NCV09XbXZMZz09IiwibWFjIjoiNGZlZTM4NjdmODdhYzZmZTA0OTU1NmY2MTIwNjgyOGM5YjQ0ODY5ZGM2ZWQ4YWRlNTllNTkyMDI3MTA1YzkxYSIsInRhZyI6IiJ9
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
data
Size
2.2 kB (2243 bytes)
Hash
9a06c3391e0e3f855b4d24f92264fb82
51e84d22391729829d5196123902bdd969c090f5
f4af6af0fdaceb549b732effdb632a2d1628dfc380692eb9efba2ca8b2b75661

HTTP Headers

GET /FRCo9?token=eyJpdiI6Im1RakFzMEtBR1pTVzJQL3dpRysxWUE9PSIsInZhbHVlIjoiNVJ3bUVrekhJS1lDa3NCV09XbXZMZz09IiwibWFjIjoiNGZlZTM4NjdmODdhYzZmZTA0OTU1NmY2MTIwNjgyOGM5YjQ0ODY5ZGM2ZWQ4YWRlNTllNTkyMDI3MTA1YzkxYSIsInRhZyI6IiJ9 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 19:55:27 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/FRCo9
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlFaNkNIWndPM1JEMDhNQTVCNTB0VEE9PSIsInZhbHVlIjoiMDhBZVQ1c2Zna2xZY0lWRk04Vm9KK0tjQXMyVlZQTDVsMlNLcS9jcmFMRE92ZUxtdWpsQ3NnczVlS1B6L3VKYUd0MTN6aWlmOGpjZ3Bqc3pNNlNVaEdwMjFNeXVGNGEwMmFSZlVLZkd1OFhidVAxeUYxRnVhRzc5T0tVRlo5c2QiLCJtYWMiOiJiNjBkM2Y3M2M0NmM4Zjg0NTRiZmIxZDk5ZmM5ZjIzZGM0NjBkYTczNjY2YTliYmZhNmZjMzg1OGY0NGVjMjdjIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:27 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IlI3VkxxSzV4eFJzS0tnMlVTLzdLNkE9PSIsInZhbHVlIjoidFozbUt0Y3QxOEVGUTFiWEplTkZ5RlkxUllCSGR1ekZ3M3ROWU92c0tqdkdlUlFsdG9hNE1Ka0d1OXVZb0xwWW5FYW5zWHIraUkyYjc4UUNlZmJaT05scXIwYXozOUxmengyQUNLVDhzN2FFSVBnOUU4NTc3Y0JGSUFKcFNhQ08iLCJtYWMiOiI1ODBjNjMzOWE2Yzk2M2VmZmRlMmI4Njg3ZWM3YTQ2NWUzYjMwODExM2NkZGZkNDM2Zjc3MjYwZmUxZWU4YTUwIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:27 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BKFxlH5bLZ8Tt8ndlLivQnkPV9brENLmPRYVYaSieh5jzNpUVW0DxzDZSc%2FEyCo4kyMc5CcFy1DBBvlx1dx6o0ORT8Ne4%2FKPN3AjuX5AagPQwvYDa49NKY0MDj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7c9e2e0e56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

efhjd.com/css/frontend.css?id=2396ffb76e738e465b53

188.114.96.1

200 OK

94 kB

URL GET HTTP/3
efhjd.com/css/frontend.css?id=2396ffb76e738e465b53
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
ASCII text, with very long lines (59910)
Size
94 kB (94031 bytes)
Hash
2396ffb76e738e465b53ef186e625d72
f24009e0bc508c37bfdb8689d48687418350fcf4
91ed54900a14b458b306f4a025070148faeca034de3f9aa9a3a14a13d6c2c4ab

HTTP Headers

GET /css/frontend.css?id=2396ffb76e738e465b53 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 18:47:00 GMT
vary: Accept-Encoding
etag: W/"63a354a4-3f918"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1201
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FzdYsHsUSt%2BYRoDl0oSVeNsBCuYOa59DqAnUaHZ7fVNBfy0t%2BdwHsWyc4LZsVLEGRG0dARXVagk7wIo%2BVJAZw%2BTZGr4DJ9CohaLGb2k0Z7tWFpPAHVHOO5RxaQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cbabd54b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live.demand.supply/up.js

104.17.38.115

200 OK

2.9 kB

URL GET HTTP/2
live.demand.supply/up.js
IP
104.17.38.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4422)
Size
2.9 kB (2913 bytes)
Hash
50a945b6104d6c06b320eb507ed24409
f54307b407b4167b2c57c002bf2651e263a8a01a
c61788f28e4310f332bd06cf2d7c40c1b30c522164fced642368e9367afbad2d

HTTP Headers

GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 881c7cbc7a5056c9-OSL
cf-cache-status: HIT
age: 404
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
etag: W/"dbfb28e408f563c47c5a6f819ef24bd8-ssl-df"
link: <https://live.demand.supply/impl.v17.32.0.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/ZWZoamQuY29tLw==>; rel=preload; as=script
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-status: "Netlify Edge"; fwd=miss
cf-bgj: minify
cf-polished: origSize=5343
timing-allow-origin: *
x-nf-request-id: 01HWR9N3F30KS67B771J5SPTEE
set-cookie: __cf_bm=CwwKmrLD1ths5tsy_s7WeD06TXlqlctuWvsLGZf_990-1715370930-1.0.1.1-r.2_zRxRA_9vy9OGAKoOmsh7xTxdoxY2po7ZV5I3QrdqX_v4QhAGHWaUyquA8SUXNMhFK90EO8P9g4lulF0_qA; path=/; expires=Fri, 10-May-24 20:25:30 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 556013
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 378073
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

upfiles.com/

104.26.4.165

22 kB

URL
upfiles.com/
IP
104.26.4.165:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1125), with CRLF, LF line terminators
Size
22 kB (21583 bytes)
Hash
8dcbc53ee91ce4ad1e4347c2f1bd8fee
dff564d5b69a806a4ba83d7627898056abfa8324
d7a9d7e4e0482b7902f4375779a4e2c54b83df1746faabbe0e95d96611331b3f

HTTP Headers

GET / HTTP/1.1
Host: upfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlhmTmF6T0g0aHF4bkl1SE1KZGR5NEE9PSIsInZhbHVlIjoiV1Y0eE45bStwUDFKL3lBQzRMUjRBVW5UMFVFTVhycUdnRkdkemttUi9abnBhSFA5NmVEdXhyVGtzMFZRYTJONzVITTRnUEdyTkRtdWxaanhaT3NzUWo5WU5HNWloWmdHKzJSeld6QWZXWE02dWppMTBzTFFwejUxYkxORzEwcEMiLCJtYWMiOiI3Zjc3ZWM0NTIzZmY2NDY1ODcwMWJlZjRjNWEzNzJjOGJlM2NkNGFjZWVlYzk5MjUwMjUwZmMwYzQ4ZWMxOTc1IiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:28 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6ImlHVGV2VVYwQThpd3UvWlFhdURzYWc9PSIsInZhbHVlIjoiaWcxbVgwUnFVeFprQU9XNHQxUEdpWjBPZHE0cXFQSG1SMnlyQkR4TWZHZEJEd3c5d1FDZ3l1OU9FRy9WUHA5NytaZnZCMHdrcHZVbjBONTEvb2gwS1dERHBCVFBzYTB6eWIyZkhWQmN4SGhRanljNTY0WW1jWlFSdUdxOGNCeE8iLCJtYWMiOiJhM2E1YTdmMGJkODY2ODQ0ODI1MGZmNWI4YzVkNmVhN2M4MDhmYmMwYjRjY2EzMTczN2RlOTVkOTJiZmQzNmZmIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:28 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9oAG9a8OdAD4DPmwHRAKxd8rOPMgngw%2FyIJcovWHH8aRvUon8c1P0C4QYm9tTsbd85HY6QseP7Lsv%2FnwSLQ3zUYzSAxRklKwCN83ETAIVKKarwRwIwwXFEovKMsv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7caa08f3b4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js

172.240.127.234

200 OK

16 kB

URL GET HTTP/1.1
absentcleannewspapers.com/f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectabsentcleannewspapers.com
FingerprintA6:E7:75:05:4C:FA:FF:D2:F7:67:61:89:73:1B:66:32:AF:19:2F:7D
ValidityTue, 26 Mar 2024 06:03:56 GMT - Mon, 24 Jun 2024 06:03:55 GMT

File type
JavaScript source, ASCII text, with very long lines (44088), with no line terminators
Size
16 kB (15830 bytes)
Hash
e71ca1120115aca42cc27fd2912cf3ae
03308340d5a75dc25c3499af8a8579c23d02aeed
24c556dd682ae49cecda3b57b9ffde98f3befed1e88d5d1fe5a980306f328a55

HTTP Headers

GET /f3/48/f1/f348f1f4cb32736ea8b01bdf483d02ac.js HTTP/1.1
Host: absentcleannewspapers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:55:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 60ce14887bd0dd2d666b123e9726e35c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

live.demand.supply/e/e.js?e=ll&d=78&cs=c&dsReferer=ZWZoamQuY29tL0ZSQ285

104.17.38.115

200 OK

0 B

URL HEAD HTTP/3
live.demand.supply/e/e.js?e=ll&d=78&cs=c&dsReferer=ZWZoamQuY29tL0ZSQ285
IP
104.17.38.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /e/e.js?e=ll&d=78&cs=c&dsReferer=ZWZoamQuY29tL0ZSQ285 HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: application/javascript; charset=UTF-8
content-length: 1
cache-control: s-maxage=2592000,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=2
access-control-allow-origin: *
cache-status: "Netlify Edge"; hit
etag: "799cfe824336f1fce20d72fb9944d5d5-ssl"
strict-transport-security: max-age=31536000
x-nf-request-id: 01HXA01JHEASGPH8KA401K40XA
cf-cache-status: HIT
age: 269543
accept-ranges: bytes
set-cookie: __cf_bm=3d4lf94w4mwewjvsI72qdL3CTpTpM033r7TV54YnPNY-1715370930-1.0.1.1-6wtwEpUCfYd529vPvT0QDuMjyJ5H9eR7UDZRkot8BxA8hCJp94hMKNaST.QxnP6Ur16VuzKuxYebyT1HH6We9A; path=/; expires=Fri, 10-May-24 20:25:30 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cbd39e056a8-OSL
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f7a3aabaedd5c95463e85c2d7682d410
715b2bd7dd959bb3423d71b22c43302b7a18a3a5
55ab8ca84eb2c090ff2a4eb9ebc48ce053c3f38261d66bded94f03719a384335

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 19:55:30 GMT
Last-Modified: Fri, 10 May 2024 18:33:31 GMT
Server: ECAcc (ska/F7A5)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OvoAmYu1Opfo-o2EWCPaX-Dei15ilonNLlbTWyvAccdndKLjRHos7g==
Age: 4919

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
8c4fc7d5d86964bae693a9b097536bf4
1151d9c5baf586a1d1a10144b3c6ffde895cbe2c
73381063a2556441e4bc5e5eb8f831bb8d57aa83c71568aed526fba9cbc0a7ec

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://efhjd.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; expires=Mon, 08 May 2034 19:55:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

live.demand.supply/ds.2.html

104.17.38.115

200 OK

668 B

URL GET HTTP/3
live.demand.supply/ds.2.html
IP
104.17.38.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
6d93563087b24f71a2de50d213d1a6a6
3084afce8b8bb33ba5f5c4ac4e7ebb153c552deb
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

HTTP Headers

GET /ds.2.html HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
cache-status: "Netlify Edge"; hit
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-nf-request-id: 01HXA01JR3DNMTF0MR1W33XTN7
cf-cache-status: HIT
age: 269543
set-cookie: __cf_bm=vJXxB3Eiuk0HFBeARxTOlBXSa2ftP0_zyQznX_tUrkI-1715370930-1.0.1.1-zMJrYIND6o2H0h9gULoeskSX0b9t5aXuymqPuMkj0LvuYuAWxFLHcgmAGVawXG8LWW8c6xQ_sgujOkHyr0M.rg; path=/; expires=Fri, 10-May-24 20:25:30 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cbd59f256a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

efhjd.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6

188.114.96.1

200 OK

208 B

URL GET HTTP/3
efhjd.com/images/arrow-down.png?c98e5283a69cb508d054d30256af43c6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
PNG image data, 6 x 12, 8-bit/color RGBA, non-interlaced
Size
208 B (208 bytes)
Hash
31f073499665afb237f3294219d2d7c6
c1ada0510e31f661dab66203c15a3d6c8f5468d0
59b7ad6d6f457b624e25d22959edc7c83af2ac52edba32fd6648c97af0d1780c

HTTP Headers

GET /images/arrow-down.png?c98e5283a69cb508d054d30256af43c6 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/css/frontend.css?id=2396ffb76e738e465b53
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: image/png
content-length: 208
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
etag: "625014b1-d0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1200
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eri44GKVdFxTmUZq6cBJNAHvSVPKZcvc9jCM1Wgg9TZ7kyAjA453WFXqE4xqsntFQOD%2BZUgDaTDypS8J2psFkVM9Y0Er7LXluPpzb4y5AVGz%2FAHI85N5JCChvU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc409a3b4f4-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 378074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:03:54 GMT
expires: Fri, 09 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
age: 150697
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

efhjd.com/img/plane.svg

188.114.96.1

200 OK

411 B

URL GET HTTP/3
efhjd.com/img/plane.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
SVG Scalable Vector Graphics image
Size
411 B (411 bytes)
Hash
4f25968fc51a5e49dc1ea503d5d60e38
4221937e757eb15329dbc318092c9058044c5f73
d454583aa343d4c8aa4e42c0876b20e60c20c0b89284e4ef0c662d0426c18254

HTTP Headers

GET /img/plane.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
etag: W/"63c15cbf-2ac"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1201
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJH7ReburXoMtpyABfzJf%2FVBchCOmAVvahkhZPaH%2FTMr5vCeSD9GLVt9NBN8t1cRgyukiBvGaC6SMBs364ylRI3XGciLO0i%2BeTcKIPSATXoJ9uLKaZVBWz%2FKIGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc30850b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

customarydesolate.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1

192.243.59.12

200 OK

8.1 kB

URL GET HTTP/1.1
customarydesolate.com/sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type
JSON text data
Size
8.1 kB (8128 bytes)
Hash
6a48663236d294990421fa2ce56ffdf0
3e5b9be486585c6d38b5b73a2f5b36836a49c323
21edc1278db31db1f9cdae81e8334832004e14cbec1ce09a539937ab96bf11b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=f348f1f4cb32736ea8b01bdf483d02ac&uuid=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://efhjd.com
Access-Control-Allow-Origin: https://efhjd.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22256744; expires=Sat, 11 May 2024 19:55:31 GMT; secure; SameSite=None
uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; expires=Fri, 17 May 2024 19:55:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:55:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:55:31 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 19:55:31 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 19:55:31 GMT; secure; SameSite=None
slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]; expires=Fri, 10 May 2024 19:55:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 985060f453b6d6322997ffc7fd83f1d4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.googletagmanager.com/gtag/js?id=UA-197252557-1

142.250.74.40

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-197252557-1
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74875 bytes)
Hash
0877eb5301987355918d9833a45d7310
2e68992e6ddbed47f183063c0cd85cf5bf4df42d
c335be879d662338067074d07dfb9c0ecac08c47f22c7b024fd2e32d0a9a7cea

HTTP Headers

GET /gtag/js?id=UA-197252557-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 19:55:31 GMT
expires: Fri, 10 May 2024 19:55:31 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74875
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

yonatallcolum.info/OTNMM0JYUS9efVgOLhU3S19xFnB/Fn51JgoCOUs4TEEmADgNVS0dIVVcOVckS1wiR2xXVjgWcH9eAXUEQ2UnRxZpW3xEJnxieHVwTQUNdAx6aSIHBl1EAVgOVWk/dSh4WRtZFF19H2EmXUsnXwh/ByRnJXgEHXIHcnQPdRhYcgJEEglcfWcvY0cUdwNdfhRqFXdxfAImXnV/dihwQwhkFG96Jkckdlh4FnB7YwlUJX9aeEUaamYGUAYMYS5xdgx+Glh7cUkoRgNRVwtWCkplFQMMHAEOfjV/VBpeF3N1G30GdloGVgh4RzZWE3hDHwEDbHEhZRVjYidlGwkeAVgSa2Ulfi8ACgReBFhQf1gDd1sVAgt/CnxiEHsGDXQAfWkiXANgdRZYJwhqeHIWdEcUSi5uaQ0DCGMCfV4gbGU/YiUfWT9cLEkOGkMyaUoCWSsAQw

108.157.229.60

200 OK

1.2 kB

URL GET HTTP/2
yonatallcolum.info/OTNMM0JYUS9efVgOLhU3S19xFnB/Fn51JgoCOUs4TEEmADgNVS0dIVVcOVckS1wiR2xXVjgWcH9eAXUEQ2UnRxZpW3xEJnxieHVwTQUNdAx6aSIHBl1EAVgOVWk/dSh4WRtZFF19H2EmXUsnXwh/ByRnJXgEHXIHcnQPdRhYcgJEEglcfWcvY0cUdwNdfhRqFXdxfAImXnV/dihwQwhkFG96Jkckdlh4FnB7YwlUJX9aeEUaamYGUAYMYS5xdgx+Glh7cUkoRgNRVwtWCkplFQMMHAEOfjV/VBpeF3N1G30GdloGVgh4RzZWE3hDHwEDbHEhZRVjYidlGwkeAVgSa2Ulfi8ACgReBFhQf1gDd1sVAgt/CnxiEHsGDXQAfWkiXANgdRZYJwhqeHIWdEcUSi5uaQ0DCGMCfV4gbGU/YiUfWT9cLEkOGkMyaUoCWSsAQw
IP
108.157.229.60:443
ASN
#16509 AMAZON-02

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerAmazon
Subjectyonatallcolum.info
Fingerprint61:AF:8C:AB:69:57:8C:1C:85:43:ED:04:B6:FC:74:7F:F7:94:9E:7B
ValidityMon, 15 Apr 2024 00:00:00 GMT - Wed, 14 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3035), with no line terminators
Size
1.2 kB (1191 bytes)
Hash
4c885a05fccefb6590d5cdc1cd38b8c7
ff318acf8eecb86203253d08e7b08b2798d03852
ed9e72bc6efe75b6e6c39e9ccaad8779d7be9971fa1b59bba5f9297ab01aa292

HTTP Headers

GET /OTNMM0JYUS9efVgOLhU3S19xFnB/Fn51JgoCOUs4TEEmADgNVS0dIVVcOVckS1wiR2xXVjgWcH9eAXUEQ2UnRxZpW3xEJnxieHVwTQUNdAx6aSIHBl1EAVgOVWk/dSh4WRtZFF19H2EmXUsnXwh/ByRnJXgEHXIHcnQPdRhYcgJEEglcfWcvY0cUdwNdfhRqFXdxfAImXnV/dihwQwhkFG96Jkckdlh4FnB7YwlUJX9aeEUaamYGUAYMYS5xdgx+Glh7cUkoRgNRVwtWCkplFQMMHAEOfjV/VBpeF3N1G30GdloGVgh4RzZWE3hDHwEDbHEhZRVjYidlGwkeAVgSa2Ulfi8ACgReBFhQf1gDd1sVAgt/CnxiEHsGDXQAfWkiXANgdRZYJwhqeHIWdEcUSi5uaQ0DCGMCfV4gbGU/YiUfWT9cLEkOGkMyaUoCWSsAQw HTTP/1.1
Host: yonatallcolum.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1191
date: Fri, 10 May 2024 19:55:31 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 fc54020ff2087bf01c6a8bc97e7fe89a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: oeB4o4whReG5D83p0zFsHn8Fz2xNSymKITeAWdS6g4Dd3z8In5TWtA==
X-Firefox-Spdy: h2

efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077

188.114.96.1

200 OK

360 kB

URL GET HTTP/3
efhjd.com/js/frontend.js?id=f7e07cec5812d52a9077
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
360 kB (359578 bytes)
Hash
f7e07cec5812d52a9077a4baf1b4348b
669d6cfda9a2b056cebe7f5a31dfa50d7d73405e
24c59cb722ec2564f9f0ea38d57ebd2c6b66a88485aaa9035f3afd68376d4c87

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /js/frontend.js?id=f7e07cec5812d52a9077 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
etag: W/"6613f0bd-ef783"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQRWqmUcVrEtdcwVSjaTTae89I4kMk7s5saISVKycDoKjxwtGxLzKjfdJx5uUkXrInmRzPMYTlvvGyDgPjiILjmZEDC5evy8xupfNJ%2BCYXDQ3JNEi0JAg6eQa9o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc30854b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

customarydesolate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t%2Fm8NODRHKTwBwiKGRn%2B2PSPWOIizFZCa7ZkPgFClpdVT1bbnVXU9U9PVkvwcCS4%2BBBLyK9z%2BxmUYMfeBSjzAYUFsWdHGQP7kHwLxDiSZAZlyy%2B0P2%2Bbz1PwfM%2Bb61vlAfER0n3L7yk16RSdP5M02089brnnW0syazsN%2Frt8K2wdbZhes90wqb7dOMFwVb1vO96ruu5XmNRGpHo%2FvwEhMzvdLxmx222%2FKZ3poW%2B%2BW9vSweWOuC9A%2FI4JB%2FP3nNOQLIRsvTLC8KuFjo%2FfTEtFS20QY9vv5KtZrrKkB6ViXGQZNuHbGi7t3gXOtuayoXuPSTGckycH%2B4izrYPRSLubU51xgoiQ8wfRdUbQagRJB2B6ZuQfI8AjOPyMrL09mVtKnr9X5RO0DGZffAnZDUms7%2BdQJZ%2Bfl7JfuOaVmUhdWbRT2rI%2FgiyO0Je7qBYm4GsdsCK9yD5z2T%2BwRKydHPZKg3J90%2FRpONHbtSa63i%2BN9dKKJvrhKGYc0MWeJHXCkIRTQ2ScgSZjKDEANQ6KCefdFAmDsrcQcr3G8zzvMjljLrtDmMBj0QcctejUeJRzw3bKNlkhgGKfACmBmDmBnJzA6tyAFN%2BD7tSw3IHtiDo8RqVIKgsQUUJKklQFQRVr97iyvq2vs2VLWPvMPuHOaiHuuhu0C1ddEVGQM0Ahtcb%2BQE5PjHQufbRClbFfiMJWu3ES1osDvwoCAVtx64X86TVDrjrUwYra0g7Mx13TY5J88lTyOWYzH68jpjuwKodMHkctDwJWtWgKzXWsi%2FKPJFK2NIo22Q6Bdc18uIYiuvOhjogT0y3uHzTQrDdhft%2Fn%2Fwpf%2FsbMFMjNzXekfcIuurW8KquyOZVXVny1XJeyFSu0cmGrxW0EMc%2BfVFcr7Thly7YwSfPsQkwKe%2B8LGyxRDMus64ln52XnAuzqA0T5NtL9jURXyntyvnSZGW%2BdOX5xUtpboS1UmcjULl38UMwOSaPfffm9OmefuMPSDOCKWuk5S45DEi9A5bfgM13F3589f9%2F%2FbL%2BAawmMOqIE%2BcOqrIeGj8%2BOlSSQImjnsY1rNhd%2BP1cPvz1kXOIxUM7hoZOblNZb9hb6JoZ0OImsrRGz9ToqRpUDWDL%2Fw2L3Owu3A%2BmgVjNDGNlZjZjZdT7U5MnvwJW7jeiIHBp2DnjRREVUdzy20nocUr9VuiHIQ1Q2HHy7Ltf%2FwMAAP%2F%2FAQAA%2F%2F9r%2FHIQlAQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL GET HTTP/1.1
customarydesolate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t%2Fm8NODRHKTwBwiKGRn%2B2PSPWOIizFZCa7ZkPgFClpdVT1bbnVXU9U9PVkvwcCS4%2BBBLyK9z%2BxmUYMfeBSjzAYUFsWdHGQP7kHwLxDiSZAZlyy%2B0P2%2Bbz1PwfM%2Bb61vlAfER0n3L7yk16RSdP5M02089brnnW0syazsN%2Frt8K2wdbZhes90wqb7dOMFwVb1vO96ruu5XmNRGpHo%2FvwEhMzvdLxmx222%2FKZ3poW%2B%2BW9vSweWOuC9A%2FI4JB%2FP3nNOQLIRsvTLC8KuFjo%2FfTEtFS20QY9vv5KtZrrKkB6ViXGQZNuHbGi7t3gXOtuayoXuPSTGckycH%2B4izrYPRSLubU51xgoiQ8wfRdUbQagRJB2B6ZuQfI8AjOPyMrL09mVtKnr9X5RO0DGZffAnZDUms7%2BdQJZ%2Bfl7JfuOaVmUhdWbRT2rI%2FgiyO0Je7qBYm4GsdsCK9yD5z2T%2BwRKydHPZKg3J90%2FRpONHbtSa63i%2BN9dKKJvrhKGYc0MWeJHXCkIRTQ2ScgSZjKDEANQ6KCefdFAmDsrcQcr3G8zzvMjljLrtDmMBj0QcctejUeJRzw3bKNlkhgGKfACmBmDmBnJzA6tyAFN%2BD7tSw3IHtiDo8RqVIKgsQUUJKklQFQRVr97iyvq2vs2VLWPvMPuHOaiHuuhu0C1ddEVGQM0Ahtcb%2BQE5PjHQufbRClbFfiMJWu3ES1osDvwoCAVtx64X86TVDrjrUwYra0g7Mx13TY5J88lTyOWYzH68jpjuwKodMHkctDwJWtWgKzXWsi%2FKPJFK2NIo22Q6Bdc18uIYiuvOhjogT0y3uHzTQrDdhft%2Fn%2Fwpf%2FsbMFMjNzXekfcIuurW8KquyOZVXVny1XJeyFSu0cmGrxW0EMc%2BfVFcr7Thly7YwSfPsQkwKe%2B8LGyxRDMus64ln52XnAuzqA0T5NtL9jURXyntyvnSZGW%2BdOX5xUtpboS1UmcjULl38UMwOSaPfffm9OmefuMPSDOCKWuk5S45DEi9A5bfgM13F3589f9%2F%2FbL%2BAawmMOqIE%2BcOqrIeGj8%2BOlSSQImjnsY1rNhd%2BP1cPvz1kXOIxUM7hoZOblNZb9hb6JoZ0OImsrRGz9ToqRpUDWDL%2Fw2L3Owu3A%2BmgVjNDGNlZjZjZdT7U5MnvwJW7jeiIHBp2DnjRREVUdzy20nocUr9VuiHIQ1Q2HHy7Ltf%2FwMAAP%2F%2FAQAA%2F%2F9r%2FHIQlAQAAA%3D%3D
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuu3t%2Fm8NODRHKTwBwiKGRn%2B2PSPWOIizFZCa7ZkPgFClpdVT1bbnVXU9U9PVkvwcCS4%2BBBLyK9z%2BxmUYMfeBSjzAYUFsWdHGQP7kHwLxDiSZAZlyy%2B0P2%2Bbz1PwfM%2Bb61vlAfER0n3L7yk16RSdP5M02089brnnW0syazsN%2Frt8K2wdbZhes90wqb7dOMFwVb1vO96ruu5XmNRGpHo%2FvwEhMzvdLxmx222%2FKZ3poW%2B%2BW9vSweWOuC9A%2FI4JB%2FP3nNOQLIRsvTLC8KuFjo%2FfTEtFS20QY9vv5KtZrrKkB6ViXGQZNuHbGi7t3gXOtuayoXuPSTGckycH%2B4izrYPRSLubU51xgoiQ8wfRdUbQagRJB2B6ZuQfI8AjOPyMrL09mVtKnr9X5RO0DGZffAnZDUms7%2BdQJZ%2Bfl7JfuOaVmUhdWbRT2rI%2FgiyO0Je7qBYm4GsdsCK9yD5z2T%2BwRKydHPZKg3J90%2FRpONHbtSa63i%2BN9dKKJvrhKGYc0MWeJHXCkIRTQ2ScgSZjKDEANQ6KCefdFAmDsrcQcr3G8zzvMjljLrtDmMBj0QcctejUeJRzw3bKNlkhgGKfACmBmDmBnJzA6tyAFN%2BD7tSw3IHtiDo8RqVIKgsQUUJKklQFQRVr97iyvq2vs2VLWPvMPuHOaiHuuhu0C1ddEVGQM0Ahtcb%2BQE5PjHQufbRClbFfiMJWu3ES1osDvwoCAVtx64X86TVDrjrUwYra0g7Mx13TY5J88lTyOWYzH68jpjuwKodMHkctDwJWtWgKzXWsi%2FKPJFK2NIo22Q6Bdc18uIYiuvOhjogT0y3uHzTQrDdhft%2Fn%2Fwpf%2FsbMFMjNzXekfcIuurW8KquyOZVXVny1XJeyFSu0cmGrxW0EMc%2BfVFcr7Thly7YwSfPsQkwKe%2B8LGyxRDMus64ln52XnAuzqA0T5NtL9jURXyntyvnSZGW%2BdOX5xUtpboS1UmcjULl38UMwOSaPfffm9OmefuMPSDOCKWuk5S45DEi9A5bfgM13F3589f9%2F%2FbL%2BAawmMOqIE%2BcOqrIeGj8%2BOlSSQImjnsY1rNhd%2BP1cPvz1kXOIxUM7hoZOblNZb9hb6JoZ0OImsrRGz9ToqRpUDWDL%2Fw2L3Owu3A%2BmgVjNDGNlZjZjZdT7U5MnvwJW7jeiIHBp2DnjRREVUdzy20nocUr9VuiHIQ1Q2HHy7Ltf%2FwMAAP%2F%2FAQAA%2F%2F9r%2FHIQlAQAAA%3D%3D HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8603b778915cdc198b8a949bb31189e1
Strict-Transport-Security: max-age=0; includeSubdomains

d31uxzurj3z4fa.cloudfront.net/mMFFzVktTPh0wdEQ4F2t6AGNCZn4DdwMkLlZsFjAjWjVdNSRddxklJF4hTgA7QAEKGCFZaANwP0o1TmZtXDAdMXYWNB01dgF3EjIpDWVVIjtfOk4+PEggFi4vXSUJcD5RbB45MVk9HzduAhdGeHsVY0N+MwFgVmUJFWNDOiJeJAtzeQApS2AUBmVWZQkVY0-MkPRViMm99HmFac3kANhY1IF90QRB5AGBDZnoAYFZke1Y4ATMtXylWZA0JZ11mbUVsQg

143.204.42.53

495 B

URL
d31uxzurj3z4fa.cloudfront.net/mMFFzVktTPh0wdEQ4F2t6AGNCZn4DdwMkLlZsFjAjWjVdNSRddxklJF4hTgA7QAEKGCFZaANwP0o1TmZtXDAdMXYWNB01dgF3EjIpDWVVIjtfOk4+PEggFi4vXSUJcD5RbB45MVk9HzduAhdGeHsVY0N+MwFgVmUJFWNDOiJeJAtzeQApS2AUBmVWZQkVY0-MkPRViMm99HmFac3kANhY1IF90QRB5AGBDZnoAYFZke1Y4ATMtXylWZA0JZ11mbUVsQg
IP
143.204.42.53:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (686), with no line terminators
Size
495 B (495 bytes)
Hash
d56b4ce12fbad28c2109e9f92c076483
2063491f6f364e4477588daeb84def296e98361f
1df53c888a8c1cb55ba8426579a798acd426e803e37b2e16e2a2b31fb22a87a6

HTTP Headers

GET /mMFFzVktTPh0wdEQ4F2t6AGNCZn4DdwMkLlZsFjAjWjVdNSRddxklJF4hTgA7QAEKGCFZaANwP0o1TmZtXDAdMXYWNB01dgF3EjIpDWVVIjtfOk4+PEggFi4vXSUJcD5RbB45MVk9HzduAhdGeHsVY0N+MwFgVmUJFWNDOiJeJAtzeQApS2AUBmVWZQkVY0-MkPRViMm99HmFac3kANhY1IF90QRB5AGBDZnoAYFZke1Y4ATMtXylWZA0JZ11mbUVsQg HTTP/1.1
Host: d31uxzurj3z4fa.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yonatallcolum.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 495
date: Fri, 10 May 2024 19:55:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TFbFpD4Yz1ZeXDkVs6I2WEPWa25LPj6OX6NAQEULEXqdOcSDGoe6tA==
X-Firefox-Spdy: h2

customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=72

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=72
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html&l=1444&fd=72 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif

172.67.141.24

200 OK

206 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
GIF image data, version 89a, 480 x 360
Size
206 kB (206291 bytes)
Hash
0b33face774f2203446507ce5f075538
1dd3522529bce7739df0687f47f5bc84356698a0
ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 868559
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7p6MWoAZLHBbdLguYGdS%2FX2gJpaxgAj9U9v2LHq6xx6l1CbQP0de6MXqD%2BBZCDzEEWCs%2FEW2TPEWXONuUc9fJ%2FCd2M69VYR9niL295TrSSSBEb7l9fWxuhpg5aAsJDVcNTDi%2BnrWJkQQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc71fe3b517-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4

172.67.141.24

206 Partial Content

34 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
34 kB (34238 bytes)
Hash
69e52ff16a779d8ab66a1156cc50ab23
27f8897a2acc3bcfd319c267d137aaa4650fb3c5
2048e8325f6d17e0fefb2226c4191a9e300c562f2bc46543ac616d49ff971d61

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Fri, 10 May 2024 19:55:32 GMT
content-type: video/mp4
content-length: 34238
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: "65aa8644-85be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 868550
content-range: bytes 0-34237/34238
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2B4dPkouTIDbXOwFOPJhyusq%2FF1eE1loJre99GWrxlF7fwhjBzcRQpGqMUNAEE7JMrd8GUdPOyhWYa9IzJu3M7N83V4OqBz8SgO%2F6biC0D7v6cLZPxSM05e0AFKasYaC911KmKhWj%2FHW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc7380fb517-OSL
alt-svc: h3=":443"; ma=86400

customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css&l=78693&fd=44 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
11052695b701a95eeafc403471ba37b2
e5f56ea3634511055543f120e7d55219722c55a5
5602dd10bde28abf89ae0a31a3824b20db75f39d0a7c05e1f8f43807f77064eb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 19:55:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css

172.67.141.24

200 OK

2.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/style.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
gzip compressed data, from Unix
Size
2.2 kB (2241 bytes)
Hash
00eb42e4f6075710a4049fbcdb0b4535
485a4a2b85f51e43549ddb5e18b50dd6a308f767
ae3e3e3c8d8718dcd3f28cd1e6cd02f9ea3ee55d4fc6bd339de597af9800ca77

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-d14"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 268367
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqmKPikCBMz2rGpbv5lkDsW%2BUGG0WUjc7EWLZmUmy%2FOaA3vt0rNJ2ndVIJCbL5g0ZE3467OsWwHVhg4mBboIg7SEUHm4feAJloaYyR28xzXsDKmMoFu2c6VGNzLRrKsbdnRlAkNm3pZJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc64d230b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:W23vwCBL2PP6UAgSSXpklzmSJmKZBw:J_Okcd2Vw_pdWmNc; Expires=Sun, 10-May-2026 19:55:32 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:32 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxmlSW-_UC-nrGzU2SZ3U02zI_IpE1WrJr4WiXAKmfsulr74GFO1V7U5f8SCCKebc3Gm-4lYA
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-s0WANjFbZnCufJxdr6iQzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=46

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=46
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css&l=3348&fd=46 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

customarydesolate.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js

172.240.108.84

200 OK

30 kB

URL GET HTTP/1.1
customarydesolate.com/8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30384 bytes)
Hash
18153be13cb1eb4e0752b6bf21a4f6f5
a6cf5e67aade4a8b7aa982ab3b0471b49bd8532d
0dfcd206cedffea3da777b504e743769bba39a5459affaae28f6590734d007fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8e/c3/c4/8ec3c46510d6cdfa39d05771966b94c1.js HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a00e56001680e03b2134e679f33ecadd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:AZsu0t1RxaQc258nKYDsGttZdk11nA:IcaUFlDsSmtCv4_9; Expires=Sun, 10-May-2026 19:55:32 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:32 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwE9xJ_Uwmd5F_rvI8V8o1lCGAIizTSKB1IxUaJiUODgAfylaPRK4x-bSdwWipN7S5CSjFGEQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-f9yk8VazdFJPu4zV70-4sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 556015
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

forhavingartistic.info/popunder.gif

188.114.97.1

58 B

URL GET
forhavingartistic.info/popunder.gif
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectforhavingartistic.info
Fingerprint99:C4:40:7A:4F:8D:B3:1C:81:58:9B:CB:06:76:D8:05:9B:30:0E:F6
ValidityMon, 01 Apr 2024 07:04:42 GMT - Sun, 30 Jun 2024 07:04:41 GMT

File type
GIF image data, version 89a, 1 x 1
Size
58 B (58 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: forhavingartistic.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: image/gif
content-length: 58
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
cf-cache-status: HIT
age: 96361
last-modified: Thu, 09 May 2024 17:09:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6OEA8iWlSmAp8f5eIMKwBCA2%2FTCNFbS1jMzqChus2VORoX75qQuLeCzRNMwUsg1L6ihJ1ennvA7mAlp9JcqH5e7JwXNdjteiPywf%2FK9AbClAx%2Bqio3MyFjIcNjRQROOnPlqbminEgJaU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cca1ef5568d-OSL
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js

172.67.141.24

200 OK

3.7 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/js/script.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
Unicode text, UTF-8 text
Size
3.7 kB (3748 bytes)
Hash
d943b190d575fbacd2190a6c68ac5414
612abd865a7368e2af9f36be39ea79d3fac0bd15
78dfd0ad0dde93524dbca9e6e500bac9027b762e1d8d0b94574b75a654704ff8

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: application/javascript
last-modified: Tue, 20 Feb 2024 10:37:31 GMT
etag: W/"65d480eb-24fa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 268367
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TkkGnymfd%2Fl7wu1el7vlS3u35BjdCZzWbZl%2FIe%2Bxc8m%2Ft%2FNT4lLRSgtWyBYKiV9Xflnx4rnK%2FlsSgRrKXFUTtogUbwCy3lM1bNh5GxieiD3fPny6T%2BZ3tpTgdtTW0HgZz4AeLAXXVgUr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc64d210b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=37

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
customarydesolate.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=37
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js&l=7986&fd=37 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

upfiles.com/FRCo9

172.67.71.221

302 Found

18 kB

URL User Request GET HTTP/2
upfiles.com/FRCo9
IP
172.67.71.221:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectupfiles.com
FingerprintA1:6E:9A:DD:09:B8:21:98:B4:6B:5E:DD:B5:3B:58:87:1C:89:61:C6
ValidityFri, 26 Apr 2024 02:44:01 GMT - Thu, 25 Jul 2024 02:44:00 GMT

File type
data
Size
18 kB (17601 bytes)
Hash
20457626381f92bd700d3b51e64ca22b
1cac7915ff071827e51a4aa3773d542fbb330472
52c0bd033b6ae9a4ac1d19934227b735e504545288988a5e20821cb10e030203

HTTP Headers

GET /FRCo9 HTTP/1.1
Host: upfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 19:55:25 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/FRCo9?token=eyJpdiI6Im1RakFzMEtBR1pTVzJQL3dpRysxWUE9PSIsInZhbHVlIjoiNVJ3bUVrekhJS1lDa3NCV09XbXZMZz09IiwibWFjIjoiNGZlZTM4NjdmODdhYzZmZTA0OTU1NmY2MTIwNjgyOGM5YjQ0ODY5ZGM2ZWQ4YWRlNTllNTkyMDI3MTA1YzkxYSIsInRhZyI6IiJ9
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6ImNOOXhwTU50dmtWZ1BHNnFvRCsxc0E9PSIsInZhbHVlIjoiVDF2VEo4U0JRN1VWcDRlQ3Q1UDROYzd6QVdNQlpFbjhTUFVyTHR1eExTRnBaSlFPemtnTHBhZDJWNEhkYnBKb21lT3lxTnYwRGZHUEZ1NEw0Z1VWMG5HQ3cvK3h6Q3A2NmZTNGRsQytLd2tDeHVZY0QvQjJLdW1IWVRTdEMwcjMiLCJtYWMiOiJiNWVjY2Y3ZTgzNDhlYTA5NzM4ZGYwODM0MjViMDUyMjBlYjgwNjU0YWI3NDY5ZTM1MmVkOWY5Y2Y5NWVhM2ExIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:25 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IkZtYnNQcHpwUXhzcnR3OUJrVlU0VFE9PSIsInZhbHVlIjoiUlYwNG5iMG5oZThpSjRNRWlvMVk4Sm5HbHVqejl6WnNxWmFFcG92U05DUU1FTEg4dXNrQi9mSzJ2Y0hlQSthaGM0Q2dUaWttT3c1ZW1Sa1lnVXJoaHVSRWxCb0QxMnI2cktQaXJhbzZwS0g4Um82V2hhZFNUK09IMVN4ZVZwUkwiLCJtYWMiOiIxMzEwZTBlNGIzNTQ5ODdiODZmMGI1MjlkM2EyYWMwODdmZGNkNDBkM2NkMzQ3YzVmOWQyMDQ5YjNkYWE0MzIwIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:25 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Loq%2FUb3F0iyoFlkjhfCozYK9CiVWar%2Ft4r%2BC%2BKuUyU5Tu%2BCykLQe8U0IykmnWtj9rELLU1xOJqMd3OKfwZy2ht8oz00a8XmXhKNjRSzxOr%2Fyixu1h4dYFCIbxzN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7c976f22b505-OSL
X-Firefox-Spdy: h2

customarydesolate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8dOFjMxOBnoxgsKkU9Xd6Q%2BHMRgzkWCcDBO%2FQEHfV3WeeVWveK%2BqqxM3wUCYZeNCNyKV08kEdfADl%2BIonQGFoJiehWRhFoJ%2FgTCuBOk2TPBC1b33nfPg3HPf9k52QirI6PH8S2ZDaU2nZ8p%2B6anXg%2BBKaUnFWbfUbdbfqteulGznmVa97D9dekHyNTNd8QPfD%2FygtKCsDE13egRCJXdaQbnll2uVcjBTQ9f%2Bt3eZB0c9iM4JeRxKDCfveReg%2BABx9OW8dGupSS5fizJNU2PREfuvxGuxyWNEZ2VoPYTx%2Fikbxh0t3IWJ98ZyYToPiUwNiffDXbB4%2F1QkWGd3rJNpyBhMPIq8M4DUAyg6ADdbUOKIAFzg%2BjLi6PZ1Y3O6%2Fi9KR%2BiQTD74EyofksnfLiCOPp%2FTqltaMTpLlYkdumEB1R1AtQdIsgOkGxNQ%2BQF4%2Bh6U%2BJlMP1hCHO0uO22gxPElGrYqDb9Rm2oFlWCqFlI%2B1arX5ZRf59WgEdSqddkYG6TUACocQMseqPOQjT7lIQs9ZImHSByXeBAEDV9w6jdbnFdFQ7K68APaCAMa%2BPUmMj6aoYc06YHrHrjdRGI3saZ6sNn3cKsFnPDgUoKOKJBLgtwR5JQgVwR5SpB3ij2hXcUVt4V2GQtOc%2BU0V4u%2BSds7dM%2BkbRkTUNuDFcVOckLOjwz0Vj5axZo8LoXVWjMMwhpn1UqjWpe0yfyAibDWrAq%2FQjmcKqDcxHjcDTUk5ScvIVFDMvnxNhg9gNMH4Oo8aHYRNC9AVwtsxF9kSai0dJnVrsxNBGEKJOk5pOvejj4hT4y3uLzlIPnh7P2%2FL%2F6UvP0NuC2Q2ALvqHsEbX2rf9PkZPemyR35ajlJVaQ26GjDKylN5blPX5TrubFicd71PnmOj4BReedl6dIlGgsVtx35bE4JIe2CsVySbxfda5LdyNzqXGbjLFm68fzCYpRY6Zwy8QBUHV37EFwNyWPfvTl%2Bupff%2BAPKDmCzAlF2SE4DyhyAJ5twyeHsj6%2F%2B%2F69ftj%2BAMwRWn3FY4iHPir6tsLNDrQi0POspK%2BDk4ezvV5P%2Br49cBZMP7ehbOrpNVbHjbqFtJ0DTLcRRgY4t0NEFqO7BZf%2Frp4k9nL1fHQeYnugzbSd2mbb6%2FbHJo18Kp45LVV80mAxlg8naTC2UXLCZGebzkLOqaDY5UjcMn333638AAAD%2F%2FwEAAP%2F%2F6yin%2BJQEAAA%3D

172.240.108.84

200 OK

7 B

URL GET HTTP/1.1
customarydesolate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8dOFjMxOBnoxgsKkU9Xd6Q%2BHMRgzkWCcDBO%2FQEHfV3WeeVWveK%2BqqxM3wUCYZeNCNyKV08kEdfADl%2BIonQGFoJiehWRhFoJ%2FgTCuBOk2TPBC1b33nfPg3HPf9k52QirI6PH8S2ZDaU2nZ8p%2B6anXg%2BBKaUnFWbfUbdbfqteulGznmVa97D9dekHyNTNd8QPfD%2FygtKCsDE13egRCJXdaQbnll2uVcjBTQ9f%2Bt3eZB0c9iM4JeRxKDCfveReg%2BABx9OW8dGupSS5fizJNU2PREfuvxGuxyWNEZ2VoPYTx%2Fikbxh0t3IWJ98ZyYToPiUwNiffDXbB4%2F1QkWGd3rJNpyBhMPIq8M4DUAyg6ADdbUOKIAFzg%2BjLi6PZ1Y3O6%2Fi9KR%2BiQTD74EyofksnfLiCOPp%2FTqltaMTpLlYkdumEB1R1AtQdIsgOkGxNQ%2BQF4%2Bh6U%2BJlMP1hCHO0uO22gxPElGrYqDb9Rm2oFlWCqFlI%2B1arX5ZRf59WgEdSqddkYG6TUACocQMseqPOQjT7lIQs9ZImHSByXeBAEDV9w6jdbnFdFQ7K68APaCAMa%2BPUmMj6aoYc06YHrHrjdRGI3saZ6sNn3cKsFnPDgUoKOKJBLgtwR5JQgVwR5SpB3ij2hXcUVt4V2GQtOc%2BU0V4u%2BSds7dM%2BkbRkTUNuDFcVOckLOjwz0Vj5axZo8LoXVWjMMwhpn1UqjWpe0yfyAibDWrAq%2FQjmcKqDcxHjcDTUk5ScvIVFDMvnxNhg9gNMH4Oo8aHYRNC9AVwtsxF9kSai0dJnVrsxNBGEKJOk5pOvejj4hT4y3uLzlIPnh7P2%2FL%2F6UvP0NuC2Q2ALvqHsEbX2rf9PkZPemyR35ajlJVaQ26GjDKylN5blPX5TrubFicd71PnmOj4BReedl6dIlGgsVtx35bE4JIe2CsVySbxfda5LdyNzqXGbjLFm68fzCYpRY6Zwy8QBUHV37EFwNyWPfvTl%2Bupff%2BAPKDmCzAlF2SE4DyhyAJ5twyeHsj6%2F%2B%2F69ftj%2BAMwRWn3FY4iHPir6tsLNDrQi0POspK%2BDk4ezvV5P%2Br49cBZMP7ehbOrpNVbHjbqFtJ0DTLcRRgY4t0NEFqO7BZf%2Frp4k9nL1fHQeYnugzbSd2mbb6%2FbHJo18Kp45LVV80mAxlg8naTC2UXLCZGebzkLOqaDY5UjcMn333638AAAD%2F%2FwEAAP%2F%2F6yin%2BJQEAAA%3D
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8dOFjMxOBnoxgsKkU9Xd6Q%2BHMRgzkWCcDBO%2FQEHfV3WeeVWveK%2BqqxM3wUCYZeNCNyKV08kEdfADl%2BIonQGFoJiehWRhFoJ%2FgTCuBOk2TPBC1b33nfPg3HPf9k52QirI6PH8S2ZDaU2nZ8p%2B6anXg%2BBKaUnFWbfUbdbfqteulGznmVa97D9dekHyNTNd8QPfD%2FygtKCsDE13egRCJXdaQbnll2uVcjBTQ9f%2Bt3eZB0c9iM4JeRxKDCfveReg%2BABx9OW8dGupSS5fizJNU2PREfuvxGuxyWNEZ2VoPYTx%2Fikbxh0t3IWJ98ZyYToPiUwNiffDXbB4%2F1QkWGd3rJNpyBhMPIq8M4DUAyg6ADdbUOKIAFzg%2BjLi6PZ1Y3O6%2Fi9KR%2BiQTD74EyofksnfLiCOPp%2FTqltaMTpLlYkdumEB1R1AtQdIsgOkGxNQ%2BQF4%2Bh6U%2BJlMP1hCHO0uO22gxPElGrYqDb9Rm2oFlWCqFlI%2B1arX5ZRf59WgEdSqddkYG6TUACocQMseqPOQjT7lIQs9ZImHSByXeBAEDV9w6jdbnFdFQ7K68APaCAMa%2BPUmMj6aoYc06YHrHrjdRGI3saZ6sNn3cKsFnPDgUoKOKJBLgtwR5JQgVwR5SpB3ij2hXcUVt4V2GQtOc%2BU0V4u%2BSds7dM%2BkbRkTUNuDFcVOckLOjwz0Vj5axZo8LoXVWjMMwhpn1UqjWpe0yfyAibDWrAq%2FQjmcKqDcxHjcDTUk5ScvIVFDMvnxNhg9gNMH4Oo8aHYRNC9AVwtsxF9kSai0dJnVrsxNBGEKJOk5pOvejj4hT4y3uLzlIPnh7P2%2FL%2F6UvP0NuC2Q2ALvqHsEbX2rf9PkZPemyR35ajlJVaQ26GjDKylN5blPX5TrubFicd71PnmOj4BReedl6dIlGgsVtx35bE4JIe2CsVySbxfda5LdyNzqXGbjLFm68fzCYpRY6Zwy8QBUHV37EFwNyWPfvTl%2Bupff%2BAPKDmCzAlF2SE4DyhyAJ5twyeHsj6%2F%2B%2F69ftj%2BAMwRWn3FY4iHPir6tsLNDrQi0POspK%2BDk4ezvV5P%2Br49cBZMP7ehbOrpNVbHjbqFtJ0DTLcRRgY4t0NEFqO7BZf%2Frp4k9nL1fHQeYnugzbSd2mbb6%2FbHJo18Kp45LVV80mAxlg8naTC2UXLCZGebzkLOqaDY5UjcMn333638AAAD%2F%2FwEAAP%2F%2F6yin%2BJQEAAA%3D HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f7ade8ea4c9e49ea9f751c0ef3c381e
Strict-Transport-Security: max-age=0; includeSubdomains

efhjd.com/favicon.ico

188.114.96.1

302 Found

471 B

URL GET HTTP/3
efhjd.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
data
Size
471 B (471 bytes)
Hash
3eb53cfde6236787a43e84e32a2211f1
b6a7bd04e2d82d0ab9cc974b0e8aa347d3d464ca
294adf18b2b67745e21ebcca64409b78268f8c66b838ddbf3169bbf2756590af

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; ab=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=customarydesolate.com; _ga_75C4L64NEB=GS1.1.1715370932.1.0.1715370932.0.0.0; _ga=GA1.1.1568235693.1715370932
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 10 May 2024 19:55:32 GMT
content-type: text/html; charset=UTF-8
location: https://efhjd.com/wp-includes/images/w-logo-blue-white-bg.png
x-powered-by: PHP/8.2.15
cf-edge-cache: cache,platform=wordpress
link: <https://efhjd.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
strict-transport-security: max-age=31536000
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2FAaTKjFlVAIyRNdq%2F2S2MvV6oWKJug47Yw2gYQxPr6fH60VbniWk4AC%2FrVzxm5Bvmw0x602WK4VAedhR%2Bon2roOyqvKYoWuv%2FEE9ETko3ZaPGfJZ7ah4unm7%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc70d56b4f4-OSL
alt-svc: h3=":443"; ma=86400

customarydesolate.com/pixel/sbs?c=1

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
customarydesolate.com/pixel/sbs?c=1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectcustomarydesolate.com
Fingerprint00:D2:0D:86:8E:FB:C8:79:46:C6:0E:E5:71:C7:50:AC:0E:C1:D1:F8
ValidityMon, 06 May 2024 08:18:02 GMT - Sun, 04 Aug 2024 08:18:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: customarydesolate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: u_pl=22256744; uid_id2=af927074-9121-4fac-966e-06c3171436e7:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecf348f1f4cb32736ea8b01bdf483d02ac=[5210995,5210996]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:55:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
726587f27f154102afa932e111fa272c
e73d681b88e26f384f95956ff0cdb6e5087af0c8
15212a8da55128e4e34c7d87e75f746bcf8a69aef65a2d833f746491f361c7a3

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 19:55:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

efhjd.com/wp-includes/images/w-logo-blue-white-bg.png

188.114.96.1

200 OK

4.1 kB

URL GET HTTP/3
efhjd.com/wp-includes/images/w-logo-blue-white-bg.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/FRCo9
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1; ab=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=customarydesolate.com; _ga_75C4L64NEB=GS1.1.1715370932.1.0.1715370932.0.0.0; _ga=GA1.1.1568235693.1715370932
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: image/png
content-length: 4119
last-modified: Mon, 15 Nov 2021 19:04:00 GMT
etag: "1017-5d0d878b20800"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5444
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uIn7O7ulHnUzh1f8%2BZN1cLejjd29kG7oY2pqDnmoTBxFs363LKa0V%2Bf1sZLfTuVy11g4ojJ5KPu3SDT16Kro%2Ff2xKJZA9kjwEXpEt%2FBh1Ivb8bjYvv%2BGLRoszrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ccb1a32b4f4-OSL
alt-svc: h3=":443"; ma=86400

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxmlSW-_UC-nrGzU2SZ3U02zI_IpE1WrJr4WiXAKmfsulr74GFO1V7U5f8SCCKebc3Gm-4lYA

74.125.131.84

302 Found

419 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxmlSW-_UC-nrGzU2SZ3U02zI_IpE1WrJr4WiXAKmfsulr74GFO1V7U5f8SCCKebc3Gm-4lYA
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type
HTML document, ASCII text, with very long lines (391)
Size
419 B (419 bytes)
Hash
b2b137395b667b509e5c49af0abf0054
2071927f193f13e6b493c474458e6037644397ff
d1d7dd14b2a52eb468295e6f2aafc0b81e794cb095298eff41c8e80358728feb

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxmlSW-_UC-nrGzU2SZ3U02zI_IpE1WrJr4WiXAKmfsulr74GFO1V7U5f8SCCKebc3Gm-4lYA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:FwF8Ii1qxGA3Ww8Wwmra8VB-0uwLeQ:NFC0Ji-VrMOvHkaE;Path=/;Expires=Sun, 10-May-2026 19:55:32 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:33 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQywpAi-gAdzWE4TO6P1a0BGzutIRPTTmiFVsZgeLqiXj48sSh6MsmHbrJwsPxSCRMaq00WP&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S118173205%3A1715370933005083&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-yHCWoqz0-kB00hJVa2SMUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 419
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwE9xJ_Uwmd5F_rvI8V8o1lCGAIizTSKB1IxUaJiUODgAfylaPRK4x-bSdwWipN7S5CSjFGEQ

74.125.131.84

302 Found

418 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwE9xJ_Uwmd5F_rvI8V8o1lCGAIizTSKB1IxUaJiUODgAfylaPRK4x-bSdwWipN7S5CSjFGEQ
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type
HTML document, ASCII text, with very long lines (387)
Size
418 B (418 bytes)
Hash
62751f57d66ddf9ef88b8eacf5c14102
7a9a8405d53f2f15f316e138fc13955972adf86e
073c917e36383074b676428accdeb0ced8645fc3f2ec9d81755f328438ab1431

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AaSxoQwE9xJ_Uwmd5F_rvI8V8o1lCGAIizTSKB1IxUaJiUODgAfylaPRK4x-bSdwWipN7S5CSjFGEQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:l0LDlIjpJA3cYWEcEQP1K3FKDR5NeA:xQukac68q8HSINcM;Path=/;Expires=Sun, 10-May-2026 19:55:33 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:33 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxW5DuxThdJWvHtACruMS0TW-ecKO_JSinN6SlyKiVVbUDAfi0D1hLwW8h0BhZR0TOsNPMy&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S956328542%3A1715370933014851&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-R7kMLPJkjgzJmwWyVfJVKQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

142.250.74.35

200 OK

204 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (632)
Size
204 kB (204445 bytes)
Hash
add520996e437bff5d081315da187fbf
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

HTTP Headers

GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 358979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.207.194

200 OK

0 B

URL HEAD HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.207.194:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:C3:90:43:D3:09:4E:26:62:79:17:6F:1D:33:E5:FA:DF:77:3E:7B
ValidityTue, 16 Apr 2024 03:18:52 GMT - Tue, 09 Jul 2024 03:18:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 10 May 2024 19:55:33 GMT
expires: Fri, 10 May 2024 19:55:33 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 7272657529095587890
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52220
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

efhjd.com/FRCo9

188.114.96.1

200 OK

91 kB

URL User Request GET HTTP/2
efhjd.com/FRCo9
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (58219), with CRLF, LF line terminators
Size
91 kB (90599 bytes)
Hash
ddac8ccc007d46fc2fa8e85e94542b25
b3bc44aa6ec55f45a86d6500af694d7a3742cc8a
00c9449c5d1f6ee20e8a3779cf5023684d5142f0ca792cfae0daa979f83bca39

HTTP Headers

GET /FRCo9 HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFaNkNIWndPM1JEMDhNQTVCNTB0VEE9PSIsInZhbHVlIjoiMDhBZVQ1c2Zna2xZY0lWRk04Vm9KK0tjQXMyVlZQTDVsMlNLcS9jcmFMRE92ZUxtdWpsQ3NnczVlS1B6L3VKYUd0MTN6aWlmOGpjZ3Bqc3pNNlNVaEdwMjFNeXVGNGEwMmFSZlVLZkd1OFhidVAxeUYxRnVhRzc5T0tVRlo5c2QiLCJtYWMiOiJiNjBkM2Y3M2M0NmM4Zjg0NTRiZmIxZDk5ZmM5ZjIzZGM0NjBkYTczNjY2YTliYmZhNmZjMzg1OGY0NGVjMjdjIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IlI3VkxxSzV4eFJzS0tnMlVTLzdLNkE9PSIsInZhbHVlIjoidFozbUt0Y3QxOEVGUTFiWEplTkZ5RlkxUllCSGR1ekZ3M3ROWU92c0tqdkdlUlFsdG9hNE1Ka0d1OXVZb0xwWW5FYW5zWHIraUkyYjc4UUNlZmJaT05scXIwYXozOUxmengyQUNLVDhzN2FFSVBnOUU4NTc3Y0JGSUFKcFNhQ08iLCJtYWMiOiI1ODBjNjMzOWE2Yzk2M2VmZmRlMmI4Njg3ZWM3YTQ2NWUzYjMwODExM2NkZGZkNDM2Zjc3MjYwZmUxZWU4YTUwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:28 GMT; Max-Age=604800; path=/; samesite=lax
upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; expires=Fri, 17-May-2024 19:55:28 GMT; Max-Age=604800; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=deLDsY7wgjFORYz9tinDWHzPbNm%2FLGbfplGIMeKPcZnEy0s8dWudPQEiF2oLT%2FsDURRbngoYKgYukFREROOdfv%2BV9HlZfknQyQuo27E21vX5PB8Y7pFotAZ7U9M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7ca79b1f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=af927074-9121-4fac-966e-06c3171436e7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=af927074-9121-4fac-966e-06c3171436e7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=af927074-9121-4fac-966e-06c3171436e7&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=f348f1f4cb32736ea8b01bdf483d02ac&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:55:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7008d47e23dc4de932e648b469eeb2f3
Strict-Transport-Security: max-age=0; includeSubdomains

live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL0ZSQ285

104.17.38.115

200 OK

6.5 kB

URL GET HTTP/3
live.demand.supply/p4/v17-24-0/ZWZoamQuY29tL0ZSQ285
IP
104.17.38.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
6.5 kB (6513 bytes)
Hash
ab3db78294876480edccd2b9ffe2259b
7690642b47fcef4e5be8e8c10d83633267eb02df
fb94b462f27f138f78bc2f58584c8e4377ea23828ec4bf2de9a76b624419b6d0

HTTP Headers

GET /p4/v17-24-0/ZWZoamQuY29tL0ZSQ285 HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: __cf_bm=CwwKmrLD1ths5tsy_s7WeD06TXlqlctuWvsLGZf_990-1715370930-1.0.1.1-r.2_zRxRA_9vy9OGAKoOmsh7xTxdoxY2po7ZV5I3QrdqX_v4QhAGHWaUyquA8SUXNMhFK90EO8P9g4lulF0_qA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cbd5fd056c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forhavingartistic.info/STZObVRmCS0eaR9xBCAxHVogOAw9fw86LCtQCx4dEAc6WgA+BmgZPS0Lf11meAZ7XnI5XypQZW9FOgwgPEVzXHIgWCgCaW9Ac1x6egJgXmJnAmgYaXgQOh01Lgt/SyQ9QiJQZX4He15jeQ99XGN5BQ

188.114.97.1

204 No Content

0 B

URL GET HTTP/2
forhavingartistic.info/STZObVRmCS0eaR9xBCAxHVogOAw9fw86LCtQCx4dEAc6WgA+BmgZPS0Lf11meAZ7XnI5XypQZW9FOgwgPEVzXHIgWCgCaW9Ac1x6egJgXmJnAmgYaXgQOh01Lgt/SyQ9QiJQZX4He15jeQ99XGN5BQ
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectforhavingartistic.info
Fingerprint99:C4:40:7A:4F:8D:B3:1C:81:58:9B:CB:06:76:D8:05:9B:30:0E:F6
ValidityMon, 01 Apr 2024 07:04:42 GMT - Sun, 30 Jun 2024 07:04:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /STZObVRmCS0eaR9xBCAxHVogOAw9fw86LCtQCx4dEAc6WgA+BmgZPS0Lf11meAZ7XnI5XypQZW9FOgwgPEVzXHIgWCgCaW9Ac1x6egJgXmJnAmgYaXgQOh01Lgt/SyQ9QiJQZX4He15jeQ99XGN5BQ HTTP/1.1
Host: forhavingartistic.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 10 May 2024 19:55:31 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghp%2FzBRIPK8rulijcFiBrY7AQwhveKgCS0ovqt4F1T6qaI8mNSm5hegLk8GdQJCe8oKxNrtqrgornl19roXhA1FqdIQ9PoF6P5K9joLOp6t5y6mjJno6agKgQ5Kj7zXwGqpVQoz3jVXX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc39fb7569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

142.250.74.131

200 OK

921 B

URL GET HTTP/2
www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc.google.com
Fingerprint7C:B7:19:49:C1:10:A7:C1:57:8C:3C:B8:82:CC:C7:26:D1:7F:3A:39
ValidityTue, 16 Apr 2024 03:24:32 GMT - Tue, 09 Jul 2024 03:24:31 GMT

File type
JavaScript source, ASCII text, with very long lines (921), with no line terminators
Size
921 B (921 bytes)
Hash
0739bacc61dff1ef28b3f4633b3903dc
119b6f313c950e5f33800ad7f6c454091af8e248
99a35328f70daed10075b6fdcfd8a2c7876c3d53902c2d459a005a2f765c93ce

HTTP Headers

GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 10 May 2024 19:55:32 GMT
date: Fri, 10 May 2024 19:55:32 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

efhjd.com/img/logo.svg

188.114.96.1

200 OK

22 kB

URL GET HTTP/3
efhjd.com/img/logo.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
SVG Scalable Vector Graphics image
Size
22 kB (22248 bytes)
Hash
1e28749acbd90e7e99a883c1890327cd
638b4525d3f0ed776db136ca1025a8961f46c9e0
d526da1f4d4af45cefd2a0d140abec2beddc3150d13c47d3de893eaa278a369d

HTTP Headers

GET /img/logo.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: image/svg+xml
last-modified: Fri, 08 Apr 2022 10:55:45 GMT
vary: Accept-Encoding
etag: W/"625014b1-56e8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zp499%2FjSk6S%2B%2B4pVpC1qtdTTSw3jbz1%2BFehkDv9QmtNTFDzUHC%2B4Smn8FRrOR2H9EAUC%2Fs0ZKOtS5TD%2FPJ0d4z1rGryLNRJjVoQNjDr1y2929JvPK%2BADIWyPusU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cbabd59b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pogothere.xyz/asd100.bin

188.114.97.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://efhjd.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3495
last-modified: Fri, 10 May 2024 18:57:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7odqUrfYEi9GA5lIwK7BY6re0q%2BFzR%2BRDOHl1%2Fb6gSsx4BAMk%2BC9jH7VfW%2F%2FQJrdG9WOBFtdIE0lAGUF%2Bvq2mq3Hqg3TM5A8tvklzHyDr%2Ftt2WFgj%2FyQfGwIIRuWqqlX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc38f860b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:55:00 GMT
expires: Fri, 09 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
age: 151230
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

efhjd.com/img/menu.svg

188.114.96.1

200 OK

1.8 kB

URL GET HTTP/3
efhjd.com/img/menu.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1838 bytes)
Hash
384fec65fc108518c176b62a88b40a1f
d6c42c0b2dbdfef2d8468fc91f6c5611596075ef
00e2d83eb75a29fcfbf8e8373352d2e566d143764ddc05d982f46c85bb58517f

HTTP Headers

GET /img/menu.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: image/svg+xml
last-modified: Tue, 24 Jan 2023 16:39:42 GMT
vary: Accept-Encoding
etag: W/"63d009ce-72e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odUCAjUzc1t1VGdy%2FgvKZY5sPo7W8%2B6jyKsLiMijAgQHmBbXNhIn0mFFKqcEr15fIcMw2GOF70Yi6hFmtSKbMBt3m0FHct%2F5XHE8jsG%2BkUmQi3z8WtuFwdJjtTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cbabd5cb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c

142.250.74.40

200 OK

257 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
257 kB (257190 bytes)
Hash
92144bee6ea6e0d44e483342228cabff
809ffeeb319cba1b1df081d21b8d72459bd7e10e
a0ef5cdae96ebe1372948eb0a86f1e50ac9abd19b8c0e37096a7bc18b1410566

HTTP Headers

GET /gtag/js?id=G-75C4L64NEB&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 19:55:32 GMT
expires: Fri, 10 May 2024 19:55:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90404
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

efhjd.com/img/faqs-image.svg

188.114.96.1

200 OK

38 kB

URL GET HTTP/3
efhjd.com/img/faqs-image.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
SVG Scalable Vector Graphics image
Size
38 kB (38395 bytes)
Hash
a60b7216905928c625ae9592044476cd
e70c5be728c7bd1198100337487aafe126834ca3
9a717285429d468fadc4d25179fc6feb49e6335f3af1675fb6be1cb50e7e8322

HTTP Headers

GET /img/faqs-image.svg HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: image/svg+xml
last-modified: Fri, 13 Jan 2023 13:29:35 GMT
vary: Accept-Encoding
etag: W/"63c15cbf-95fb"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1202
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NGXS%2BBTUYEWlw9G1dTFfk%2FuVvv8rieZHyfvJCh3xU485OZx4CO1sUhl5UeCpdEoGYKQ3%2Bj%2Bfw6%2FgNy6lHQnxqCW2NsTCVyCEa5v5B8uMKVjk%2BYv9BXxT7jCmj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc3084eb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

efhjd.com/js/ads.js

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
efhjd.com/js/ads.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectefhjd.com
Fingerprint16:3F:5D:59:9D:CA:20:CE:FB:AA:52:51:9C:1F:EA:38:95:76:4A:DE
ValidityTue, 07 May 2024 14:48:17 GMT - Mon, 05 Aug 2024 14:48:16 GMT

File type
JavaScript source, ASCII text, with very long lines (1498), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
4c46340e14f18a67fee668d9cf5f82d5
d0aa271a10e51424f6e5d1e0c6a8f40fc2216cd8
0eda9e41ed0b8d1f8bfa8c520ba784b53bca48a8536fb24e41dc1d0fe3c18c1d

HTTP Headers

GET /js/ads.js HTTP/1.1
Host: efhjd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/FRCo9
Cookie: XSRF-TOKEN=eyJpdiI6IlUwWnY3ZVA3STZSTGxrZndXRXpsd0E9PSIsInZhbHVlIjoiRy84ZjBVdC9JSVNldmVpTDZCdmFEMVFSUWhGSm5TZ3Y1cW9rQTl1YzV0M3ZPbkJ6R1EzeDVZTUJJb0xyVm9YWFkzWXZEUEdySEVMbGlpQVluVUpKMHhqK0s5TVhhanJFQXpyMXptQytER2d3YitjajVpRTgwUmJUbXMyV2wxL3QiLCJtYWMiOiIxODlmOTA2ZGFjY2ViMjJjNzRlNjEwMWUxNDgwMzdjZjA4YTU3NTcxNGRlYjNmMjA2YmIwNDhjZmMzNzYwZjQyIiwidGFnIjoiIn0%3D; upfiles_session=eyJpdiI6IkkzNVZJbnRTMnZBS0FDN0t6eGo0UFE9PSIsInZhbHVlIjoiVDdvZXZWVXBPeVA4SXhxaEJUMU9pcVNBZkkxNnpNNWFCa1hzU0JrSW11cEFYc09RWlpxQ0VRck1kaHVVTlF2azdYcDRSeEYxSmlnUVlSNUxQTzBwL0pta1JIRldSWnBhV1R2WEs3NzZTT2FxRi9COHJMYW4yVTVBOGpJSW1EUlIiLCJtYWMiOiI1MjhjYWJiZjdhOTFiYmQwZjgwMWQ1OTkxMmRkNjRhNDI1NjY1OTdjNWVlNTFhZjA5MTdkN2JjNzk2NGJmMTI4IiwidGFnIjoiIn0%3D; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af927074-9121-4fac-966e-06c3171436e7%3A1%3A1; sb_page_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_onpage_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_main_f348f1f4cb32736ea8b01bdf483d02ac=1; sb_count_f348f1f4cb32736ea8b01bdf483d02ac=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 13:27:25 GMT
vary: Accept-Encoding
etag: W/"6613f0bd-5d3"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 3924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gv%2B%2BBHASXw4o0lm8xYRI3aJOcBRSgkRt1zqX6CmloxwDwdz5pAB%2B%2FONSf76BHyBC0BGCQynmFpxYWNutXn0zb%2BCo3pD39QW%2BRpIdsdvvkiPmfoSWSZ2sjmSO6ek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc30851b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pogothere.xyz/

188.114.97.1

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
51d933cef022b798d682ccf7460d898e
3088644579cf29368c69173bc142f4a329097592
1e7f1bccef85a0292c0a699a83206902c4f559d3130817e9149a4208e29f0fc6

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: text/plain
set-cookie: csu=261680258268815@1@1715370931; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://efhjd.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z8fdHa1ddH89RTSls0qAagCauk8qcgphXiJx5Fd3Pr6Nn1ZEKCKuFv%2ByUR13KpZDDMHeykz83tFX4ACrBnFIp6gBwxYdm1y3VF3mb3FWCsCU3Hos0tRNFGeoUFoUWI9Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7cc38f8a0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html

104.26.7.19

200 OK

1.4 kB

URL GET HTTP/2
cdn.yourwebbars.com/sb/notifications/gambling/default/android-btn/8/index.html
IP
104.26.7.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1528), with no line terminators
Size
1.4 kB (1444 bytes)
Hash
e0adf77c0018ca4bbdea4d444a33c1e4
0eb2ec58424d9b07a49a0edf0a0efcf44ee8df13
0cfe04bb8227ac43f186cfc30dbfed963b8043e83704779f1f5ec744ed57d876

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: text/html
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 181500
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XI6RPgrfLlZoZiKiNO%2BlQYWmhlebmsCYawL4tB7gwwC3dShVKOvH9%2FQ7G%2FAkdtseC9qdV934ObnoOE1H0KmVph8VKg1HrHmgZ0LjI9buIyDLqYUVA9wO8Z3sNjuPXyBpEBXo0A4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc589670b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:55:00 GMT
expires: Fri, 09 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
age: 151232
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg

172.67.141.24

200 OK

1.3 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1279 bytes)
Hash
24937fd159a21f2e91207d5788e86c70
1b07e0334cc16c5cd659de56314bd2188e3a82f9
b38a482faa1471a520d231f954412ee0293b0401610af1392038be206dc51b8a

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 872916
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YP8WsX2bX5k25gQxc56Ehf1RKKo08TcEDtNK04nBzFO5H4CLIQNTYZ3dnX9C6mSQHmaly61D9%2BYhjOA0HH7g4xfzaoIoLUdryfnqYqrNLlMFobIjMUG58DKUpOeZPgfX69Xkql3%2FIf9G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc71fe1b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxW5DuxThdJWvHtACruMS0TW-ecKO_JSinN6SlyKiVVbUDAfi0D1hLwW8h0BhZR0TOsNPMy&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S956328542%3A1715370933014851&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxW5DuxThdJWvHtACruMS0TW-ecKO_JSinN6SlyKiVVbUDAfi0D1hLwW8h0BhZR0TOsNPMy&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S956328542%3A1715370933014851&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQxW5DuxThdJWvHtACruMS0TW-ecKO_JSinN6SlyKiVVbUDAfi0D1hLwW8h0BhZR0TOsNPMy&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S956328542%3A1715370933014851&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-iDIAO-Kc8mUpRUH7yK5Z_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap

142.250.74.106

200 OK

19 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
19 kB (19004 bytes)
Hash
e9214a1167aa27518bc869450a50706d
b5790e68611559bccd7a422ab3b63d4a9fa50c80
d2c53adf35264dffc9fb93e79e489fb00a10883c98108f57c0413a3c286fb4da

HTTP Headers

GET /css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 19:55:30 GMT
date: Fri, 10 May 2024 19:55:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

live.demand.supply/impl.v17.32.0.js

104.17.38.115

200 OK

91 kB

URL GET HTTP/3
live.demand.supply/impl.v17.32.0.js
IP
104.17.38.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerCloudflare, Inc.
Subjectdemand.supply
Fingerprint9D:70:F3:B0:56:FD:8A:02:18:FB:C1:32:C8:85:90:FF:98:3A:52:8E
ValiditySat, 20 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (23282)
Size
91 kB (91209 bytes)
Hash
3501fe52a8aeb0dc9b89aa1c12ea6e5a
b6221b443437b86f096112d2ec77fab1975fd811
b77415363ffad60ce3f975e393d3ef44a47d8bddbec2f0a2f9f0e9587dd5c501

HTTP Headers

GET /impl.v17.32.0.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Cookie: __cf_bm=CwwKmrLD1ths5tsy_s7WeD06TXlqlctuWvsLGZf_990-1715370930-1.0.1.1-r.2_zRxRA_9vy9OGAKoOmsh7xTxdoxY2po7ZV5I3QrdqX_v4QhAGHWaUyquA8SUXNMhFK90EO8P9g4lulF0_qA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:55:30 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-bgj: minify
cf-polished: origSize=91396
access-control-allow-origin: *
cache-status: "Netlify Edge"; fwd=miss
etag: W/"b0ea5d9194ab3fdb131dbfcf767a3676-ssl-df"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-nf-request-id: 01HWAW44Z8KJM1G27JKQDGSW4N
cf-cache-status: HIT
age: 877079
server: cloudflare
cf-ray: 881c7cbd1f7b56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 1e083b9e90616d5d3393b81db9da0141
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 19:55:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5IiaQmkcsriOBMKlAqb79i2lrfsqY6%2BqM2LvTgxTAbQcUJvUcHVqja9Eo95X%2F2j7jcZXgt8fqhRPF2ECi3URH7UeXvmZo498QMzAl%2B4sGmt9EZn8bbPLCibDV6jwEVW%2FjznClj%2BVrpZ9fbirRy5bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cbe19520b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 19:55:32 GMT
date: Fri, 10 May 2024 19:55:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css

172.67.141.24

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
49a38187f94418e173e4bcc50c96dc4b
b64e899d0c6bbb13e6f63e191b77b3eb5e5a6293
92db03d6a48c8756e15b1b2ffb9d1ea5aae5e2d9a706b630f93f73e3debbb3b0

HTTP Headers

GET /sb/notifications/gambling/default/android-btn/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://efhjd.com
DNT: 1
Connection: keep-alive
Referer: https://efhjd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:32 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:25:08 GMT
etag: W/"65aa8644-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 268367
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QsfA7oqA6Rxnb6En%2BF%2BxCjVBF%2BWzyC3YXQ1%2Bcb7C2ZdPo7nVyzQr9C3GClPMGO7mxvu%2FI1RR%2B%2FQ8pRhkJkoGXdyKl20SW5FfGzTKdaVEaVJLfwigDTo3wRAW95AgM2apMHAORaPhJ5fH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7cc63d170b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQywpAi-gAdzWE4TO6P1a0BGzutIRPTTmiFVsZgeLqiXj48sSh6MsmHbrJwsPxSCRMaq00WP&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S118173205%3A1715370933005083&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQywpAi-gAdzWE4TO6P1a0BGzutIRPTTmiFVsZgeLqiXj48sSh6MsmHbrJwsPxSCRMaq00WP&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S118173205%3A1715370933005083&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://efhjd.com/FRCo9
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQywpAi-gAdzWE4TO6P1a0BGzutIRPTTmiFVsZgeLqiXj48sSh6MsmHbrJwsPxSCRMaq00WP&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S118173205%3A1715370933005083&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://efhjd.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 19:55:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-TuJ3uMOFExx425PhMWo6ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML