Report - 1.dating-roo2.site/

Report Overview

Submitted URL
1.dating-roo2.site/
IP
185.162.10.217
ASN
#59729 ITL LLC
Submitted
2022-09-10 18:10:13
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76
monkeysloveyou.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420 B	17 kB	62.122.171.6
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
27.tegronews.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	8.5 kB	45.133.44.20
123.selornews.com	261839	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	51 kB	45.133.44.20
abservinean.com	57051	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	421 B	304 B	139.45.197.229
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.7 kB	172.64.155.188
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	505 B	745 B	139.45.195.8
1.dating-roo2.site	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	13 kB	185.162.10.217
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	797 B	93.184.220.29
forlumineoner.com	298831	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	4.3 kB	139.45.197.229
redrotou.net	145989	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	954 B	40 kB	139.45.197.251
tracker-tds.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	491 B	676 B	95.216.226.187

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-10	medium	redrotou.net	Sinkholed
2022-09-10	medium	redrotou.net	Sinkholed

JavaScript (15)

	URL	Size	First Seen	Last Seen
	monkeysloveyou.com/pn21ywqw/z/sc/scssx/1923279/lib.js?ymid=21d0axsqdj2ft6o096&var={source_subid}	27 kB	2023-03-07	2023-03-07
Pretty URL monkeysloveyou.com/pn21ywqw/z/sc/scssx/1923279/lib.js?ymid=21d0axsqdj2ft6o096&var={source_subid} IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash 6f7eac23e1c297727800f6ce69314003 fa9a1d298221f83e1f513e1fda1ef59fb518c63e 201a51ccc0721a78fcf69d5ec83135a22896b9f7a07594503b6515d64060b24a Loading...

	forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1923280&var=source_subid\|21d0axsqdj2ft6o096\|1923279	15 kB	2023-03-07	2023-03-17
Pretty URL forlumineoner.com/pfe/current/tag.min.js?pub=1&z=1923280&var=source_subid\|21d0axsqdj2ft6o096\|1923279 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:56:19 Last Seen2023-03-17 11:42:01 Times Seen1 Hash cc63ffb9d89c06962e77cf13c24d3ef1 caa98477427ff6b6d4f9dfcbddc32707f0f5e132 0bf6801ec18c86804afbf9afd9134b9b01735fb34500fc392c85b9ca48523c83 Loading...

	27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki	102 B	2023-03-07	2023-03-07
Pretty URL 27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki IP 45.133.44.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash 11501cdfe702924ce519ac5123e9e90b b50bb736e8ceb4004fd36aa00331aa07e5c60cba d9fdc7919d80ad8e89e9af4464f5eb6a5ad8595a3da4d6ab0488c3c086c31503 Loading...

	1.dating-roo2.site/	906 B	2023-03-07	2023-03-07
Pretty URL 1.dating-roo2.site/ IP 185.162.10.217 ASN #59729 ITL LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash 2fc57e5a4a11d258d7166eba2b2a84ec 75f6178c39c89bf4f89e6d812cf5f85568df3938 6502bd09e742bb28fbb18c658b56070acb3fc7bbad97439f9ac5119117f5eee5 Loading...

	1.dating-roo2.site/	16 kB	2023-03-07	2023-03-25
Pretty URL 1.dating-roo2.site/ IP 185.162.10.217 ASN #59729 ITL LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-25 22:21:46 Times Seen2 Hash 9f6a412fcccabb83d84e7ecb93391eae 4da2b20a96a76ba5a01718e6eb71e2a6bfd354ec 8d9c6fdbf8d6044d33f8dd9118cb7be9fadf57a2c7dc6bec6e7b48f35c6583d5 Loading...

	redrotou.net/pfe/current/micro.tag.min.js?z=5150464&sw=/sw-check-permissions-2e6d6.js&ymid=null&var=null	107 kB	2023-03-07	2023-03-17
Pretty URL redrotou.net/pfe/current/micro.tag.min.js?z=5150464&sw=/sw-check-permissions-2e6d6.js&ymid=null&var=null IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:56:18 Last Seen2023-03-17 11:42:00 Times Seen1 Hash 7042527352616dd941f07f006bb5e683 ad4d296293396366b11d199c4722048dd2368c56 8405754f606f37289a9ae29f4f40b1f80dc403f52753504d6b096153eecd098c Loading...

	123.selornews.com/script.js?slug=common-player-arrow	6.4 kB	2023-03-07	2023-03-10
Pretty URL 123.selornews.com/script.js?slug=common-player-arrow IP 45.133.44.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:24 Last Seen2023-03-10 17:35:29 Times Seen1 Hash 87ed65e4f6ca32b7320cfd6ef7134079 cd4d768c712dba07bf4d94be9ee2a77c4021ad44 808c9a6b91e4ee90a02147d0103af8148ed2dac8932ef766274b5c2b43cbe34c Loading...

	27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki	2.6 kB	2023-03-07	2023-04-05
Pretty URL 27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki IP 45.133.44.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:51 Last Seen2023-04-05 02:09:05 Times Seen5 Hash ac28ac1de186d16c281bb77aabc9d22e 218622fa2f528f6f4fcf3fdc6d51a72e22d0bc3c 87a238a1600c1af75d2b603796998bf9ed96cf5736345e523839e2b5b7aff409 Loading...

	1.dating-roo2.site/	103 B	2023-03-07	2023-03-07
Pretty URL 1.dating-roo2.site/ IP 185.162.10.217 ASN #59729 ITL LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash 794fe6910bd647f08e751188ef61e99a 1bb7b52a4b9236c7ee931f462bf86ff685041371 853166a297baf8fbb9987bb2410fdf04bc45148f4f9adaa59bb76f5c0023c965 Loading...

	27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki	140 B	2023-03-07	2023-04-05
Pretty URL 27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki IP 45.133.44.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:24 Last Seen2023-04-05 02:09:06 Times Seen26 Hash d5247a46d4b777cbdcd2b91d90b89d43 bf30f153f4ff2ad88dfc01edf9c11d164c85ac37 cce915a5cb317f8728c3ba508110aa72ddfc8f0104ba0507696515937b6ed5a4 Loading...

	27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki	104 kB	2023-03-07	2023-03-17
Pretty URL 27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki IP 45.133.44.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:56:19 Last Seen2023-03-17 11:42:01 Times Seen1 Hash 7490898c0f490720a0c78dfc9ba92b45 079a6dee4b0a234194ec1efb256d48f29a98cb30 6fdc6b3c308eb3057e6c2e8481a66960e145163d6375b37d00e75be68ea50497 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9a3c0fb980b419ee52c706bd26c68f0d	80 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash 9a3c0fb980b419ee52c706bd26c68f0d 1c100a5ac3e026ad1adeddca64aa22b4c04fd9b0 63db60e4d9f326a74b9a2c2157f4791070eb8d9b094c1e51bb541ce354c4f63a Loading...

	#2 Eval - c9707994a1cca943f83533379fd8ecfd	447 B	2023-03-07	2023-03-25
Pretty Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-25 22:21:46 Times Seen2 Hash c9707994a1cca943f83533379fd8ecfd 2aa5f4607a2aea36e08f2524959b9145d89117dd fd17317dd7f527d765cdfb97ebe7af5df9edc62de9d176a7b9ae22e3d01cb5dd Loading...

	#3 Eval - f7fef8930207b23ec9c04386f9a02c76	24 B	2023-03-07	2024-05-07
Pretty Observations First Seen2023-03-07 01:02:10 Last Seen2024-05-07 12:17:35 Times Seen9436 Hash f7fef8930207b23ec9c04386f9a02c76 146273d1c716700bb25aaa15e8595624b611ffdf 74867c5a2cf408b090752d3cb8767bb46fdb4a0529bc959d96f51aeb2607d7e3 Loading...

	#4 Eval - bd4a86ca89f87a0c617779f1dd6d669f	79 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 14:24:53 Last Seen2023-03-07 14:24:53 Times Seen1 Hash bd4a86ca89f87a0c617779f1dd6d669f 0b18dfbc0081dc9dea3d2715af95d05019ac20c6 80460a0dc41b258d8f93fbcda6336630de326d87f06e5cd615db25bcc66ad905 Loading...

HTTP Transactions (52)

URL IP Response Size

1.dating-roo2.site/

185.162.10.217

200 OK

13 kB

URL HTTP/1.1
1.dating-roo2.site/
IP
185.162.10.217:0
ASN
#59729 ITL LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (6127)
Size
13 kB (12832 bytes)
Hash
e18dbbb0fa7e34843246f12b1dd18656
fe197da8ea8121783bed762fd0d3e2035988416c
9f66cacf1caf2c3f474e7b50b7095b310520ee4d8bad28c795ba8025eceed63f

HTTP Headers

GET / HTTP/1.1
Host: 1.dating-roo2.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Sep 2022 18:10:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2166
Expires: Sat, 10 Sep 2022 18:46:08 GMT
Date: Sat, 10 Sep 2022 18:10:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 18:06:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YJ-Zmv3djjFUrOy8kfJVi1jbHFouYZX2ecMk1i1OEdP4IDUjHNEifA==
Age: 197

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZAbYYz8hxK0MwUjMq9dk7iub6iXVXI-lvuapGlRMytJkvjoHsopKNg==
age: 39170
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bec137161b4d16d7843c3bd17b416706
a05c0dd6ac1b372a13f8e9cac7d39af02853803b
bc241eef809baac4a17804d51e608abd4ff8ad8f07c702aba3ee4fb614485be0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC241EEF809BAAC4A17804D51E608ABD4FF8AD8F07C702ABA3EE4FB614485BE0"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6806
Expires: Sat, 10 Sep 2022 20:03:29 GMT
Date: Sat, 10 Sep 2022 18:10:03 GMT
Connection: keep-alive

redrotou.net/zone?&pub=0&zone_id=5150464&is_mobile=false&domain=1.dating-roo2.site&var=null&ymid=null&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL HTTP/2
redrotou.net/zone?&pub=0&zone_id=5150464&is_mobile=false&domain=1.dating-roo2.site&var=null&ymid=null&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=5150464&is_mobile=false&domain=1.dating-roo2.site&var=null&ymid=null&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://1.dating-roo2.site
Connection: keep-alive
Referer: http://1.dating-roo2.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:03 GMT
content-length: 0
x-trace-id: b71cbe11896ba2d8c3d728752f507bc9
access-control-allow-origin: http://1.dating-roo2.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 10 Sep 2022 17:56:07 GMT
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 17:59:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bY0fjKuBg9ljZzaTt4jg5dZmszoyqeW7VAhWVjfFSjuyq3rNh-5Ryw==
Age: 836

tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1

95.216.226.187

302 Found

0 B

URL HTTP/1.1
tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1
IP
95.216.226.187:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.php?key=0m3kex8j47sh7x0wskc1 HTTP/1.1
Host: tracker-tds.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1.dating-roo2.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Sat, 10 Sep 2022 18:10:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=xsqdj2ft6o; expires=Sun, 11-Sep-2022 18:10:03 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=xsqdj2ft6o-xsqdj2ft6o-wj-0-wj-4kuq-dz-a6c4df; expires=Sun, 11-Sep-2022 18:10:03 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki
Strict-Transport-Security: max-age=31536000

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3777
Cache-Control: max-age=140380
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 18:10:03 GMT
Etag: "631c4596-1d7"
Expires: Mon, 12 Sep 2022 09:09:43 GMT
Last-Modified: Sat, 10 Sep 2022 08:06:46 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

redrotou.net/pfe/current/micro.tag.min.js?z=5150464&sw=/sw-check-permissions-2e6d6.js&ymid=null&var=null

139.45.197.251

200 OK

40 kB

URL HTTP/2
redrotou.net/pfe/current/micro.tag.min.js?z=5150464&sw=/sw-check-permissions-2e6d6.js&ymid=null&var=null
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
40 kB (39775 bytes)
Hash
1b03711e952e2c701ce0d48797621bae
dbc884f16f81689842ec797b6095a905bee6364c
423ad691a9eb57744d31ec591dc8cf71f7e352123c9fb5dc90d8aa1ca85a1097

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=5150464&sw=/sw-check-permissions-2e6d6.js&ymid=null&var=null HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1.dating-roo2.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:03 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
35e38c21dcae034b2587f6907295bf0c
e01a7a302bce428c6a8fd5ad74dbdf37a999b973
58cd0dc8d32f289fb7bdf00843df3dacad73e7536ece486d61101d66a093ada0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Sep 2022 09:12:13 GMT
Expires: Wed, 14 Sep 2022 09:12:12 GMT
Etag: "e01a7a302bce428c6a8fd5ad74dbdf37a999b973"
Cache-Control: max-age=312728,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e446cf70b59-OSL

27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki

45.133.44.20

200 OK

6.6 kB

URL HTTP/2
27.tegronews.com/dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1913)
Size
6.6 kB (6604 bytes)
Hash
a2a3308172a9036912891a909172e625
166003f8a5f86ecafe12dfbf2dfdd8188bc19457
887508b4625112e0edeba18ef3da53e5bf28922ea059e100b0c22a8f328e194a

HTTP Headers

GET /dannig/common-player/index.html?var={source_subid}&ymid=21d0axsqdj2ft6o096&rc=0&mrc=1&zoneid=1923279&tburl=https://tracker-tds.info/index.php?key=ctxhj1ubkccojtcec5ki HTTP/1.1
Host: 27.tegronews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1.dating-roo2.site/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:03 GMT
content-type: text/html; charset=utf-8
content-length: 6604
server: nginx/1.16.1
last-modified: Wed, 22 Dec 2021 16:47:12 GMT
etag: a2a3308172a9036912891a909172e625
x-timestamp: 1640191631.97886
x-trans-id: tx9ebe72d2cebe4739a3248-0061c43777
x-openstack-request-id: tx9ebe72d2cebe4739a3248-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:03 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e1f86eddd07a9482a8e0d57d5be5b8fe
e0dfe59d246a3b086eabdd3ea3732c5940fe711b
536bf71b2a83b5f03bbdc897ac4152a6c70777594dee3ce9c218bd14c49e4fd5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:31:28 GMT
Expires: Thu, 15 Sep 2022 18:31:27 GMT
Etag: "e0dfe59d246a3b086eabdd3ea3732c5940fe711b"
Cache-Control: max-age=432682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e470ff70b59-OSL

123.selornews.com/script.js?slug=common-player-arrow

45.133.44.20

200 OK

6.4 kB

URL HTTP/2
123.selornews.com/script.js?slug=common-player-arrow
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
C source, ASCII text, with very long lines (349)
Size
6.4 kB (6400 bytes)
Hash
87ed65e4f6ca32b7320cfd6ef7134079
cd4d768c712dba07bf4d94be9ee2a77c4021ad44
808c9a6b91e4ee90a02147d0103af8148ed2dac8932ef766274b5c2b43cbe34c

HTTP Headers

GET /script.js?slug=common-player-arrow HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 6400
server: nginx/1.16.1
last-modified: Fri, 17 Jun 2022 14:53:17 GMT
etag: 87ed65e4f6ca32b7320cfd6ef7134079
x-timestamp: 1655477596.31301
cache-control: max-age=172800
x-trans-id: tx4895d4d89d9c49979dfc5-0062ac9591
x-openstack-request-id: tx4895d4d89d9c49979dfc5-0062ac9591
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon4.png

45.133.44.20

200 OK

7.0 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon4.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7032 bytes)
Hash
7ad7f32c1c0df7b4975cc41bda4ac435
81d57e996ee6cd9e122592e68ffa3d55c1ba10ff
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f

HTTP Headers

GET /dannig/common-player-arrow/img/icon4.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 7032
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:47 GMT
etag: 7ad7f32c1c0df7b4975cc41bda4ac435
x-timestamp: 1621260766.57654
x-trans-id: tx215c904acc1b4d098b48b-0061c43773
x-openstack-request-id: tx215c904acc1b4d098b48b-0061c43773
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon5.png

45.133.44.20

200 OK

3.3 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon5.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3264 bytes)
Hash
1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503

HTTP Headers

GET /dannig/common-player-arrow/img/icon5.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 3264
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:47 GMT
etag: 1e1a7582b5da63e10485d63f97abc9a0
x-timestamp: 1621260766.74516
x-trans-id: tx08562062e0c7405e8c2e5-0061c43776
x-openstack-request-id: tx08562062e0c7405e8c2e5-0061c43776
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon7.png

45.133.44.20

200 OK

3.3 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon7.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3283 bytes)
Hash
b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718

HTTP Headers

GET /dannig/common-player-arrow/img/icon7.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 3283
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:48 GMT
etag: b512735542cb07b3b2dcf153a7dfe456
x-timestamp: 1621260767.43555
x-trans-id: tx935449a99ad24e399a39e-0061c43774
x-openstack-request-id: tx935449a99ad24e399a39e-0061c43774
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon8.png

45.133.44.20

200 OK

4.1 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon8.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4064 bytes)
Hash
f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1

HTTP Headers

GET /dannig/common-player-arrow/img/icon8.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 4064
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:48 GMT
etag: f92d6474ebc6a3a0b576749cfb4afe98
x-timestamp: 1621260767.46514
x-trans-id: tx4e1ca880eef04158bb33c-0061c43773
x-openstack-request-id: tx4e1ca880eef04158bb33c-0061c43773
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon1.png

45.133.44.20

200 OK

7.3 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon1.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.3 kB (7252 bytes)
Hash
3d0ab5834c8bf7134e4d21fa3288317f
c31d1a6b9df206f67ea194f4c424cdc372a423c2
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27

HTTP Headers

GET /dannig/common-player-arrow/img/icon1.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 7252
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:47 GMT
etag: 3d0ab5834c8bf7134e4d21fa3288317f
x-timestamp: 1621260766.56573
x-trans-id: txefc825b0ed8b472cb9d85-0061c43774
x-openstack-request-id: txefc825b0ed8b472cb9d85-0061c43774
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon2.png

45.133.44.20

200 OK

4.6 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon2.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4576 bytes)
Hash
c947d439eb93367f1af5b2a3d222f057
5b4c10820d39e624bc6df72a113679da80a8e44e
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2

HTTP Headers

GET /dannig/common-player-arrow/img/icon2.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 4576
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:47 GMT
etag: c947d439eb93367f1af5b2a3d222f057
x-timestamp: 1621260766.58366
x-trans-id: tx066d39b603164a8d80c52-0061c43773
x-openstack-request-id: tx066d39b603164a8d80c52-0061c43773
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/icon3.png

45.133.44.20

200 OK

7.8 kB

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/icon3.png
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7847 bytes)
Hash
8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba

HTTP Headers

GET /dannig/common-player-arrow/img/icon3.png HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: image/png
content-length: 7847
server: nginx/1.16.1
last-modified: Mon, 17 May 2021 14:12:51 GMT
etag: 8f3cc830da0b1fdf66bda7d1d734747b
x-timestamp: 1621260770.61859
x-trans-id: txf1afb96819d048d789705-0061c43777
x-openstack-request-id: txf1afb96819d048d789705-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Mon, 12 Sep 2022 18:10:04 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

123.selornews.com/dannig/common-player-arrow/img/v_F.ico

45.133.44.20

404 Not Found

70 B

URL HTTP/2
123.selornews.com/dannig/common-player-arrow/img/v_F.ico
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with no line terminators
Size
70 B (70 bytes)
Hash
cb75a4a5436bc5f23fd500aed9ab3ad4
270ba1020384007ebcd50e4985b6a3bbe63f194b
cd08cc3cd7dbd890951754b1e187e2fbe4d68d6a77b2618eb00740a8281c9b56

HTTP Headers

GET /dannig/common-player-arrow/img/v_F.ico HTTP/1.1
Host: 123.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
date: Sat, 10 Sep 2022 18:10:04 GMT
content-type: text/html; charset=UTF-8
content-length: 70
server: nginx/1.22.0
x-trans-id: tx26b37fcf58cd4f9786f75-00631cd2c3
x-openstack-request-id: tx26b37fcf58cd4f9786f75-00631cd2c3
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
x-proxy-cache: HIT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e1f86eddd07a9482a8e0d57d5be5b8fe
e0dfe59d246a3b086eabdd3ea3732c5940fe711b
536bf71b2a83b5f03bbdc897ac4152a6c70777594dee3ce9c218bd14c49e4fd5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:31:28 GMT
Expires: Thu, 15 Sep 2022 18:31:27 GMT
Etag: "e0dfe59d246a3b086eabdd3ea3732c5940fe711b"
Cache-Control: max-age=432682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e470b8ab50c-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e1f86eddd07a9482a8e0d57d5be5b8fe
e0dfe59d246a3b086eabdd3ea3732c5940fe711b
536bf71b2a83b5f03bbdc897ac4152a6c70777594dee3ce9c218bd14c49e4fd5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:31:28 GMT
Expires: Thu, 15 Sep 2022 18:31:27 GMT
Etag: "e0dfe59d246a3b086eabdd3ea3732c5940fe711b"
Cache-Control: max-age=432682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e470cd10b69-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e1f86eddd07a9482a8e0d57d5be5b8fe
e0dfe59d246a3b086eabdd3ea3732c5940fe711b
536bf71b2a83b5f03bbdc897ac4152a6c70777594dee3ce9c218bd14c49e4fd5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:31:28 GMT
Expires: Thu, 15 Sep 2022 18:31:27 GMT
Etag: "e0dfe59d246a3b086eabdd3ea3732c5940fe711b"
Cache-Control: max-age=432682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e471ac9b512-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e1f86eddd07a9482a8e0d57d5be5b8fe
e0dfe59d246a3b086eabdd3ea3732c5940fe711b
536bf71b2a83b5f03bbdc897ac4152a6c70777594dee3ce9c218bd14c49e4fd5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:31:28 GMT
Expires: Thu, 15 Sep 2022 18:31:27 GMT
Etag: "e0dfe59d246a3b086eabdd3ea3732c5940fe711b"
Cache-Control: max-age=432682,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e471e4d0b55-OSL

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3302
Expires: Sat, 10 Sep 2022 19:05:06 GMT
Date: Sat, 10 Sep 2022 18:10:04 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3302
Expires: Sat, 10 Sep 2022 19:05:06 GMT
Date: Sat, 10 Sep 2022 18:10:04 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3302
Expires: Sat, 10 Sep 2022 19:05:06 GMT
Date: Sat, 10 Sep 2022 18:10:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4477 bytes)
Hash
71bafbee3867c04c3712ff98a123d52c
ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf
58ff1700e0b125caefb73719e2b3d734b2fbcc5ed1aabe5a11bb73b43edab831

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4477
x-amzn-requestid: bbdca46e-5628-4faf-a0fe-ea1b5b39ac2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjzaHrIoAMF-iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb348-567e946e7cf77f2e11c17c97;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: a0AyKhmYA7WPwciU2nTXwyChZV_riw1QsqI_giBIcdZhi3Nz4jM0Sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:11 GMT
age: 72653
etag: "ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9766 bytes)
Hash
7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HwwG0Hjf8uZn1AtbLU_wKs3w9lict3tRP31XQY6tIxDz9KDNaBMAqw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 04:00:05 GMT
age: 50999
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a40490a-216d-49e4-bfae-20c0ba1e9616.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4434 bytes)
Hash
0fd70eea0aa5e563509d9e2c0ae25050
75438d4566755201604bebadec4b699ba585b62b
584534a66a490a6a5f217b484edc5aebbb3076f70280984fecd724138420331c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a40490a-216d-49e4-bfae-20c0ba1e9616.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4434
x-amzn-requestid: d2239717-afaf-485c-b238-e421f3f2750f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjs3GsCoAMFTYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb31e-4d779e9e395f30db784955e7;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: hW6DClTvHw4WjHttC_4SBQBO0E8cAi1GnufETnH2OzaUP0EAj0S14g==
via: 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:54:41 GMT
age: 72923
etag: "75438d4566755201604bebadec4b699ba585b62b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8266 bytes)
Hash
d21a3e07583d9fad4104b6457f7915e7
fdc9453562f993e2545ca99731a7741e748b6082
8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:50:11 GMT
age: 73193
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7218 bytes)
Hash
3f8aeb20a6543be83f3e422796c4dc70
4e4e127039dd8099c63c3bde198118d2874f7342
0f9fdd1b577e4719f88620bb451131bfb120790479b4feccb4222647fb3ea453

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7218
x-amzn-requestid: 4e9672b6-5415-4808-9508-22e8c42de448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_QzHffIAMFYTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318459e-743b975a2770e2a90c616d87;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:17:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dR6KtfbMJzFz0j8zIFUNtdkJHUaerjxWbUyYKBD-jR_uAAvCCty01Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:01:33 GMT
age: 72511
etag: "4e4e127039dd8099c63c3bde198118d2874f7342"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8676 bytes)
Hash
e8f11aeba65478b039cfb4100aa23435
88db17a82ea0207ccb4826c2961875c5106b427a
6f6ec5922ec54d824e7f933de87608c5a763da119ae9461d99c6525649b1a9af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: 64a58aa8-8321-4c91-98fe-dbf97996c513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNiuZEjnIAMFRFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb18f-77b635593b202d7d3cd0ac84;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: VWwNSpFvcDq3nrn91QvYjrJX5hLjp96vrKgZzR-pOdrdHx7MlcagGQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:43 GMT
age: 71781
etag: "88db17a82ea0207ccb4826c2961875c5106b427a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
15a2b1b6f48490f5127ca8b8dbafff33
de1e2ce23832c7d9f14cb2507fe20bd1f81ac916
aacc4fcee02cefba8885c1a12ca3d7ee5d54f777f27e5e2791bd29383cfe0726

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AACC4FCEE02CEFBA8885C1A12CA3D7EE5D54F777F27E5E2791BD29383CFE0726"
Last-Modified: Fri, 09 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3641
Expires: Sat, 10 Sep 2022 19:10:46 GMT
Date: Sat, 10 Sep 2022 18:10:05 GMT
Connection: keep-alive

monkeysloveyou.com/pn21ywqw/z/sc/scssx/1923279/lib.js?ymid=21d0axsqdj2ft6o096&var={source_subid}

62.122.171.6

200 OK

16 kB

URL HTTP/2
monkeysloveyou.com/pn21ywqw/z/sc/scssx/1923279/lib.js?ymid=21d0axsqdj2ft6o096&var={source_subid}
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
16 kB (16432 bytes)
Hash
3f4ba17ae2a2ca4a7919444e2ffb62e8
c79ea1ba494c6d38b87903e755822b3af7038cac
1b311fdfba19b1cdbcb437cf4843f62b40874fbba69af79bd6dcd6fa1c7d3729

HTTP Headers

GET /pn21ywqw/z/sc/scssx/1923279/lib.js?ymid=21d0axsqdj2ft6o096&var={source_subid} HTTP/1.1
Host: monkeysloveyou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: script
set-cookie: UID=2209101310caa06e3a36cd4aa9984e21d882; Path=/; Expires=Sun, 10 Sep 2023 18:10:05 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://27.tegronews.com/
Origin: https://27.tegronews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://27.tegronews.com/
Origin: https://27.tegronews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Content-Type: application/json
Origin: https://27.tegronews.com
Content-Length: 591
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bcbe6b13fcc0081c02080f783273f826
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Content-Type: application/json
Origin: https://27.tegronews.com
Content-Length: 969
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bd9692a6dea592709c572c7c920e99fb
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Content-Type: application/json
Origin: https://27.tegronews.com
Content-Length: 599
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7dc4e1ebd52efa497d06a0905ad84c21
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 18:10:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=432314,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748a1e51aa770b59-OSL

my.rtmark.net/gid.js?pub=1&userId=9af2831f67ff4e16aa538bf162ec3309&zoneId=1923280&checkDuplicate=true&ymid=&var=source_subid|21d0axsqdj2ft6o096|1923279

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=1&userId=9af2831f67ff4e16aa538bf162ec3309&zoneId=1923280&checkDuplicate=true&ymid=&var=source_subid|21d0axsqdj2ft6o096|1923279
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
394d53906e79d1bfa8d698c6a800c76a
7a1591c3fa12dbac275a5d89e7538266cfb81ade
f75729970ff7ed2f38e9aa469361b9d7563d0461ff91e8872a202c49e67932eb

HTTP Headers

GET /gid.js?pub=1&userId=9af2831f67ff4e16aa538bf162ec3309&zoneId=1923280&checkDuplicate=true&ymid=&var=source_subid|21d0axsqdj2ft6o096|1923279 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Origin: https://27.tegronews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://27.tegronews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9af2831f67ff4e16aa538bf162ec3309; expires=Sun, 10 Sep 2023 18:10:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

27.tegronews.com/hyw/1923279.js?v=3.1.392&o=9af2831f67ff4e16aa538bf162ec3309&pub=1&p=1923280

45.133.44.20

200 OK

217 B

URL HTTP/2
27.tegronews.com/hyw/1923279.js?v=3.1.392&o=9af2831f67ff4e16aa538bf162ec3309&pub=1&p=1923280
IP
45.133.44.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text
Size
217 B (217 bytes)
Hash
8940dbd4b192dab51079131d72483719
04611e0b7c2bb6f71e209260015523e9eb5c34e4
636d2b2a62e43c8845a02c7bd619dd2ada1e0e31c2fd86768666fe14012da19e

HTTP Headers

GET /hyw/1923279.js?v=3.1.392&o=9af2831f67ff4e16aa538bf162ec3309&pub=1&p=1923280 HTTP/1.1
Host: 27.tegronews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 217
server: nginx/1.16.1
last-modified: Wed, 20 Jul 2022 06:37:08 GMT
etag: 8940dbd4b192dab51079131d72483719
x-timestamp: 1658299027.98570
x-trans-id: txb39257748c6649128e6e7-0062d7a3a2
x-openstack-request-id: txb39257748c6649128e6e7-0062d7a3a2
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Mon, 12 Sep 2022 18:10:05 GMT
cache-control: max-age=172800
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
91933db02a9aad208d075d60454f5992
4b7500e5eb7140cc6b359358f9f52b5d2e28e078
4cb5481cf6c775f845cd6316f310399e6b5a48ccc341f737f330febe1cb807ac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4CB5481CF6C775F845CD6316F310399E6B5A48CCC341F737F330FEBE1CB807AC"
Last-Modified: Thu, 08 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5756
Expires: Sat, 10 Sep 2022 19:46:02 GMT
Date: Sat, 10 Sep 2022 18:10:06 GMT
Connection: keep-alive

forlumineoner.com/event

139.45.197.229

200 OK

0 B

URL HTTP/2
forlumineoner.com/event
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://27.tegronews.com/
Origin: https://27.tegronews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:06 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/event

139.45.197.229

200 OK

94 B

URL HTTP/2
forlumineoner.com/event
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
b66c4695370d5df49a19e93551ece59c
3998fa1ffb149ff7fd091f76bc7b985b0762b4e6
d162a543b0385f8f433ec822a3055dfaafbb7c0056a9e674e4e226a2bfb64720

HTTP Headers

POST /event HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Content-Type: application/json
Origin: https://27.tegronews.com
Content-Length: 433
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:06 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 91b5c3f6270c5eff215348d96019fb95
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Content-Type: application/json
Origin: https://27.tegronews.com
Content-Length: 725
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b733d446b556ef703728d04fd5d758a1
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

abservinean.com/pfe/current/service-worker.min.js?r=sw

139.45.197.229

200 OK

0 B

URL HTTP/2
abservinean.com/pfe/current/service-worker.min.js?r=sw
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: abservinean.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.tegronews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:06 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:39 GMT
etag: W/"6315ec67-1d310"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/universal.min.js?v=3.1.392

139.45.197.229

200 OK

0 B

URL HTTP/2
forlumineoner.com/pfe/current/universal.min.js?v=3.1.392
IP
139.45.197.229:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.392 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.tegronews.com/
Origin: https://27.tegronews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 18:10:05 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:39 GMT
etag: W/"6315ec67-20481"
access-control-allow-origin: https://27.tegronews.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations