| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha2104f935c638b4767ca5ae0d738ef23 85c6af15af749be0ceeae6de17c36925b750f166 5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11955
Expires: Sat, 28 Jan 2023 11:28:20 GMT
Date: Sat, 28 Jan 2023 08:09:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash81dd5c5cc5b3278876cb44dcb520a60f c0511a59e9eccdcdda98717b87c89c5d59974808 41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15037
Expires: Sat, 28 Jan 2023 12:19:42 GMT
Date: Sat, 28 Jan 2023 08:09:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash03092d1a1bc7ac91ee342a1a7ab2a562 52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a 03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9282
Expires: Sat, 28 Jan 2023 10:43:47 GMT
Date: Sat, 28 Jan 2023 08:09:05 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashdcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 07:35:29 GMT
content-type: application/json
age: 2016
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O9JvDEtuTXm0aSbN4dubO//LOupv9PPKHlilffldyp1UwZiEDfG4NBzCcrqADTNlHPDrZTcgPRo=
x-amz-request-id: FHY1TD2MZS8GPH34
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 07:49:47 GMT
age: 1158
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:05 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 07:41:40 GMT
age: 1645
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| magnetdl.123ultraproxy.com/ | 172.67.177.99 | 200 OK | 317 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/ IP172.67.177.99:0
File typeHTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (60411) Size317 kB (317339 bytes) Hash520eeb82d7aee6c7736dc746d35305e9 7931fe08b4ea9f85d2c156a7c8a28b96cb2e06cd 740d8605a13eb0b97b482424303e2f4b612bbab691893c0a0303eb2d37e33d2e
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET / HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:05 GMT; Max-Age=86400
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7D0DNJheLhlHRwUKbQ48iXOqOYTii3AjMckwfBDctz5Rt2S7f2FltlOl9WCZmCptLEqcuV4ELbDAIxtZMB2ryqyqhPExzgDkLNIBnO4ztOwgKg6CGQjLqI5GQFZH54obUs%2BRNgQDZx7hhhmWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e7248ffb4f7-OSL
alt-svc: h2=":443"; ma=60
|
|
| glimtors.net/ntfc.php?p=2651991 |  139.45.197.251 | 200 OK | 5.9 kB |
URL HTTP/1.1glimtors.net/ntfc.php?p=2651991 IP139.45.197.251:0
File typeC source, ASCII text, with very long lines (14324), with no line terminators Hashb5f1ce6ad306807085d94576e1bae02a dbd684ea5d4bf1b6126f1b7139bf6308d1fe28f8 65423936450d3e2794f6ad502f4ba8bd8975032b2a653e5af35f6381cead90b1
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:05 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d3af98-37f4"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
|
|
| i.imgur.com/TH5z5DM.png |  151.101.244.193 | 200 OK | 1.5 kB |
IP151.101.244.193:0
File typePNG image data, 94 x 89, 8-bit/color RGBA, non-interlaced\012- data Hash063ed504acc2ee96cec413d248379761 c2ba3db79e0b25c801ff431539a63d17014533ca 5718709bc4408d9d06689ad12333e3e79299dd44abcf447ca6a5718aedc8a517
GET /TH5z5DM.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Jul 2021 13:23:59 GMT
etag: "063ed504acc2ee96cec413d248379761"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 28 Jan 2023 08:09:05 GMT
age: 8595476
x-served-by: cache-iad-kiad7000147-IAD, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 12138, 1
x-timer: S1674893346.959099,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 1476
X-Firefox-Spdy: h2
|
|
| magnetdl.123ultraproxy.com/css/index-styles.css?v11 | 172.67.177.99 | 200 OK | 674 B |
URL HTTP/1.1magnetdl.123ultraproxy.com/css/index-styles.css?v11 IP172.67.177.99:0
Hash030dc284ed1de45bbafb2ccd1384b5a2 5b03771444e1e66c5caea43dc9e1dd055d152ffa 2d7165033ce678f254da84068c7dea896e1971c4d213e12113a3e2e42e3583ed
GET /css/index-styles.css?v11 HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:05 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:05 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYy%2BJVadCA3lzJwzRchXV4Qc486QnE9QloMP0SDdntg7k4Wjoe%2BLibZpLk8Ekq8526WUo8lL7nHDPncRh5QgPU2mS%2FoEaBZ0427tRsZOwDZQbtgI5aK65DsvEphjEjZLbNGXZY1JPpVoAIO1lg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e73beb21c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 471 B |
IP216.58.211.3:0
Hash7da8f9a23d8c05f64f248e4e3427c76e e2d001c2909cd9403173cbb0e288d55fbc8e4d0a db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/s/gts1p5/KpsovBFJaCc | 216.58.211.3 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/KpsovBFJaCc IP216.58.211.3:0
Hash0203ab31bb6ea56214b33ea9fa5027d7 9e09334074b0105abef53a777646279536c3ffd9 9966e0ad647266ed8ec2f9cc273b830e81facf63735cbf862d12634890058009
POST /s/gts1p5/KpsovBFJaCc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:05 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| magnetdl.123ultraproxy.com/app/apx19.js | 172.67.177.99 | 200 OK | 2.6 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/app/apx19.js IP172.67.177.99:0
File typeASCII text, with very long lines (9183), with no line terminators Hash9ea8acd8d74e4f328d558b64219e02c5 156ce99860c738bee0a97dbe9c543a83f4fd5457 cc0dc5bf2c19d0830dd3962179d22ed40f200ecf8dc905a4e64bba0c1ccf9dff
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /app/apx19.js HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:46:59 GMT
ETag: W/"5f610c23-23df"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pb4mBZgfhRHuJyVHYAsWeRXUVpUxFavbBXDxheAtfUS%2B75sbt7YitGpA%2FpeTFqccWaJ7mvHvcpxC1VtGW8SAcZntlgOwOrMO5z6JGkarfH7h708LMSAjBgMiSiKP41snCpSKsBthavoekYPV1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e73bb0a0b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash52f8a3902e9b89de1cba9abc227899be 06db0fdf53433c5a136f779a0cf89c0b60d6e3d3 c552ced0d19a44d46bfe323aac41ea17d7b89b7f631f1614fe32f4e138b2a80d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C552CED0D19A44D46BFE323AAC41EA17D7B89B7F631F1614FE32F4E138B2A80D"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1285
Expires: Sat, 28 Jan 2023 08:30:31 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| benumelan.com/5/2632704 | 139.45.197.239 | 200 OK | 24 kB |
IP139.45.197.239:0
File typeASCII text, with very long lines (64226), with no line terminators Hashec8509a393963bef79205833818e2216 a480827a34ce939b7b1c7272d753cfc90ca0a17a cce1858af25af3390c14f0b248b99709ee75c0d4d0bbf61ec46ae9246b55e41e
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 13ddf782d319316cd28d66b59fa7f8ac
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:05 GMT; path=/
oaidts=1674893345; expires=Sun, 28 Jan 2024 08:09:05 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
|
|
| magnetdl.123ultraproxy.com/hy.js?q22q2q2 | 172.67.177.99 | 200 OK | 18 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/hy.js?q22q2q2 IP172.67.177.99:0
File typeASCII text, with very long lines (56131), with no line terminators Hashf12634066d38736854588dc61b5ba109 623e90c430f1609e59e16407553e2d2ff8882d8e 7ca898a6218b8e61a9a999ffb0c76a9c60f86dfd4353b2496225e6473c72c0de
GET /hy.js?q22q2q2 HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:54:49 GMT
ETag: W/"603dd329-db43"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWmV4DWRW6Y%2FhWWARhceOrmJCtvfjVXqWgs5sVrz0iy8PVMfNHEpiVIAuMUqW4Vwl0mrzOb3CrkXmwsAN%2FttUwO40KTl7wNAgvvMrlT3gTKSdk8cSw3VrAEtNQKVuKFElRNgx2HEIRd2UH5mkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e73bef7b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| magnetdl.123ultraproxy.com/app/x12.js | 172.67.177.99 | 200 OK | 3.0 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/app/x12.js IP172.67.177.99:0
File typeASCII text, with very long lines (11180), with no line terminators Hash7f0c811d15a31a93662cfa30df4ef5ea 3f5b8f499bc7f50d2315eadc7cf043d317b60b95 af3050874dc2886642989014b75a7b4734239520ee7d36ea06d4527e41d92beb
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /app/x12.js HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:18 GMT
ETag: W/"5f61074a-2bac"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nyo9aMxdqcqR%2BLrndiGJ%2BLnBW9GW7V3%2FO0Drjv9H1ikRCbrA%2Fr6rSPGX7TM8NHtC5dq7BWJvojud53LIBF6npFkB258eIsjZu4NH8owrYOLoCHL41IviMjbUhf7r9FLR214tmH3sH5FZk4972g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e743b67b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| magnetdl.123ultraproxy.com/app/apx14.js | 172.67.177.99 | 200 OK | 2.2 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/app/apx14.js IP172.67.177.99:0
File typeASCII text, with very long lines (7663), with no line terminators Hash5fd0d992c153321728eef72725f9e2f1 11af100c190b0c91d3126ca0c792aa6cd3954897 f39352e9834fda1868dab410b72a2850f516686f140843e9f0eef835be503330
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /app/apx14.js HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Sep 2020 18:26:19 GMT
ETag: W/"5f61074b-1def"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABe1cJW3rcRlztMJST4uaoSaGngLkv7saTDjX68vzFRwFugLoo63tmdvQ%2FlOhU1%2FQ9upQ62VjvReLOYoyMJHugDPk2TUvOrBB1QHF1NBNAyX723CsuSXn%2BHpQlT018CSMUI6opM%2BNhRErIKVTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e73befcb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashbe951c47757ca3d4dd9722af36c97b68 144b97e7c16823a8302d2ea9b2dd1e152ad755da 12c316123ee9be8a80da46671caa4f18fb45064a343f5937b3c566da9e8e302c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12C316123EE9BE8A80DA46671CAA4F18FB45064A343F5937B3C566DA9E8E302C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1388
Expires: Sat, 28 Jan 2023 08:32:14 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashbe951c47757ca3d4dd9722af36c97b68 144b97e7c16823a8302d2ea9b2dd1e152ad755da 12c316123ee9be8a80da46671caa4f18fb45064a343f5937b3c566da9e8e302c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12C316123EE9BE8A80DA46671CAA4F18FB45064A343F5937B3C566DA9E8E302C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1388
Expires: Sat, 28 Jan 2023 08:32:14 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 471 B |
IP216.58.211.3:0
Hash7da8f9a23d8c05f64f248e4e3427c76e e2d001c2909cd9403173cbb0e288d55fbc8e4d0a db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/s/gts1p5/KpsovBFJaCc | 216.58.211.3 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/KpsovBFJaCc IP216.58.211.3:0
Hash0203ab31bb6ea56214b33ea9fa5027d7 9e09334074b0105abef53a777646279536c3ffd9 9966e0ad647266ed8ec2f9cc273b830e81facf63735cbf862d12634890058009
POST /s/gts1p5/KpsovBFJaCc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:06 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| magnetdl.123ultraproxy.com/zpp/zpp4.js?q22q2q2 | 172.67.177.99 | 200 OK | 14 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/zpp/zpp4.js?q22q2q2 IP172.67.177.99:0
File typeASCII text, with very long lines (38995), with no line terminators Hash3c741ddc90399bc2910b2cdc0a826716 163182c6b04f146fbf6de424ead05c91e59e3c51 e6753c7588e28e17f44aa00cbe8c314de3f2bbcb8e892a439eed11dd989b1d84
GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 02 Mar 2021 05:54:51 GMT
ETag: W/"603dd32b-9853"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tcmMuLM7qc1OwnPIYnLX7U806Vy%2FFR9kWt6vFXSxrqFiFnNPBJDgyhnAUcyCkNS1gV5UnYkQ3xv0m8WEuRJnq3ELe45To61iFZht2g3zAb1Q274ZbC9tLLhjfBuwfkWHQojy5FhPHBiJlwugyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e73ba20b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash16a7b6a7128312e2f985d30df18c4487 6017bff79ffb525d9c7f9f32b999b74b5dc69602 663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12820
Expires: Sat, 28 Jan 2023 11:42:46 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= | 139.45.197.251 | 200 OK | 705 B |
URL HTTP/2glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= IP139.45.197.251:0
File typeJSON data\012- , ASCII text, with very long lines (704) Hash12b4398030a0739bd93abd9f513bbdc9 79f96521566cbc2108ca60efcb0ea1144386d91e 9a92e83db4bcefe4bc4fa474f71d8ce577e7d40cd04d64ece2dad67f59ac50e5
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: d501e752755bb064d0e3379cf7ffb2a1
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| inpagepush.com/400/3064505 | 139.45.197.237 | 200 OK | 33 kB |
URL HTTP/1.1inpagepush.com/400/3064505 IP139.45.197.237:0
File typeASCII text, with very long lines (65536), with no line terminators Hashb6fcfb84aede5707d018b11a97d919fe 4f4a9e10b6232709c1becc64248dac0aa2c2a0f4 54731a11115c27b7897db36f6812489aaae41e7d8c9c4ba53d0e30842891bf1f
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | |
GET /400/3064505 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 5e82d44ecae9b16b73f8ce45abc5aff6
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=a2540bfdd3b047c7a5b40c19f68efd73; expires=Sun, 28 Jan 2024 08:09:06 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 471 B |
IP216.58.211.3:0
Hashcbe94bc7052911313fffd1cdad964a74 a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada 430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| matomo.hellohi.me/matomo.js | 172.67.219.82 | 301 Moved Permanently | 169 B |
URL HTTP/1.1matomo.hellohi.me/matomo.js IP172.67.219.82:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf3099a531821c476589c3d2d00d53772 8e539d05a8355d6835a56f94b75f405c6e55f6f3 a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.js
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 188
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0MWp1ejDIDalfRTqEK2%2FYZkQJoVMTPiGqbo72Lns3izgixifSeaK4S74WcFTdfzAa5yUgIwPewKFdpn%2BNUmB9NIhiUzL9iIeVRGJFMxxYb69SoswE3a83DMwv7KPl4onm6Vog%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e757ff5b50f-OSL
alt-svc: h2=":443"; ma=60
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:33:54 GMT
expires: Thu, 25 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 218112
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| magnetdl.123ultraproxy.com/img/index-images.png | 172.67.177.99 | 200 OK | 12 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/img/index-images.png IP172.67.177.99:0
File typePNG image data, 571 x 236, 8-bit colormap, non-interlaced\012- data Hash1c737b684328bc7e891bad8bcbccf99e 46de70e12dc6e705d9b5824b76eec472e8273224 65ea1e05621a3a74c379d57dbd656ab50706f26ee085971ba0947c48df5e7bdb
GET /img/index-images.png HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/css/index-styles.css?v11
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:06 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hJIhOpeRVCdJ8NGbA0ksi2mmBnkThdaz%2B3a%2F9s2GeAT4HC1WqDLv4uYOL765eKsGRed2TSjXhsgMPDcpc8AhthUkwOnkVfmbV3zzuhVwC4Dbo5Dao5zNs4rr3zKpVuKNghbP35k6GuszdQs4Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e74ef861c02-OSL
alt-svc: h2=":443"; ma=60
|
|
| magnetdl.123ultraproxy.com/img/index-search.png | 172.67.177.99 | 200 OK | 742 B |
URL HTTP/1.1magnetdl.123ultraproxy.com/img/index-search.png IP172.67.177.99:0
File typePNG image data, 92 x 34, 8-bit colormap, non-interlaced\012- data Hash364fb0178251b9c41cbeb8232f04d511 d836c85990cb959a2a164c7b9dfa5f410260ee34 1666dab36c11d4cf35b5b1a465bb9e0f4043d927c77e72c187e2b27c32d16897
GET /img/index-search.png HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:06 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzpBJYaPc2F%2BsvIuvsbv7l09JWqK6qpBujlui0lINr1WwWRs0pchAYWqixeklHiWrtll0zi1l5f7ud0kezwtiwt6eHLYRReUoSn2DI8AX%2B8ILzJIk0CNkHpWd2nBK4Mr3tkCxp3Dheg%2FiPIWwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e74cbb60b51-OSL
alt-svc: h2=":443"; ma=60
|
|
| ocsp.pki.goog/gts1c3 | 216.58.211.3 | 200 OK | 471 B |
IP216.58.211.3:0
Hashcbe94bc7052911313fffd1cdad964a74 a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada 430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| magnetdl.123ultraproxy.com/img/index-menu.gif | 172.67.177.99 | 200 OK | 100 B |
URL HTTP/1.1magnetdl.123ultraproxy.com/img/index-menu.gif IP172.67.177.99:0
File typeGIF image data, version 89a, 1 x 36\012- data Hasha37d19ba4be691a2b5d4cd9274c73e01 df2d5afe0e868370873f7662fbb96b8ef0bd7a27 138d5ead313c4f2196228271fbaa6a1b35e063856459a9f7378f125790c4bb36
GET /img/index-menu.gif HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/css/index-styles.css?v11
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:06 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWNKKrmglIBOpVbSCsJ%2FLx2rJehak5kkbOEaAiirVp3NPyUHmrMrYRp24IM0VITzJAZJU3cGpAd7DgGxRaqfyrmqy2TYBLQQ445mbl4RgOiei7aE7vPgX3UqOFd07ojBIxKdY85rEsUzgSvQvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e74e85cb512-OSL
alt-svc: h2=":443"; ma=60
|
|
| magnetdl.123ultraproxy.com/user.php | 172.67.177.99 | 200 OK | 25 B |
URL HTTP/1.1magnetdl.123ultraproxy.com/user.php IP172.67.177.99:0
Hash363f411ba212d4d1ccf7856f856145e9 08331057577f273187dd15e7c6f57937835e0aff c50b40612adfdbf2e228758746fc7927cf440cb9bb5a8280c00d7946632a1943
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
POST /user.php HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXKcyYv5OlHLyBNWvjxXeZdff0e4PQaAYcL%2FjUt9WBqtwEVqzXyM%2BUhg5Or3Oy1zLLZKnK8a6fiWMNOziNubS2kYx%2FjCx9FGbwgcE8i2vFuM5w6wavuXw5DntYjM1lDqSln7hLgpq4jx%2B8x%2FHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e750872b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| glimtors.net/ntfc.php?p=2651991 | 139.45.197.251 | 304 Not Modified | 0 B |
URL HTTP/1.1glimtors.net/ntfc.php?p=2651991 IP139.45.197.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ntfc.php?p=2651991 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
If-Modified-Since: Fri, 27 Jan 2023 11:03:52 GMT
If-None-Match: W/"63d3af98-37f4"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sat, 28 Jan 2023 08:09:06 GMT
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Connection: keep-alive
ETag: "63d3af98-37f4"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
|
|
| magnetdl.123ultraproxy.com/helper-js/ | 172.67.177.99 | 200 OK | 1.0 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/helper-js/ IP172.67.177.99:0
File typeASCII text, with very long lines (2612), with CRLF line terminators Hash85fdc5000092dd17ca04608c8ba14567 2762056a919e7fa859aaf81ed03b8f4a0b42cf30 5b515027d9c634f9876862e003dee0a5103160ab2af37c9ba295adc1c9c15798
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /helper-js/ HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: s-maxage=0, max-age=0 no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWAM5WIPJzBG5UKjFbKEx0jboyOAZ5c%2BmzI4Yjs7sAw%2BARWVu7Aimwu8OxLXHMpaEw6ru0F5ZSyFv3rZVdEPOrjj2r8BZk0%2FhzWpE8lqzd3RuY7SGWALtZAbURoMjClZqa4wDZdpLpccySGLQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e763983b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| push.services.mozilla.com/ | 52.43.234.55 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.43.234.55:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ULmVjh4sUdwL3zWAjQdvVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1loHASJuNLQVyQkXETCHn7liHj0=
|
|
| betotodilea.com/400/4495524 | 139.45.197.237 | 200 OK | 32 kB |
URL HTTP/1.1betotodilea.com/400/4495524 IP139.45.197.237:0
File typeASCII text, with very long lines (65536), with no line terminators Hash72d519a11df3ff0bcc09171a33dd37aa f0062f04828a03828e1c6ccb58c919eaf014ea54 f3b7a32ab2fd0a4639f1b120627c9ad9f43288f9001aa8a5cf01df4bd0d60649
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /400/4495524 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 07e957d3013b73a7cbccb11ef35dff0d
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=d9d9c35ea6904616872278069a10593c; expires=Sun, 28 Jan 2024 08:09:06 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash2c4380697a101b67d9f8edb80bbe917c d031ccb76ff8aeef9f80594b3ac3a7117e1ad05d 92fcb57afd01dbdc56cdd37ff2ebfb8807a286936093b1a863d334a3826aceb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92FCB57AFD01DBDC56CDD37FF2EBFB8807A286936093B1A863D334A3826ACEB3"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19276
Expires: Sat, 28 Jan 2023 13:30:22 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| my.rtmark.net/gid.js?userId=bfc17cedf7d245149ab925287717d898 | 139.45.195.8 | 200 OK | 65 B |
URL HTTP/2my.rtmark.net/gid.js?userId=bfc17cedf7d245149ab925287717d898 IP139.45.195.8:0
File typeJSON data\012- , ASCII text Hash50545c0fdc0f7dd2f32419cbb19fb7d1 c15a1126aa1a9d5fe5f6f599956930bce29fd690 45c09166455b5c7c0b9b807b2ffc62aee7275cfb4f28fdcf7065d6fa1b3692aa
GET /gid.js?userId=bfc17cedf7d245149ab925287717d898 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:06 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| benumelan.com/5/2632704 | 139.45.197.239 | 200 OK | 24 kB |
IP139.45.197.239:0
File typeASCII text, with very long lines (64226), with no line terminators Hashdce118228a0178a2bb056830cb02bd06 86b3a637939d2d71c935b13d2526d3ad53ab6f06 7a5618715e7d55a9120b042094ca5145a4dec3599408887e1cbaf462522d7418
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: e3e0ab6620fad3b4fd3545fd6069c7a6
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=ed2a730857864f20929c13e1a40bf2e8; expires=Sun, 28 Jan 2024 08:09:06 GMT; path=/
oaidts=1674893346; expires=Sun, 28 Jan 2024 08:09:06 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash675dd553a1ba7530f23b697ceaa27a6e 4f75a3039291a1acafa0914b48c22f9e3d3f5241 52827a66fb24aafa6b2a2c8d2fa2986f5c2cbd82ab4b485ff7f6f5777ba7d474
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52827A66FB24AAFA6B2A2C8D2FA2986F5C2CBD82AB4B485FF7F6F5777BA7D474"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7451
Expires: Sat, 28 Jan 2023 10:13:17 GMT
Date: Sat, 28 Jan 2023 08:09:06 GMT
Connection: keep-alive
|
|
| glimtors.net/pfe/current/universal.min.js?v=3.1.415 | 139.45.197.251 | 304 Not Modified | 0 B |
URL HTTP/2glimtors.net/pfe/current/universal.min.js?v=3.1.415 IP139.45.197.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 27 Jan 2023 11:03:52 GMT
If-None-Match: W/"63d3af98-18c6c"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: "63d3af98-18c6c"
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= | 139.45.197.251 | 200 OK | 705 B |
URL HTTP/2glimtors.net/zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= IP139.45.197.251:0
File typeJSON data\012- , ASCII text, with very long lines (704) Hash12b4398030a0739bd93abd9f513bbdc9 79f96521566cbc2108ca60efcb0ea1144386d91e 9a92e83db4bcefe4bc4fa474f71d8ce577e7d40cd04d64ece2dad67f59ac50e5
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /zone?pub=0&zone_id=2651991&is_mobile=false&domain=magnetdl.123ultraproxy.com&var=&ymid=&var_3= HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 98012a8d0959a2d37d440e6dd8197f09
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js | 192.243.59.12 | 200 OK | 13 kB |
URL HTTP/1.1heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js IP192.243.59.12:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with very long lines (37153), with no line terminators Hashf837eb7319ad28ea15036209d424de1e 912d414fe4cec20978113217ff74f6b2caf0452a df05662e25a7f6a6c4d6b9fd2c9d31323023b1dff2bb4454c077da11ac4e38cf
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 08:09:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0fea474334319bb070a61ad46d88bc21
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ecma.sidebyz.com/j/m/w2.js.php | 172.67.167.53 | 200 OK | 56 kB |
URL HTTP/2ecma.sidebyz.com/j/m/w2.js.php IP172.67.167.53:0
File typeHTML document, ASCII text, with very long lines (492) Hash43cb9fb373bc8e18917bcbeab1170fb0 99bc76dee53d6e9f919271453adc594607bec9a5 e476eac61328a1cb7c9852a76861c6d4cc1585e43a0850bd6a520f3214245a9c
GET /j/m/w2.js.php HTTP/1.1
Host: ecma.sidebyz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lL8TZw1oRp2HdiHdMf3qL2As8rGkOqv0tN8AZAZXHh4g50An2nmdsrlVvOo7bVShCUrhR9%2FfaCBBsPIfqQqchSMiBgW3DhYBY9mcLSpkP4DInDOVAQHuHNvR7x3Papf4XT3C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79083e76d9030b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=581870&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=5H53p4&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D | 172.67.219.82 | 301 Moved Permanently | 169 B |
URL HTTP/1.1matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=581870&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=5H53p4&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D IP172.67.219.82:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf3099a531821c476589c3d2d00d53772 8e539d05a8355d6835a56f94b75f405c6e55f6f3 a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=581870&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=5H53p4&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=581870&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=5H53p4&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7PNDyaS99LN1muyrylxfAS04hJejpeq60AXl5DzUOOrs8ZkhOYzUaZG9VVl9YtZ41Phw3aC0YJ4mzYEnuUSHqVwzADcvqi7QeKLwR7bxfr0YtXH7hVpCgptGzNP9QndnTFxxg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e7a0d76b50f-OSL
alt-svc: h2=":443"; ma=60
|
|
| friendshipmale.com/sfp.js | 172.64.166.29 | 200 OK | 28 kB |
URL HTTP/1.1friendshipmale.com/sfp.js IP172.64.166.29:0
File typeUnicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashb1fa950e77a7db5425f9a5257af02e9c 2d5580451f34ad96218f8b97edf9708f9ee1be87 d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | |
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 20c4a5cac6dae39b22518dbc71a4472c
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 28 Jan 2023 08:09:06 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnbQH1YgVw0kW3WNEyeYOfF6KYkVr69sVSOwQcZd1GBzyz6hGNaRLgQiCeymsqrg7g2opJdeTsxVas8jDdLRHB%2FpbPKIRgPsWI%2Bk00eci%2F%2BWUsW7Gx8XwQ%2Fbs4XcXT9NPBS4f4w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e7a4fa172fd-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| thaudray.com/5/2632704/?oo=1&aab=1 | 139.45.197.237 | 200 OK | 1.4 kB |
URL HTTP/1.1thaudray.com/5/2632704/?oo=1&aab=1 IP139.45.197.237:0
File typeJSON data\012- , ASCII text, with very long lines (2773), with no line terminators Hash3040ddf40eff7cd76ba35ee1d4988afd c64f77850b49d9e0163ed85f9451d58fb1740c95 2855506fe9c3eb6464cf5fec2b489610d1efb20e986767d55467af604412a5a8
GET /5/2632704/?oo=1&aab=1 HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 7bec4975b3b784a0fd3510eaa36531fd
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=8a18938b5f2e4e0c9fae07794ab7b410; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
oaidts=1674893347; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
|
|
| benumelan.com/1?z=3372123 | 139.45.197.239 | 200 OK | 7.1 kB |
URL HTTP/2benumelan.com/1?z=3372123 IP139.45.197.239:0
File typeASCII text, with very long lines (17093) Hash900cfdb54dfa0229aed0aa5b338cf792 f1a13cd7603b2c9112f1f0a2f44a7a9f0fe5c1cd 1067a7d2d07e2833d6e9c404b68fdefdd9867dd6baa65e9d0af945abeb4047ac
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /1?z=3372123 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 46debed654701b8456016edce8117aef
access-control-expose-headers: X-Sc
x-sc: TeHDpVAkPXVpYOskqYyY350T0d9CKitxrvjvxloHhzQYh_7suK7ryOLa00P03_VcJHpvlqkmOiRbbDAhaMplP3l-qhI=
set-cookie: scm=1; expires=Sun, 28 Jan 2024 08:09:06 GMT; secure; SameSite=None
OAID=3cf0b8cab25943508406af0e32574ca2; expires=Sun, 28 Jan 2024 08:09:06 GMT; secure; SameSite=None
oaidts=1674893346; expires=Sun, 28 Jan 2024 08:09:06 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.39 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.39:0
Hash0349e6d78e3182b23c8a0b92b3b0a8b3 0fc1da04b464f7b1e7ff4f56b3ee95d72417f1d1 79840bcd7e18738f712f7d87bbbfdb05269e357d388523676ce4333cc8a2f2d4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111191
Date: Sat, 28 Jan 2023 08:09:07 GMT
Etag: "63d3d217-1d7"
Expires: Sun, 29 Jan 2023 15:02:18 GMT
Last-Modified: Fri, 27 Jan 2023 13:31:03 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: M_dJnQQ3N27NCuz6Fnz1PAfdlEbt2AgCzohlNONtkLrhzG38BvoGUQ==
Age: 5475
|
|
| thaudray.com/tag.min.js | 139.45.197.237 | 200 OK | 25 kB |
IP139.45.197.237:0
File typeASCII text, with very long lines (65536), with no line terminators Hash0ef679822840cd7cdefb4df6b753e87f 982cfe2d21480129dd1a3c0207ca238fa9e76fa3 b7535ea57e1dab3be62a261787bb532462e83e6bcda2a4832a9febc5cca3eae4
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | |
GET /tag.min.js HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 25191
Connection: keep-alive
Content-Encoding: gzip
X-Trace-Id: 28a98d4896ae1c3cb090146ae69defa9
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
Last-Modified: Fri, 27 Jan 2023 14:24:37 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
|
|
| rndskittytor.com/400/4837723 | 139.45.197.238 | 200 OK | 33 kB |
URL HTTP/1.1rndskittytor.com/400/4837723 IP139.45.197.238:0
File typeASCII text, with very long lines (65536), with no line terminators Hash26b2478359398abc950c00385ba4284f d73a95c74b9b52c70f8aafb04aa6e085ddc0b21a 66e6a7441e0cc184c6647f81c46826a807a2ef957b0a69e99b2ea63e56388997
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /400/4837723 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 0211ed2985a8ed29175cb294f0ea47c8
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=92e929faface4be1859799903882aeb1; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| simplewebanalysis.com/stats |  3.120.47.42 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP3.120.47.42:0
File typeASCII text, with no line terminators Hash1140c9e7203fb7dd34ba64a903796568 eae55cd3430412a25d7fe4510f3e29a5812b78b4 38b238f3d38fad444e4e1a7d26db6a87bc380bf6f4e28e9ee06e846e3d72bc37
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
set-cookie: uid_id2=19c80d81-ce67-4bbc-a6d4-a6c85e65babe:2:1; expires=Tue, 25 Jan 2033 08:09:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| overzubatan.com/5/2632704 | 139.45.197.239 | 200 OK | 24 kB |
URL HTTP/1.1overzubatan.com/5/2632704 IP139.45.197.239:0
File typeASCII text, with very long lines (64230), with no line terminators Hashcbdcdce74fd4702d846a457123a9db44 168dd0779a87f8f015c5216a77e229fab4ea62ce e6d99c9d0d47377a75712f0cad192e499860617a2f875576a9476c717f99b793
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /5/2632704 HTTP/1.1
Host: overzubatan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: b59d1a6cfa68a10b414fb7c9810085c4
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=0e5abb4ce4cd48f894090864bed38a60; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
oaidts=1674893347; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
|
|
| ocsp.globalsign.com/gseccovsslca2018 |  104.18.21.226 | 200 OK | 939 B |
URL HTTP/1.1ocsp.globalsign.com/gseccovsslca2018 IP104.18.21.226:0
Hash38b9da20915223f88c5b8407deb49c3f bc0de4503a03d22db46673840e36a2591e254309 3eb81c5c3333e9c9008508ff307faf437ce6464770a7543ad1421dce40ebfc27
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 01 Feb 2023 06:50:15 GMT
ETag: "bc0de4503a03d22db46673840e36a2591e254309"
Last-Modified: Sat, 28 Jan 2023 06:50:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 622
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e7ced7d0b59-OSL
|
|
| betotodilea.com/400/4495524 | 139.45.197.237 | 200 OK | 32 kB |
URL HTTP/1.1betotodilea.com/400/4495524 IP139.45.197.237:0
File typeASCII text, with very long lines (65536), with no line terminators Hash765dfe3f9bb2887af1ed266df36b9e63 f44fb73d02356ecf895621357a0ce498ef32dad2 d2b42c64e06fe6ad8556a05a11a87e8ebce118a9199f55db0af0ae459ef2d4a8
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /400/4495524 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: bc9823547e7697062e11d4da0d3445a2
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=55cab444417948dfa121783630bdb8fd; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| magnetdl.123ultraproxy.com/favicon.ico | 172.67.177.99 | 200 OK | 1.2 kB |
URL HTTP/1.1magnetdl.123ultraproxy.com/favicon.ico IP172.67.177.99:0
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Hash1a4ee84dab0e62ffaadc5285239a0d8f e7192fb7c5fed55243b15c27f6a8f9c9d8656ff4 139af8f74c1aad1e8d86667cec17eed74746412d8cd3ab743694e37ce89a0634
GET /favicon.ico HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: view=1; PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu; _pk_id.1.f3c2=e57ef3f0e860c05c.1674893349.; _pk_ses.1.f3c2=1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:07 GMT; Max-Age=86400
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XM0kMTs74rZHXaq%2Bd0Y%2BRNnvm%2FA4Pk3QZxoA3vBXws1UeUl0Xs40R7HtWHhxGYSylXogDrLa1m0FYyu89qAOwbZSPT5eD1SReNJo%2Bm0mNLh9cP%2BfmCP3Knw8S%2BnJmIyj0qpIxrrq6huV9LCJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79083e7c6836b512-OSL
alt-svc: h2=":443"; ma=60
|
|
| benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 | 139.45.197.239 | 204 No Content | 0 B |
URL HTTP/2benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 IP139.45.197.239:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
OPTIONS /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/metrika/tag.js |  93.158.134.119 | 200 OK | 74 kB |
URL HTTP/2mc.yandex.ru/metrika/tag.js IP93.158.134.119:0
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (659) Hasha236c7014c1f1a1e52d356f59e5d665a b66c638eb2346287364c37725819bbab1f409d66 ad2d57579e453af0eac49156840bcd1dcfbd802a82135af98f41f714d7e698f2
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73769
date: Sat, 28 Jan 2023 08:09:07 GMT
access-control-allow-origin: *
etag: "63c93a4b-12029"
expires: Sat, 28 Jan 2023 09:09:07 GMT
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| inpagepush.com/500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.237 | 200 OK | 0 B |
URL HTTP/1.1inpagepush.com/500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.237:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
|
|
| betotodilea.com/500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.237 | 200 OK | 0 B |
URL HTTP/1.1betotodilea.com/500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.237:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
OPTIONS /500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
|
|
| ocsp.sectigo.com/ | 104.18.32.68 | 200 OK | 471 B |
IP104.18.32.68:0
Hashda6d1131f8c9ad77c09853b9bc65a467 dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba ea18b3e2c606aeb6128c798d0ce25827e7a630701a73248211b7d448805d2233
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 15:49:39 GMT
Expires: Wed, 01 Feb 2023 15:49:38 GMT
Etag: "dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba"
Cache-Control: max-age=372630,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79083e7d99f40b45-OSL
|
|
| glimtors.net/custom | 139.45.197.251 | 200 OK | 0 B |
IP139.45.197.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f | 139.45.195.254 | 200 OK | 12 B |
URL HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f IP139.45.195.254:0
File typeJSON data\012- , ASCII text, with no line terminators Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 905
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| inpagepush.com/500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.237 | 200 OK | 982 B |
URL HTTP/1.1inpagepush.com/500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.237:0
File typeJSON data\012- , Unicode text, UTF-8 text, with very long lines (1208), with no line terminators Hash0f3190054c9710f131b9aa12114dd774 14b8f5abe8246edd8e4985bc3b0fd153332c8df9 de429ab5280e06675dedbf8c504d76233c4f62d5898d805ea9fda6e00fa58e49
GET /500/3064505?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ae5807740754d8882de56dd6748d0890
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| my.rtmark.net/gid.js?pub=0&userId=9927f0b2249649bfa3a206683c49eb3e&zoneId=2651991&checkDuplicate=true&ymid=&var= | 139.45.195.8 | 200 OK | 65 B |
URL HTTP/2my.rtmark.net/gid.js?pub=0&userId=9927f0b2249649bfa3a206683c49eb3e&zoneId=2651991&checkDuplicate=true&ymid=&var= IP139.45.195.8:0
File typeJSON data\012- , ASCII text Hash50545c0fdc0f7dd2f32419cbb19fb7d1 c15a1126aa1a9d5fe5f6f599956930bce29fd690 45c09166455b5c7c0b9b807b2ffc62aee7275cfb4f28fdcf7065d6fa1b3692aa
GET /gid.js?pub=0&userId=9927f0b2249649bfa3a206683c49eb3e&zoneId=2651991&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Cookie: ID=bfc17cedf7d245149ab925287717d898
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 | 139.45.197.239 | 200 OK | 2.7 kB |
URL HTTP/2benumelan.com/9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 IP139.45.197.239:0
Hash6316864bb32f6ceda863dc681175fd09 c5448dd91b0e2c6bc16ca700490c3fe6c05414b5 b31581711cacd1d4b7881185c7bc22e1c95f4cc4849f394584d6cb898fb9d631
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
POST /9?z=3372123&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=bfc17cedf7d245149ab925287717d898 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 343
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: scm=1; OAID=3cf0b8cab25943508406af0e32574ca2; oaidts=1674893346
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: dffc8c5da5c741caa16d970a810d887c
access-control-expose-headers: X-Sc
set-cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; secure; SameSite=None
oaidts=1674893346; expires=Sun, 28 Jan 2024 08:09:07 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe69a9acad872f734a2f2d9c200e1a693 1359758abfdf80b2cfc8ff8602886d53daa85b07 59b1fd194fc0923625d27a8f5eda3e72a24929359a6f537781d42985818d259a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59B1FD194FC0923625D27A8F5EDA3E72A24929359A6F537781D42985818D259A"
Last-Modified: Fri, 27 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12840
Expires: Sat, 28 Jan 2023 11:43:07 GMT
Date: Sat, 28 Jan 2023 08:09:07 GMT
Connection: keep-alive
|
|
| betotodilea.com/500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.237 | 200 OK | 930 B |
URL HTTP/1.1betotodilea.com/500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.237:0
File typeJSON data\012- , Unicode text, UTF-8 text, with very long lines (1154), with no line terminators Hashf53f9f0242cd7499322e6487dd44afea 27d4aaaf29c601c6e78c8a978e454dcdfeb87547 dca9673642f85109d24e20df660623a28fcf5cc1fd797f6cec7e4f94c317ea61
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /500/4495524?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: a588ff237a2c556b1049f89897cd081c
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| simplewebanalysis.com/stats | 3.120.47.42 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP3.120.47.42:0
File typeASCII text, with no line terminators Hash1140c9e7203fb7dd34ba64a903796568 eae55cd3430412a25d7fe4510f3e29a5812b78b4 38b238f3d38fad444e4e1a7d26db6a87bc380bf6f4e28e9ee06e846e3d72bc37
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: uid_id2=19c80d81-ce67-4bbc-a6d4-a6c85e65babe:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| glimtors.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:0
File typeJSON data\012- , ASCII text Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Content-Type: application/json
Origin: http://magnetdl.123ultraproxy.com
Content-Length: 761
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2b36bdb116f51ee542950bd67d015021
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| benumelan.com/27/dae1eb9bef878cda2f3d5a0907ef4d01 | 139.45.197.239 | 200 OK | 162 kB |
URL HTTP/2benumelan.com/27/dae1eb9bef878cda2f3d5a0907ef4d01 IP139.45.197.239:0
File typeASCII text, with very long lines (65523) Size162 kB (161615 bytes) Hashfe632b8d050ac689fe5779bac7e19316 27211611078c23d12c5ceb0f69423633bfe491af 0726a568c653dd3c1443aab98a19cb6a5b919b49e0bbc97375c3050cd82133b3
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /27/dae1eb9bef878cda2f3d5a0907ef4d01 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: scm=1; OAID=3cf0b8cab25943508406af0e32574ca2; oaidts=1674893346
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 27 Jan 2023 06:22:51 GMT
expires: Fri, 26 Feb 2083 06:22:51 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| benumelan.com/11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=259 | 139.45.197.239 | 200 OK | 0 B |
URL HTTP/2benumelan.com/11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=259 IP139.45.197.239:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=259 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: scm=1; OAID=bfc17cedf7d245149ab925287717d898; oaidts=1674893346
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 43ea6db15c0e7505a597a1b8952cd683
access-control-expose-headers: X-Sc
set-cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; secure; SameSite=None
oaidts=1674893346; expires=Sun, 28 Jan 2024 08:09:07 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8545
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 08:09:07 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg | 34.120.237.76 | 200 OK | 5.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc982569d070f24dba1259603091c22e3 0f93acb5bee53670cc4ef486922f7333d96a2f4e 9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 37201
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| cdn.itskiddien.club/?rb=fWp0_riQ9_6hYcYnFWsvaJAfm1Jajizr-DHFC4L7I4LfdJMyB5z43tkinUj8e0irpCSWFtXTkUsldUa0jaq61c15ryYqA7YWuj6JCydLVeq-472b0jPQZU_WXGcH9_ULJaEnVMU4xQJExSay2J1PL2IomwBL0qKJg185KRJBL1HMam82rL5CCyGJXX2MlfHUVgBnDMa2qE23fi6BBVqkaelJ4VpBP3bSzfBNU0PHGWu1MhNoGYZOHC4CdrU%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.474.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=898&wiw=1280&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.474.0&bs=77aa4d81-221d-4e4c-b84f-e860727937e3&userId=bfc17cedf7d245149ab925287717d898&m=link | 139.45.197.236 | 200 OK | 1.3 kB |
URL HTTP/1.1cdn.itskiddien.club/?rb=fWp0_riQ9_6hYcYnFWsvaJAfm1Jajizr-DHFC4L7I4LfdJMyB5z43tkinUj8e0irpCSWFtXTkUsldUa0jaq61c15ryYqA7YWuj6JCydLVeq-472b0jPQZU_WXGcH9_ULJaEnVMU4xQJExSay2J1PL2IomwBL0qKJg185KRJBL1HMam82rL5CCyGJXX2MlfHUVgBnDMa2qE23fi6BBVqkaelJ4VpBP3bSzfBNU0PHGWu1MhNoGYZOHC4CdrU%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.474.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=898&wiw=1280&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.474.0&bs=77aa4d81-221d-4e4c-b84f-e860727937e3&userId=bfc17cedf7d245149ab925287717d898&m=link IP139.45.197.236:0
File typeJSON data\012- , ASCII text, with very long lines (1654), with no line terminators Hashe1cadff88cd06c1d3a3def93f7644ad8 54b6dc48baf9e51903767994fa1ca8322b2a9f31 5df2154c3ad2f2f8a1fa29ac75a9bf8caebfcf2bf45b5d9c5b55289644ecc0a0
GET /?rb=fWp0_riQ9_6hYcYnFWsvaJAfm1Jajizr-DHFC4L7I4LfdJMyB5z43tkinUj8e0irpCSWFtXTkUsldUa0jaq61c15ryYqA7YWuj6JCydLVeq-472b0jPQZU_WXGcH9_ULJaEnVMU4xQJExSay2J1PL2IomwBL0qKJg185KRJBL1HMam82rL5CCyGJXX2MlfHUVgBnDMa2qE23fi6BBVqkaelJ4VpBP3bSzfBNU0PHGWu1MhNoGYZOHC4CdrU%3D&request_ab2=0&zoneid=3388548&js_build=iclick-v1.474.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=898&wiw=1280&wfc=1&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.474.0&bs=77aa4d81-221d-4e4c-b84f-e860727937e3&userId=bfc17cedf7d245149ab925287717d898&m=link HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: beea0b53b15776c1895f7730fe8bcc2b
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
oaidts=1674893347; expires=Sun, 28 Jan 2024 08:09:07 GMT; path=/
syncedCookie=true; expires=Sat, 04 Feb 2023 08:09:07 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg | 34.120.237.76 | 200 OK | 13 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash195316042e7f798eeeb7993fecb3a383 4aeca24ad4702f87feaf9674ea0c1ff6d71826a3 b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 37209
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb7a0759c043594fbe85af422b59b8227 a05cfaad16078f42218dae233da38f6f5dff8487 e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 32726
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg | 34.120.237.76 | 200 OK | 7.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashea24bcba583bd8bd139559448a343e68 b9d37c2b14f890d41983a59f352e8f7caa9c94bb e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 33774
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg | 34.120.237.76 | 200 OK | 9.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf185f0b4f90d06dbb397b44ed9c73dbe a48e2c369a048447e0e25e4791eb603859391c1c b466060fc132cc8d23fcb83001206606e2d5502118c65e9f55795b5adbff2fa6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: e556be7b-567a-4c9a-931e-ff6fee42d3a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T8GbFoAMFySg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-6f4476e9388c77a057153277;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LPkLrx7l9Qf_GKdtJq_77RUkvgnKZlCaDN34xsB5bEO8c9VQEJPAew==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:38 GMT
etag: "a48e2c369a048447e0e25e4791eb603859391c1c"
content-type: image/jpeg
age: 36749
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| matomo.hellohi.me/matomo.js | 172.67.219.82 | 200 OK | 26 kB |
URL HTTP/2matomo.hellohi.me/matomo.js IP172.67.219.82:0
File typeASCII text, with very long lines (1601) Hash3548ef09b5c27de7a15ae867568d39c6 9e27c3a0e45d8cc50646d86da76b96b7ec8959f3 55fc1298b731517a63e1d9779efe8cce52ea1bf05b7b658d16aaf695f533a310
GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 18 Jan 2023 10:58:41 GMT
etag: W/"63c7d0e1-10132"
expires: Sat, 28 Jan 2023 08:45:46 GMT
cache-control: public, max-age=14400
pragma: public
cf-cache-status: HIT
age: 1400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDLKpI%2FkRxIt4F08SQD%2FqOSowlohGVwmOa08qRYU6z6RtMjWHH5Sqi0OQL7jYuuPXhz%2FxrFRLm8VkZiFdilaps3P%2FznABj8NtzD1THkQ0J0EXslgRcww4Jh4wBSm7%2F7DKjeMig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e78fbbbb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash1c7696072aa8c67d67f2c348dec00fe6 d04f3865e3a6a5c1636143c98a6b738bfa863767 000655de4ceccd09f9ca11c91ec61fb3387d640f1cc1822bc65a50f7a26925c3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4937
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 08:09:07 GMT
Last-Modified: Sat, 28 Jan 2023 06:46:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
|
|
| matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=632271&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DkQ9NO&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D | 172.67.219.82 | 301 Moved Permanently | 169 B |
URL HTTP/1.1matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=632271&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DkQ9NO&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D IP172.67.219.82:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf3099a531821c476589c3d2d00d53772 8e539d05a8355d6835a56f94b75f405c6e55f6f3 a5287e1cf9fe9dc106bd2172a5b175c7833427866b7819872b1b6fa34b66daef
POST /matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=632271&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DkQ9NO&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 08:09:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://matomo.hellohi.me/matomo.php?action_name=Search%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&idsite=1&rec=1&r=632271&h=8&m=9&s=8&url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&_id=e57ef3f0e860c05c&_idn=0&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=DkQ9NO&pf_net=14&pf_srv=131&pf_tfr=177&uadata=%7B%7D
Referrer-Policy: origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9SeCDBP5eBTtaXzaGzLnOVpv5Fkz07ZrKwfeudLGzfh6Bq2jhnRz8O7CRPodNiY7uph792sYcT9K%2Flfw7nCxiaSBl%2BgAu8NUGU1EgoODw5s11OwOHrO2bY3gIuLoGKt3kZR%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e7f6c7db50f-OSL
alt-svc: h2=":443"; ma=60
|
|
| offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg | 172.67.22.216 | 200 OK | 14 kB |
URL HTTP/2offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg IP172.67.22.216:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data Hash7d763937692f59aea0578ffe58c10ee0 b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b 2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620
GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Sat, 28 Jan 2023 20:36:31 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 41549
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e7fe92ab503-OSL
X-Firefox-Spdy: h2
|
|
| glimtors.net/pfe/current/defaultSkin.min.js | 139.45.197.251 | 200 OK | 20 kB |
URL HTTP/2glimtors.net/pfe/current/defaultSkin.min.js IP139.45.197.251:0
Hash9f1ef1fa4e44ae738e18d6501f5bd66e 49c5e0df6a9f00bfabf91be079ecd09dac53825d 7257fd7b5054d359722a09e20e7a765a26f8ae1aa9dbc8ae6e2c69a62d649245
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-df63"
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/metrika/advert.gif | 93.158.134.119 | 200 OK | 43 B |
URL HTTP/2mc.yandex.ru/metrika/advert.gif IP93.158.134.119:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashdf3e567d6f16d040326c7a0ea29a4f41 ea7df583983133b62712b5e73bffbcd45cc53736 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 28 Jan 2023 08:09:07 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Sat, 28 Jan 2023 09:09:07 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| sweepfrequencydissolved.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78 | 192.243.59.20 | 200 OK | 3.4 kB |
URL HTTP/1.1sweepfrequencydissolved.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
File typeJSON data\012- , ASCII text, with very long lines (5993), with no line terminators Hash348843879e3f9d2f41b9b5f8491b723f b7952afe2545e917fd929cf808886832f83bce09 c3108a76118f2036bbc0ed626f79972a061eed9430b340a5510c8ed49c75d0f5
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /sbar.json?key=a286902791a7f4c98bcb1e812322cd78 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 08:09:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15816950; expires=Sun, 29 Jan 2023 08:09:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 08:09:08 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 08:09:08 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 29 Jan 2023 08:09:08 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 29 Jan 2023 08:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ad4f8399e1814f02e4b7c49c01aeef9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| glimtors.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:0
File typeJSON data\012- , ASCII text Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Content-Type: application/json
Origin: http://magnetdl.123ultraproxy.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 986adaf553f159f84440e957755672ca
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg | 139.45.197.154 | 200 OK | 21 kB |
URL HTTP/2interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg IP139.45.197.154:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data Hash22adc9ea5795ef560f8d389248e030cf 0ad28b6b561c56650ad3a9e5f4cce7600df548dd 4260ab929da6233410a80d6333d9c33007a23c65ecbb20f72aafbb72ee0ecd2e
GET /contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D384997637%26z%3D3372123%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DaWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fmagnetdl.123ultraproxy.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: image/jpeg
content-length: 20759
last-modified: Wed, 14 Dec 2022 16:39:34 GMT
vary: Accept-Encoding
etag: "6399fc46-5117"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe34c204daf6f65e512d7168b01268c76 793aacf3316ca30d6bef3acaaf097e42e2013e49 a748e66ab50d8c910a381a0e653c9b3e95c15043c5c52e91fbaeb20282b9fd49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A748E66AB50D8C910A381A0E653C9B3E95C15043C5C52E91FBAEB20282B9FD49"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11804
Expires: Sat, 28 Jan 2023 11:25:52 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg | 139.45.197.154 | 200 OK | 48 kB |
URL HTTP/2interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg IP139.45.197.154:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data Hash4d4d448b8d067fbb8dd5bd371f76aa3f ac126e854681a30faeeec1b07871640015003743 2d544292185300921204a178010fef7d3a94d27e6f8358ef09be4cada4187a5e
GET /contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D384997637%26z%3D3372123%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DaWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fmagnetdl.123ultraproxy.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: image/jpeg
content-length: 48518
last-modified: Wed, 14 Dec 2022 16:39:29 GMT
vary: Accept-Encoding
etag: "6399fc41-bd86"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28jRRSevQvNUYFoKEAWogAJObtrO7ZJcSIcQYEjCXcHQXTza53B453VzK7XiSgiTkLXIHwVlJvPyUVAhLg%2FAAltaFCqmJO4FIQO0SKkq5EdS4Yn7b73zfeK73vvfb6fXRAfGT3ffM%2FsKq3pYqPqV17ZUrEwuaus36kEftVfrmypeKm%2BXBlMfrb%2FeuA3qv6rlbcl75rF0A98P%2FCDyqqyMjKDxSkLlRy3g2rbr9bDatCoY2D%2Fj13mwVEPon9BnoUS46e2f3kIxUvEvR9uSNdNTfLaW71M09RY9MXRB3E3NnmM3ryMrIcoPpp1w7gxIV9fgYmPZg5g%2BgcTB2BqTLzfArD4aCYTrH94qZRpyBhMPI28X0LqEoqW4OYulDgjABdY30Dce7BubE53Llk6Ycdk4ck%2FUPmYLPz%2BHOLe9ytaDSq3jc5SZWKHQVRADUqoTokkO0G660HlJ%2BDpZ1CCIO4VUKKYulaqhIpKaDkEdR6yyac8ZJGHLPHQE%2BcV2mhHvt%2BMWFSrteqc81qN80ZrSTRErd6KfGR8ImuINBmC6yG43UNi99BV98%2BCR7DZT3DbBZzw4NIx8d7fQ18UyCVB7ghySpArgjwlyPvFodAudMUDoV3GglkOZ7lWjEza2aeHJu3ImOwnF%2BSZ6Uj%2B%2FugJuvK8QsPWUtsPm%2B2ANqM6b7cYZ4FsBWEtDLlotuBUAeWuTN3uTvZTXCBRY0K%2BfAxGT%2BD0Cbh6CTR7ATQfNUMfdHtUb%2FnYjY%2BzmGnDu1JUlYAwBZJ0AemOt68vyPNTHe0%2Fr0Hy0%2BtffbHxx7L4GNwWSGyBT9TPBB19b3TL5OTglskdebiRpKqndulkbbdTmsqr374rd3JjxdoNN%2FzmDT4hJuXxHenSmzQWKu448t2KEkLaVWO5JD%2BuuS3JNjO3vZLZOEtubr65utZLrHROmbgEVWcffgquxuSa7U4P8sW%2F3oGyJWxWoJedkllAmRI82YNL5uqdIbB63sMSD3lWjGzI5o9aEWg5x5QVcP%2FBbF7vu3voWA80vTs9w74t0NcFqB7CZVdHaWJPr%2F9amwaY9kZMW%2B%2BAaavvX47WqfOKbER%2BJP1QsqjNoib1RTuqtxltB7LJGjRA6sb80eOX%2FwUAAP%2F%2FAQAA%2F%2F9dSjfEaAQAAA%3D%3D | 192.243.59.20 | 200 OK | 7 B |
URL HTTP/1.1sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28jRRSevQvNUYFoKEAWogAJObtrO7ZJcSIcQYEjCXcHQXTza53B453VzK7XiSgiTkLXIHwVlJvPyUVAhLg%2FAAltaFCqmJO4FIQO0SKkq5EdS4Yn7b73zfeK73vvfb6fXRAfGT3ffM%2FsKq3pYqPqV17ZUrEwuaus36kEftVfrmypeKm%2BXBlMfrb%2FeuA3qv6rlbcl75rF0A98P%2FCDyqqyMjKDxSkLlRy3g2rbr9bDatCoY2D%2Fj13mwVEPon9BnoUS46e2f3kIxUvEvR9uSNdNTfLaW71M09RY9MXRB3E3NnmM3ryMrIcoPpp1w7gxIV9fgYmPZg5g%2BgcTB2BqTLzfArD4aCYTrH94qZRpyBhMPI28X0LqEoqW4OYulDgjABdY30Dce7BubE53Llk6Ycdk4ck%2FUPmYLPz%2BHOLe9ytaDSq3jc5SZWKHQVRADUqoTokkO0G660HlJ%2BDpZ1CCIO4VUKKYulaqhIpKaDkEdR6yyac8ZJGHLPHQE%2BcV2mhHvt%2BMWFSrteqc81qN80ZrSTRErd6KfGR8ImuINBmC6yG43UNi99BV98%2BCR7DZT3DbBZzw4NIx8d7fQ18UyCVB7ghySpArgjwlyPvFodAudMUDoV3GglkOZ7lWjEza2aeHJu3ImOwnF%2BSZ6Uj%2B%2FugJuvK8QsPWUtsPm%2B2ANqM6b7cYZ4FsBWEtDLlotuBUAeWuTN3uTvZTXCBRY0K%2BfAxGT%2BD0Cbh6CTR7ATQfNUMfdHtUb%2FnYjY%2BzmGnDu1JUlYAwBZJ0AemOt68vyPNTHe0%2Fr0Hy0%2BtffbHxx7L4GNwWSGyBT9TPBB19b3TL5OTglskdebiRpKqndulkbbdTmsqr374rd3JjxdoNN%2FzmDT4hJuXxHenSmzQWKu448t2KEkLaVWO5JD%2BuuS3JNjO3vZLZOEtubr65utZLrHROmbgEVWcffgquxuSa7U4P8sW%2F3oGyJWxWoJedkllAmRI82YNL5uqdIbB63sMSD3lWjGzI5o9aEWg5x5QVcP%2FBbF7vu3voWA80vTs9w74t0NcFqB7CZVdHaWJPr%2F9amwaY9kZMW%2B%2BAaavvX47WqfOKbER%2BJP1QsqjNoib1RTuqtxltB7LJGjRA6sb80eOX%2FwUAAP%2F%2FAQAA%2F%2F9dSjfEaAQAAA%3D%3D IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSv28jRRSevQvNUYFoKEAWogAJObtrO7ZJcSIcQYEjCXcHQXTza53B453VzK7XiSgiTkLXIHwVlJvPyUVAhLg%2FAAltaFCqmJO4FIQO0SKkq5EdS4Yn7b73zfeK73vvfb6fXRAfGT3ffM%2FsKq3pYqPqV17ZUrEwuaus36kEftVfrmypeKm%2BXBlMfrb%2FeuA3qv6rlbcl75rF0A98P%2FCDyqqyMjKDxSkLlRy3g2rbr9bDatCoY2D%2Fj13mwVEPon9BnoUS46e2f3kIxUvEvR9uSNdNTfLaW71M09RY9MXRB3E3NnmM3ryMrIcoPpp1w7gxIV9fgYmPZg5g%2BgcTB2BqTLzfArD4aCYTrH94qZRpyBhMPI28X0LqEoqW4OYulDgjABdY30Dce7BubE53Llk6Ycdk4ck%2FUPmYLPz%2BHOLe9ytaDSq3jc5SZWKHQVRADUqoTokkO0G660HlJ%2BDpZ1CCIO4VUKKYulaqhIpKaDkEdR6yyac8ZJGHLPHQE%2BcV2mhHvt%2BMWFSrteqc81qN80ZrSTRErd6KfGR8ImuINBmC6yG43UNi99BV98%2BCR7DZT3DbBZzw4NIx8d7fQ18UyCVB7ghySpArgjwlyPvFodAudMUDoV3GglkOZ7lWjEza2aeHJu3ImOwnF%2BSZ6Uj%2B%2FugJuvK8QsPWUtsPm%2B2ANqM6b7cYZ4FsBWEtDLlotuBUAeWuTN3uTvZTXCBRY0K%2BfAxGT%2BD0Cbh6CTR7ATQfNUMfdHtUb%2FnYjY%2BzmGnDu1JUlYAwBZJ0AemOt68vyPNTHe0%2Fr0Hy0%2BtffbHxx7L4GNwWSGyBT9TPBB19b3TL5OTglskdebiRpKqndulkbbdTmsqr374rd3JjxdoNN%2FzmDT4hJuXxHenSmzQWKu448t2KEkLaVWO5JD%2BuuS3JNjO3vZLZOEtubr65utZLrHROmbgEVWcffgquxuSa7U4P8sW%2F3oGyJWxWoJedkllAmRI82YNL5uqdIbB63sMSD3lWjGzI5o9aEWg5x5QVcP%2FBbF7vu3voWA80vTs9w74t0NcFqB7CZVdHaWJPr%2F9amwaY9kZMW%2B%2BAaavvX47WqfOKbER%2BJP1QsqjNoib1RTuqtxltB7LJGjRA6sb80eOX%2FwUAAP%2F%2FAQAA%2F%2F9dSjfEaAQAAA%3D%3D HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 08:09:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 746ae538b0a63152a2be36f73d7a9c85
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash86a25231794bbfd3f276118a68cf20f4 ee94ff69230178aa9294348bfe638acce39bda73 8aa3357c026c54209085411a849df78cd14f155d4991330fbd6ad039f8262985
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AA3357C026C54209085411A849DF78CD14F155D4991330FBD6AD039F8262985"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6572
Expires: Sat, 28 Jan 2023 09:58:40 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| unseenreport.com/pxf.gif?uuid=19c80d81-ce67-4bbc-a6d4-a6c85e65babe&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 | 192.243.61.225 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=19c80d81-ce67-4bbc-a6d4-a6c85e65babe&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pxf.gif?uuid=19c80d81-ce67-4bbc-a6d4-a6c85e65babe&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=a286902791a7f4c98bcb1e812322cd78&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 08:09:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11f7c6e53c2add62a4df276d815bf109
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unphionetor.com/vctx?t=72747 | 139.45.197.236 | 204 No Content | 0 B |
URL HTTP/2unphionetor.com/vctx?t=72747 IP139.45.197.236:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 28 Jan 2023 08:09:08 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ca528ef5cf370e7f8df9337d65059cdc
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe3b8a8bc98172e8a530326f7d16570cd 4555b6600b5d18b4e5850a756fb47ead0e5c486e 12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9000
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe3b8a8bc98172e8a530326f7d16570cd 4555b6600b5d18b4e5850a756fb47ead0e5c486e 12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9000
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe3b8a8bc98172e8a530326f7d16570cd 4555b6600b5d18b4e5850a756fb47ead0e5c486e 12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9000
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 660 B |
URL HTTP/1.1fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:0
Hash55130bf120bd75a4bba7d678be617cdf 77b172c0cc1d15e60ab95edccf3ac1e640d16812 262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 28 Jan 2023 08:09:08 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
|
|
| cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png | 172.64.167.9 | 200 OK | 2.0 kB |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png IP172.64.167.9:0
File typePNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data Hash2cecae5111d5ff932a996679215ad573 f4c63abb5dc373aba5bc144c3831d98516cc7cc9 31f6aad6a88eca32f245dc6d0e030ef422f306b4f8479855b30e59b6dc134ebc
GET /sb/ssp/in-page_push/os/android/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: image/png
content-length: 2005
last-modified: Wed, 11 May 2022 09:01:03 GMT
etag: "627b7b4f-7d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4675599
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tiDHYcG9uZAGfiuTeIy9aWdwUYkLMdMHkDQEP6ea1p0LyoPk7Eq18eG%2FzWE2IJsSKNlxo4RiBzvGE%2B%2FM4gGxc2i%2F9bU2cxhqfzymGeGGRMabxUWIemiVNS%2F5Y3Xy6IvrViFFtH7lKAO2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e837ac623b8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| unphionetor.com/fv.js?t=72747&cb=1589597004 | 139.45.197.236 | 200 OK | 2.2 kB |
URL HTTP/2unphionetor.com/fv.js?t=72747&cb=1589597004 IP139.45.197.236:0
File typeASCII text, with very long lines (5213), with no line terminators Hash0254fb1dad74628b7ad0f97d304fac92 35f7af13a08eb87023ec7df4d3c35c21b2cde79d 47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /fv.js?t=72747&cb=1589597004 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a579c299ad657ac1a3b30aeb43c50274
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash4675bd0dbda20e272b32eb9db03f35d8 aa655fd97778059913ab170765257aaef33e7119 a9bb5d439a01135af6d41e60455509b20fee27f7661ad81f6cb955ffdc9c1f12
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9BB5D439A01135AF6D41E60455509B20FEE27F7661AD81F6CB955FFDC9C1F12"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5918
Expires: Sat, 28 Jan 2023 09:47:46 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe3b8a8bc98172e8a530326f7d16570cd 4555b6600b5d18b4e5850a756fb47ead0e5c486e 12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9000
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 08:09:08 GMT
Connection: keep-alive
|
|
| cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png | 45.133.44.10 | 200 OK | 33 kB |
URL HTTP/2cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png IP45.133.44.10:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hash2cb2500acb00f247ef19403c3a0f89e1 7c57e8b84b2bb0003810ffae7a14e24869155464 7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:25:45 GMT
etag: "63656739-7ffb"
expires: Mon, 30 Jan 2023 08:09:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/watch/90921095/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 | 93.158.134.119 | 200 OK | 407 B |
URL HTTP/2mc.yandex.ru/watch/90921095/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 IP93.158.134.119:0
File typeJSON data\012- , ASCII text, with very long lines (407), with no line terminators Hash066265fb29fc275e87c5b1cb7613f981 7358ab6c838995da4c3d2836c677a8f4b43f9100 57671fd59cb00b68dd7a40fbbcea584412a906e077af3aac5adf5e245a0c65af
GET /watch/90921095/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Referer: http://magnetdl.123ultraproxy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Sat, 28 Jan 2023 08:09:08 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 28-Jan-2023 08:09:08 GMT
last-modified: Sat, 28-Jan-2023 08:09:08 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/watch/71953213/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 | 93.158.134.119 | 200 OK | 400 B |
URL HTTP/2mc.yandex.ru/watch/71953213/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 IP93.158.134.119:0
File typeJSON data\012- , ASCII text, with very long lines (400), with no line terminators Hashfa352c1fcb5924f58b497eaa9cc70205 c7dbcf2215430df4224e0ae5fd4410abbf2c6506 1159f75cef97c9ac85611fbe3b435aec3a18504d30c2d314702c52e146698489
GET /watch/71953213/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Referer: http://magnetdl.123ultraproxy.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sat, 28 Jan 2023 08:09:08 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 28-Jan-2023 08:09:08 GMT
last-modified: Sat, 28-Jan-2023 08:09:08 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/watch/71953213?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) | 93.158.134.119 | 302 Found | 17 kB |
URL HTTP/2mc.yandex.ru/watch/71953213?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) IP93.158.134.119:0
File typegzip compressed data, from Unix\012- data Hash4ca99badfd5a504182c06e7bf923d7e6 8a3f7fcaf734c339cc243eddd7ae341523b97e18 e6bda9c5e805bea031e24cbb7531d2f84db6079de76d387056efa5b3b5ef2571
GET /watch/71953213?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/71953213/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A843942423453%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A449260819%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 28 Jan 2023 08:09:07 GMT
access-control-allow-origin: http://magnetdl.123ultraproxy.com
set-cookie: yabs-sid=1089422891674893347; Path=/; SameSite=None; Secure
i=wEZqCx1UasJ/2FjuvbzhSlSFyjfEko8Rk3mLXs1CXXObWjUgiGAxkIC3tKIXhbXlBobM1FU4N+VqG3UW09rWjJO1ekk=; Expires=Tue, 25-Jan-2033 08:09:06 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7783941111674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7783941111674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706429347.yc.1674893347#1706429347.yrts.1674893347#1706429347.yrtsi.1674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 28-Jan-2023 08:09:07 GMT
last-modified: Sat, 28-Jan-2023 08:09:07 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL HTTP/1.1fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data Hashb9c29351c46f3e8c8631c4002457f48a e57e59c5780995ff2937ab2b511a769212974a87 f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15740
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 27 Jan 2023 02:08:37 GMT
Expires: Sat, 27 Jan 2024 02:08:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 11 May 2022 19:24:56 GMT
Content-Type: font/woff2
Age: 108031
|
|
| sweepfrequencydissolved.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8jRRSevQvNUYFoKEArRAEScnbXdrwmxYlwBAWOJNwdBNHNzsw6g8c7q5ldrxNRRJyErkH4Kig3n5OLgAhxPwAJbWhQqpiTuBSEDtEipKuRHUuGJ%2B2%2B9833iu97732%2Bn18QDzk933xP70ql6GKz5rmvbMmE68K663dc36t5y%2B6WTJYay%2B5g8jP9132vWfNedd8WrKsXA8%2F3PN%2Fz3VVpRKwHi1MWMj1u%2B7W2V2sENb%2FZwMD8H9vcgaUOeP%2BCPAvJx09t%2F%2FIQklVIej%2FcELab6fS1t3q5opk26POjD5JuoosEvXkZGwdxcjTrhrZjQr6%2BAp0czRxA9w8mDhDJMXF%2B8xElRzOZiPqHl0ojBZEg4k%2Bj6FcQqoKkFZi%2BC8nPCMA41jeQ9B6sa1PQnUuWTtgxWXjyD2QxJgu%2FP4ek9%2F2KkgP3tlZ5JnViMYhLyEEF2amQ5ifIdh3I4gQs%2BwySEyS9EpKXU9dSVpBxBSWGoNZBPvmkgzx2kKcOevzcpc127HmtOIrr9bDBGKvXGWuGS7zJ640w9pCziawhsnQIpoZgZg%2Bp2UNX3j%2FzH8HkP8Ful7Dcgc3GxHl%2FD31eohAEhSUoKEEhCYqMoOiXh1zZwJYPuLJ55M9yMMv1cqSzzj491FlHJGQ%2FvSDPTEfy90dP0BXnLg3CpbYXtNo%2BbcUN1g4jFvki9IN6EDDeCmFlCWmvTN3uTvZTXiCVY0K%2BfIyInsCqEzD5Emj%2BAmgxagUe6PaoEXrYTY7zJFKadQWvSQ6uS6TZArIdZ19dkOenOtp%2FXoNgp9e%2F%2BmLjj2X%2BMZgpkZoSn8ifCTrq3uiWLsjBLV1Y8nAjzWRP7tLJ2m5nNBNXv31X7BTa8LUbdvjNG2xCTMrjO8JmN2nCZdKx5LsVybkwq9owQX5cs1si2szt9kpukjy9ufnm6lovNcJaqZMKVJ59%2BCmYHJNrpjs9yBf%2FegfSVDB5iV5%2BSmYBqSuwdA82nau3msCoeU%2BUOijycmSCaP6oJIESc0yjEvY%2FOJrX%2B%2FYeOsYBze5Oz7BvSvRVCaqGsPnVUZaa0%2Bu%2F1qeBSDmjSBnnIFJG3b8crZXnbtNviDAKW4zzSDDut4J6WPe8gPNGqy38NjI7Zo8ev%2FwvAAAA%2F%2F8BAAD%2F%2F0lCuSJoBAAA | 192.243.59.20 | 200 OK | 7 B |
URL HTTP/1.1sweepfrequencydissolved.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8jRRSevQvNUYFoKEArRAEScnbXdrwmxYlwBAWOJNwdBNHNzsw6g8c7q5ldrxNRRJyErkH4Kig3n5OLgAhxPwAJbWhQqpiTuBSEDtEipKuRHUuGJ%2B2%2B9833iu97732%2Bn18QDzk933xP70ql6GKz5rmvbMmE68K663dc36t5y%2B6WTJYay%2B5g8jP9132vWfNedd8WrKsXA8%2F3PN%2Fz3VVpRKwHi1MWMj1u%2B7W2V2sENb%2FZwMD8H9vcgaUOeP%2BCPAvJx09t%2F%2FIQklVIej%2FcELab6fS1t3q5opk26POjD5JuoosEvXkZGwdxcjTrhrZjQr6%2BAp0czRxA9w8mDhDJMXF%2B8xElRzOZiPqHl0ojBZEg4k%2Bj6FcQqoKkFZi%2BC8nPCMA41jeQ9B6sa1PQnUuWTtgxWXjyD2QxJgu%2FP4ek9%2F2KkgP3tlZ5JnViMYhLyEEF2amQ5ifIdh3I4gQs%2BwySEyS9EpKXU9dSVpBxBSWGoNZBPvmkgzx2kKcOevzcpc127HmtOIrr9bDBGKvXGWuGS7zJ640w9pCziawhsnQIpoZgZg%2Bp2UNX3j%2FzH8HkP8Ful7Dcgc3GxHl%2FD31eohAEhSUoKEEhCYqMoOiXh1zZwJYPuLJ55M9yMMv1cqSzzj491FlHJGQ%2FvSDPTEfy90dP0BXnLg3CpbYXtNo%2BbcUN1g4jFvki9IN6EDDeCmFlCWmvTN3uTvZTXiCVY0K%2BfIyInsCqEzD5Emj%2BAmgxagUe6PaoEXrYTY7zJFKadQWvSQ6uS6TZArIdZ19dkOenOtp%2FXoNgp9e%2F%2BmLjj2X%2BMZgpkZoSn8ifCTrq3uiWLsjBLV1Y8nAjzWRP7tLJ2m5nNBNXv31X7BTa8LUbdvjNG2xCTMrjO8JmN2nCZdKx5LsVybkwq9owQX5cs1si2szt9kpukjy9ufnm6lovNcJaqZMKVJ59%2BCmYHJNrpjs9yBf%2FegfSVDB5iV5%2BSmYBqSuwdA82nau3msCoeU%2BUOijycmSCaP6oJIESc0yjEvY%2FOJrX%2B%2FYeOsYBze5Oz7BvSvRVCaqGsPnVUZaa0%2Bu%2F1qeBSDmjSBnnIFJG3b8crZXnbtNviDAKW4zzSDDut4J6WPe8gPNGqy38NjI7Zo8ev%2FwvAAAA%2F%2F8BAAD%2F%2F0lCuSJoBAAA IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8jRRSevQvNUYFoKEArRAEScnbXdrwmxYlwBAWOJNwdBNHNzsw6g8c7q5ldrxNRRJyErkH4Kig3n5OLgAhxPwAJbWhQqpiTuBSEDtEipKuRHUuGJ%2B2%2B9833iu97732%2Bn18QDzk933xP70ql6GKz5rmvbMmE68K663dc36t5y%2B6WTJYay%2B5g8jP9132vWfNedd8WrKsXA8%2F3PN%2Fz3VVpRKwHi1MWMj1u%2B7W2V2sENb%2FZwMD8H9vcgaUOeP%2BCPAvJx09t%2F%2FIQklVIej%2FcELab6fS1t3q5opk26POjD5JuoosEvXkZGwdxcjTrhrZjQr6%2BAp0czRxA9w8mDhDJMXF%2B8xElRzOZiPqHl0ojBZEg4k%2Bj6FcQqoKkFZi%2BC8nPCMA41jeQ9B6sa1PQnUuWTtgxWXjyD2QxJgu%2FP4ek9%2F2KkgP3tlZ5JnViMYhLyEEF2amQ5ifIdh3I4gQs%2BwySEyS9EpKXU9dSVpBxBSWGoNZBPvmkgzx2kKcOevzcpc127HmtOIrr9bDBGKvXGWuGS7zJ640w9pCziawhsnQIpoZgZg%2Bp2UNX3j%2FzH8HkP8Ful7Dcgc3GxHl%2FD31eohAEhSUoKEEhCYqMoOiXh1zZwJYPuLJ55M9yMMv1cqSzzj491FlHJGQ%2FvSDPTEfy90dP0BXnLg3CpbYXtNo%2BbcUN1g4jFvki9IN6EDDeCmFlCWmvTN3uTvZTXiCVY0K%2BfIyInsCqEzD5Emj%2BAmgxagUe6PaoEXrYTY7zJFKadQWvSQ6uS6TZArIdZ19dkOenOtp%2FXoNgp9e%2F%2BmLjj2X%2BMZgpkZoSn8ifCTrq3uiWLsjBLV1Y8nAjzWRP7tLJ2m5nNBNXv31X7BTa8LUbdvjNG2xCTMrjO8JmN2nCZdKx5LsVybkwq9owQX5cs1si2szt9kpukjy9ufnm6lovNcJaqZMKVJ59%2BCmYHJNrpjs9yBf%2FegfSVDB5iV5%2BSmYBqSuwdA82nau3msCoeU%2BUOijycmSCaP6oJIESc0yjEvY%2FOJrX%2B%2FYeOsYBze5Oz7BvSvRVCaqGsPnVUZaa0%2Bu%2F1qeBSDmjSBnnIFJG3b8crZXnbtNviDAKW4zzSDDut4J6WPe8gPNGqy38NjI7Zo8ev%2FwvAAAA%2F%2F8BAAD%2F%2F0lCuSJoBAAA HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 08:09:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87c7bcb0d248f484ccb16a684c5167b7
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| sweepfrequencydissolved.com/pixel/sbs?c=1 | 192.243.59.20 | 200 OK | 0 B |
URL HTTP/1.1sweepfrequencydissolved.com/pixel/sbs?c=1 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pixel/sbs?c=1 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: u_pl=15816950; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 08:09:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| rndskittytor.com/500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.238 | 200 OK | 0 B |
URL HTTP/1.1rndskittytor.com/500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.238:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
OPTIONS /500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:11 GMT
Content-Length: 0
Connection: keep-alive
Allow: GET, OPTIONS
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
|
|
| rndskittytor.com/500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false | 139.45.197.238 | 200 OK | 1.0 kB |
URL HTTP/1.1rndskittytor.com/500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false IP139.45.197.238:0
File typeJSON data\012- , Unicode text, UTF-8 text, with very long lines (1248), with no line terminators Hash1392e903b4a675402eee476095b97c32 85e7fa15d068b163aba594c559ac71025630a93c 30a7fa8c38471be328d7474ac90b90aae617aa072cbf86026d59146f34a9a9fb
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /500/4837723?excludes=&oaid=bfc17cedf7d245149ab925287717d898&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=898&wfc=4&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 08:09:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 8b3ef94552b81a7654f58a3f2cd251d9
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Vary: Origin
Access-Control-Allow-Origin: http://magnetdl.123ultraproxy.com
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Set-Cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:11 GMT; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
|
|
| offerimage.com/www/images/0fb6066747e1a495065815fb44fb9b41.png | 172.67.22.216 | 200 OK | 12 kB |
URL HTTP/2offerimage.com/www/images/0fb6066747e1a495065815fb44fb9b41.png IP172.67.22.216:0
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hash0fb6066747e1a495065815fb44fb9b41 c62f83dec41d2b508176f11784edc75db8dbb6f8 dca249be9c1aeee895ea79046856c178a1830f46a55cfc7f552b95b04eb3e5a6
GET /www/images/0fb6066747e1a495065815fb44fb9b41.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:11 GMT
content-type: image/png
content-length: 11899
last-modified: Thu, 25 Aug 2022 05:53:00 GMT
etag: "63070e3c-2e7b"
expires: Sun, 29 Jan 2023 07:53:50 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 921
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e98fbfdb503-OSL
X-Firefox-Spdy: h2
|
|
| benumelan.com/11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.239 | 200 OK | 0 B |
URL HTTP/2benumelan.com/11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.239:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /11?rnd=4180640715&z=3372123&b=16536117&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=aWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI=&ruid=6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Cookie: scm=1; OAID=bfc17cedf7d245149ab925287717d898; oaidts=1674893346
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:12 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 27dca8615a90910c0b59d381e16b435d
access-control-expose-headers: X-Sc
set-cookie: OAID=bfc17cedf7d245149ab925287717d898; expires=Sun, 28 Jan 2024 08:09:12 GMT; secure; SameSite=None
oaidts=1674893346; expires=Sun, 28 Jan 2024 08:09:12 GMT; secure; SameSite=None
oaidvc=1; expires=Sun, 28 Jan 2024 08:09:12 GMT; secure; SameSite=None
CNT=1_v1_NVL8AAEAAAC5SwAA; expires=Sat, 28 Jan 2023 09:09:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg | 34.120.237.76 | 200 OK | 6.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash0856916fa7de25bdb308c04d0ae58180 72abe5101dc03c35399e6e5aab02328c206f480a 9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6733
x-amzn-requestid: cd0cc842-d109-42b4-9104-0cb48a964794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkGupoAMF3Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-14b754495bb33b0f5f0cd805;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uljLkKCpEyZIyKev_CU76OjxNnvivx2qeLVkR48liHIJx1GwCqPP_A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:12:59 GMT
age: 35775
etag: "72abe5101dc03c35399e6e5aab02328c206f480a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| magnetdl.123ultraproxy.com/ | 172.67.177.99 | 200 OK | 0 B |
URL HTTP/1.1magnetdl.123ultraproxy.com/ IP172.67.177.99:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET / HTTP/1.1
Host: magnetdl.123ultraproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 08:09:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: view=1; expires=Sun, 29-Jan-2023 08:09:05 GMT; Max-Age=86400
PHPSESSID=hp2uk6fghatfc7jcj3j0hh3qgu; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BlANkIOWa%2BO3ONzLK6J5RV%2B7FOEcrUo11yNe2SV%2Fti1LcgU7gPMWK9ay%2FsHQfplowja1PVHCrukVAMX4BzAwl8jYaX076XAPmy%2F0APLj8aqhsZ152F3RHX4sWEfyt%2FjBY50gNpct4SPxJkqFng%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79083e6f68f70afa-OSL
alt-svc: h2=":443"; ma=60
|
|
| interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D384997637%26z%3D3372123%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DaWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fmagnetdl.123ultraproxy.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 | 139.45.197.154 | 200 OK | 0 B |
URL HTTP/2interstitial-07.com/?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D384997637%26z%3D3372123%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DaWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fmagnetdl.123ultraproxy.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP139.45.197.154:0
GET /?l=nfepD2DCD0Ch0je&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D384997637%26z%3D3372123%26b%3D16536117%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DaWvd2a2Zma88UMUHPHvIpT3Uopm0YvRXObADsFfwwnOwyGv-08_XpXSRncQXrk3obWj64paY4HmQReDdjk4bHLoWSe1LJ77-K1ctWWd2MFeAca-XjH9WPGW7eMPnwoCyEwAk4oiprAFj1uFBOZaeK_MvW-_eTHi81NN630MI410G6fWUjR1TOFjf87f1vpQAvINHA5brN-w4DuqHGOdt27qz2YAwKyLYbPTZOsRgNq_yJkHPB9kX3hrn2KTPoA9wkIJKcx0Amaxcz9Pj-kCU78Yn5kMkFgYNv18e2VMCnDZFne_tEtnVi4mwbcBSR7ApQn3IKpqbh1ENL9VG3HQJMLB7jtmgzT7GwgipOW5vdn6gVL0qbq89GAvpqpK14mNLgNIN0nVO5z2HNTrRXmvoLfHdykC8Rtl9bSX83nTAnq4tk4IaZqTXcIHeD7b-p4yJcbkZe6NRoWAd3xo-_tLZ4xEGXspK2P-iVc5RfptYsnJEOHoJ9NzPx1oqTHtp8OnHYixQM8ANBJB9Q8TBJ5zvZhUJeqBuo4lTN-Gf4kSo3AQMLgK8adUF_9HTQ9ypN9N_Y950p0bPw60EC8WJ6mGY2of84JBLqSjg_QaTBdAux_eqTAWajTHi3s2aOLrxlZjPGMO3LmCf6lTN21uMzrQAzi6eGbI%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D6cd68a44-9abc-416e-a89a-bdd0ab5a4fe9%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fmagnetdl.123ultraproxy.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=Z1IOM5_EXCru6XLyQOMJcA4EDkxG48yTz0E7g2aUnoY; expires=Sat, 28-Jan-2023 09:09:07 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|
| glimtors.net/pfe/current/universal.min.js?v=3.1.415 | 139.45.197.251 | 200 OK | 0 B |
URL HTTP/2glimtors.net/pfe/current/universal.min.js?v=3.1.415 IP139.45.197.251:0
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://magnetdl.123ultraproxy.com/
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-18c6c"
access-control-allow-origin: http://magnetdl.123ultraproxy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js | 172.64.167.9 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js IP172.64.167.9:0
GET /sb/ssp/in-page_push/os/android/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: application/javascript
last-modified: Wed, 11 May 2022 09:01:04 GMT
etag: W/"627b7b50-194"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCKssYPQOVBGo%2FgHsz%2F%2BrtI8ZrfaB%2BLA885rpRe0pzB1lLQMopZIDIeyL7XWwk0ZON5Ns5DBYgwZIfAyswzP0PWA%2FRHXvyh0JNDGWKYIauh%2F1trS7smvU2z9lywIybpyBKXb%2BKAfAx2I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e832ef323c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css | 172.64.167.9 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css IP172.64.167.9:0
GET /sb/ssp/in-page_push/os/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:08 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:02 GMT
etag: W/"627b7b4e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFCQpDc1nzO%2F%2FYUCHmdX2QPc8f%2FGtJobKAzhC0kWZmBG%2BrQTV6y8TDLBpIxm7XSH%2Bpi4XXL2S93znhF%2BLArexW4pt8xjz9KQb0iPqq2IJBDvdBApOZuFcjL1DPy3q0IxU%2FAe37IVnsQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e833f0e23c6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrica-yandex.com/metrika/tag.js?1001 |  188.114.96.1 | 200 OK | 0 B |
URL HTTP/2metrica-yandex.com/metrika/tag.js?1001 IP188.114.96.1:0
GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:05 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 786312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmniuuHMZnBdxwaAbbD2XeGS4yixzxdBfwHmyX3TO4fnM5WaK8K0vLFCijb0zrE2ZigwCHUsQwTdH8ee5FK3vZLWh2H4eDQh%2F27ujqIpBbFYDHe%2FBJHPSnfhVO459p48N%2FQoMxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e720d5dfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| theusualsuspectz.biz/j/m/qqqq.js | 188.114.96.1 | 200 OK | 0 B |
URL HTTP/2theusualsuspectz.biz/j/m/qqqq.js IP188.114.96.1:0
| Analyzer | Verdict | Alert |
|---|
| quad9 | Sinkholed | |
GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 08:09:06 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
etag: W/"603dadf6-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 106164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngnWW6LvtSgLvHBZcrZnM9%2FjAbQSuc%2Fzj%2F1ul%2BqCIOHAl5T8z1hXoK%2B4Hbnl1a01PjTpKC7II6bp6uMXtkkKHbTUXGhAUrpIS%2BjHmGjGBztdEElV7KnOatAOyAsXTjC4JRG2WERWFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79083e74a94fb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap IP142.250.74.106:0
GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 08:09:06 GMT
date: Sat, 28 Jan 2023 08:09:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/watch/90921095?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) | 93.158.134.119 | 302 Found | 0 B |
URL HTTP/2mc.yandex.ru/watch/90921095?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) IP93.158.134.119:0
GET /watch/90921095?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://magnetdl.123ultraproxy.com
Connection: keep-alive
Referer: http://magnetdl.123ultraproxy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/90921095/1?wmode=7&page-url=http%3A%2F%2Fmagnetdl.123ultraproxy.com%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A454%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A2%3Adp%3A0%3Als%3A1577879463542%3Ahid%3A631643260%3Az%3A0%3Ai%3A20230128080909%3Aet%3A1674893349%3Ac%3A1%3Arn%3A563502400%3Arqn%3A1%3Au%3A1674893349988372375%3Aw%3A1280x898%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C0%2C130%2C0%2C%2C0%2C%2C1355%2C1%2C%2C%2C%2C1533%3Aco%3A0%3Ans%3A1674893347360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1674893349%3At%3ASearch%20Magnet%2FTorrent%20Links%20%26%20Download%20Software%2C%20Movies%2C%20Games%2C%20Music%20%26%20More%20%3A%20MagnetDL&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 28 Jan 2023 08:09:07 GMT
access-control-allow-origin: http://magnetdl.123ultraproxy.com
set-cookie: yabs-sid=172754331674893347; Path=/; SameSite=None; Secure
i=AyChTVJmwWUZjcaE1ZraxAd0Q7qHdhLEZDXeAh0kFc5NnJOaXMxP2Ljyh5rlhxDvRBdQOFulDiGt0mAXQ/zvBiMchgM=; Expires=Tue, 25-Jan-2033 08:09:07 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=6752763181674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6752763181674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706429347.yc.1674893347#1706429347.yrts.1674893347#1706429347.yrtsi.1674893347; Expires=Sun, 28-Jan-2024 08:09:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 28-Jan-2023 08:09:07 GMT
last-modified: Sat, 28-Jan-2023 08:09:07 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|