Report - sh.st/vocDG

Report Overview

Submitted URL
sh.st/vocDG
IP
104.26.6.218
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-08 23:18:22
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
cdn.creative-bars1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	11 kB	172.64.109.13
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	39 kB	142.250.74.168
ptauxofi.net	35628	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	57 kB	139.45.197.250
verdictdisingenuousfruitless.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.7 kB	23 kB	192.243.61.225
prhzxq.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	486 B	238 B	185.162.85.2
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	282 B	327 B	192.243.61.225
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.190.4
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	716 B	757 B	216.58.207.228
sh.st	118569	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	51 kB	104.26.6.218
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802 B	147 kB	45.133.44.10
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	397 B	18.185.190.54
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	21 kB	142.250.74.110
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	143.204.42.88
ubbfpm.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	137 kB	95.216.206.230
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	81 kB	216.58.207.227
friendshipmale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	268 B	28 kB	172.64.163.31
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	736 B	1.8 kB	216.58.211.2
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360 B	15 kB	151.101.194.137
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	846 B	192.243.61.227
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	12 kB	23.33.119.27
ja.rewashwudu.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	562 B	2.6 kB	172.255.6.48
bam.nr-data.net	630	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	871 B	226 B	162.247.241.14
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
addresseepaper.com	18169	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	268 B	3.3 kB	34.160.73.230
endangersquarereducing.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	314 B	22 kB	192.243.59.12
static.shorte.st	441905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	3.0 kB	104.26.4.107
static.sh.st	276104	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	977 B	118 kB	172.67.68.250
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.1 kB	10 kB	142.250.74.131
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.9 kB	142.250.74.106
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	427 B	386 B	45.133.44.3
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	796 B	93.184.220.29
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	733 B	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	ptauxofi.net/custom	Malware
2022-12-08	medium	ptauxofi.net/custom	Malware
2022-12-08	medium	ptauxofi.net/pfe/current/defaultSkin.min.js	Phishing
2022-12-08	medium	ptauxofi.net/custom	Malware
2022-12-08	medium	ptauxofi.net/custom	Malware
2022-12-08	medium	cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	banquetunarmedgrater.com	Sinkholed
2022-12-08	medium	unseenreport.com	Sinkholed
2022-12-08	medium	unseenreport.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed
2022-12-08	medium	verdictdisingenuousfruitless.com	Sinkholed

JavaScript (24)

	URL	Size	First Seen	Last Seen
	sh.st/shortest-url/end-adsession?adSessionId=794fcdea489fa72240acb07a63af6b9af03ca5ef&adbd=0&callback=reqwest_1670541490385	86 B	2023-03-08	2023-03-08
Pretty URL sh.st/shortest-url/end-adsession?adSessionId=794fcdea489fa72240acb07a63af6b9af03ca5ef&adbd=0&callback=reqwest_1670541490385 IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 9a0fb74c8272b34d69faa935030980b6 83e8455c75162aa84320c2cb920a20e893a123e9 abf4481c3e626d8d8aafaea4380595c8123ab5420ab887c7565e1d2070bfeff2 Loading...

	sh.st/vocDG	2.7 kB	2023-03-08	2023-03-08
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 99eda3a2bff676d14c219cfdcba89ac6 4e88148ff01d86d468c453141759c2df9de74c58 0c8b1060ecefed22c369ea78d3919b236929f624aef2be38213303f69d10418b Loading...

	http:blank	1.6 kB	2023-03-08	2023-03-08
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 93bbe5e03b29743f784755ae74b3788d c144524635ecc709e3eda4c4ed67e68aed92fc4c 72d73f4ee50abf0bc7381c74a34919e11b2432d889f400ef3f98818ecce6c75d Loading...

	sh.st/vocDG	1.4 kB	2023-03-08	2023-03-08
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 080e0cb51969cad9956eece7e5adf493 f2bf4b9f1f09954a5749a985cf8867600d5301a3 61ac401ba913c3946f06b28b67aa0072a3cc1f446f2260cc984029b79a5a7cd8 Loading...

	sh.st/vocDG	102 kB	2023-03-08	2023-03-11
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:37 Times Seen1 Hash 4224657dcd443a3bd29476e92ab48558 d237d75a44e44df6826a0f3fe76a848de0599070 e3abef6168f06a92edfc05945cd2336f3ba3bb2719c3380393ec498e755c97fb Loading...

	sh.st/vocDG	10 kB	2023-03-07	2023-03-17
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:57 Last Seen2023-03-17 12:28:42 Times Seen1 Hash 93afa91a2fa0dc7a7252434edf7f754c b2e775fc56516760853835b76c5848ab00ea0264 60e7efce5a475f490f753910aa75736aba090c08c66052a479b9b6b62e252812 Loading...

	sh.st/vocDG	412 B	2023-03-07	2024-03-06
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash e57a17959756709555be23700fdf86e0 5f995918711370e6c6847a0942d9007cf364cc21 537be2c7d2a919573cfcb2a600e327546e046b656e1ff22513ca98f03965a3ed Loading...

	endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js	60 kB	2023-03-08	2023-03-08
Pretty URL endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash dc188bb9b511d432af7772126e486d31 237e0b1b573b9d8e6755fd2950654e4b78db47c1 96e899a5043c9e117434a39d48054cbc017a651c724ac3259a49d1a33c4d21e7 Loading...

	ptauxofi.net/pfe/current/tag.min.js?z=4157053	15 kB	2023-03-08	2023-03-11
Pretty URL ptauxofi.net/pfe/current/tag.min.js?z=4157053 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:36 Times Seen1 Hash 191ea99ed07a7fe90b457168edd25141 0ace741f1e05b34e1e266360de25d4c29facd2e1 f28c7f29111515de23861d74072c7f60e4a06965c91476e8d7d3409062d9d358 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ	97 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 0cb14e1b0d3a420fa7ea45799585d5ff ace3260f1187713368ea1a33af62a88f383f40bf 923a4f319450f8aa2cf5d9cbe3c9ec0e51ae24c222ad6f37472eaed3cdd62c54 Loading...

	http:blank	580 B	2023-03-08	2023-03-08
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 5d19684a9c2c89f5c622fec6d2a12ec6 5247b616900e797c6e05c17c05dd5b1f8322ff19 cbf450f1888d56ee10cc8ca92e6252a40a3eb3b7b28fc13d17e66ed616a827a3 Loading...

	www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash 0b7e00c9b2d4a418775e73892a4c1242 9378f620f23924ae28841e6dda47488c38f8c972 9e25da9bf239ac1b8ea0b69c2d7db0a1303978bb2e240982eff73e781117c7ee Loading...

	verdictdisingenuousfruitless.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js	37 kB	2023-03-08	2023-03-08
Pretty URL verdictdisingenuousfruitless.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash d072bd8667bd6070c2f8095448cbffef dbb8fa1675cd5d78218f2255848ce94b2eebe18a 0fe5223d152a38c2296fc6130057f2a5b512250410afa1930a45fa0fe25ba314 Loading...

	sh.st/vocDG	173 B	2023-03-07	2024-03-06
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen287 Hash a881bba8a59d80992e9c397d3cc3d67a 85ab04d40c85bd897b78a88dd6da95671fa6d64e dbd5a5ffb649a1301d16a94539210972ab60b8e7972f4b073d6199a6c5268888 Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 03:45:54 Times Seen37534330 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	js-agent.newrelic.com/nr-1216.min.js	39 kB	2023-03-07	2023-12-02
Pretty URL js-agent.newrelic.com/nr-1216.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:59 Last Seen2023-12-02 09:02:29 Times Seen204 Hash 9f533d8cd24b2c5e3b4dc886ecbd43e8 4aaad79f222fbcf885679bb30ac0cb6c14ec06eb 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708 Loading...

	cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js	90 kB	2023-03-07	2024-05-10
Pretty URL cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js IP 172.64.109.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2024-05-10 22:18:37 Times Seen4156 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	sh.st/vocDG	26 kB	2023-03-07	2024-05-11
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-05-11 00:11:58 Times Seen2105 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	sh.st/vocDG	337 B	2023-03-08	2024-02-11
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:02 Last Seen2024-02-11 16:57:25 Times Seen5 Hash 2195bb02db45bcb639b145f48f75d599 865908c7aa3e1da1fa14c8076ff0fc12a3450465 463575fb94833bebbc67fca92687066e325a5730783336f13ea94d207ba6c7fd Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-05-10
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-05-10 19:48:26 Times Seen1646 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1670541490913&cv=11&fst=1670541490913&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=416571826.1670541491&data=event%3Dgtag.config&rfmt=3&fmt=4	2.0 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1670541490913&cv=11&fst=1670541490913&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=416571826.1670541491&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.211.2 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:54:36 Last Seen2023-03-08 22:54:36 Times Seen1 Hash ca9c573f2b263ce31baba9d7bc733112 dc5938ae2b1a878340b569753642e98722052ad5 a7dc0f2cde4328eb5e98f5211718e558035359492715bfe5569047b0c8ed6642 Loading...

	sh.st/vocDG	385 B	2023-03-07	2024-03-06
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash 18f785c58c9ad2590695ebb6a75b48f0 9260be0a1f90cd980c5cd2197dfe4835100a31f6 8ff650b1e7d5cdd15bd9b492c15b443a53cf3fa85f0ed1ab907afe74aa127d92 Loading...

	sh.st/vocDG	224 B	2023-03-07	2024-03-06
Pretty URL sh.st/vocDG IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen285 Hash 1257ac8e5dfe1e338f9a7190fac3bf8b 91039ad3afbab7525d86a3220ded4109a7f112a7 dbfe45437742f1831de6c1818e9060e0ec9d588b4779558f9c91f621453666ea Loading...

		Size	First Seen	Last Seen
	#1 Write - f335050a57e251ea4048b9b1a8a6d71b	51 kB	2023-03-07	2024-03-06
Pretty Observations First Seen2023-03-07 13:18:18 Last Seen2024-03-06 04:49:02 Times Seen41 Hash f335050a57e251ea4048b9b1a8a6d71b 2aeb7b35710619112455fd7b88087000003b7439 4a0228162dcb255765f0a668c71b18484b74352e9138e0cc41c5dfa0022c5f0d Loading...

HTTP Transactions (103)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7757
Expires: Fri, 09 Dec 2022 01:27:27 GMT
Date: Thu, 08 Dec 2022 23:18:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12166
Expires: Fri, 09 Dec 2022 02:40:56 GMT
Date: Thu, 08 Dec 2022 23:18:10 GMT
Connection: keep-alive

sh.st/vocDG

104.26.6.218

200 OK

30 kB

URL HTTP/1.1
sh.st/vocDG
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16096), with CRLF, LF line terminators
Size
30 kB (30052 bytes)
Hash
0727b3dd4603a44587d61477494328e8
404fbb48682d8c83075b29f1a7c059a4a9127ec1
4e8406b371f7b1902fba8c571d9ece95eb237bc789cc6004f98cd07e7b524794

HTTP Headers

GET /vocDG HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=4of5ouob5n9pe7amf3diioa777; expires=Fri, 09-Dec-2022 00:18:10 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Fri, 08-Dec-2023 23:18:10 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jis6Bk7CGyParv7N8InI43%2FWxu0Ex1cBet4RhRxeww8v6MpL8964bl%2BHoCOlb9ZBtOfZ4JnhGm87%2BiO9rv%2FDUiYzFzXJAyRzCb%2F3Jnxx71BNIn8GF%2Fa1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776937fc6f801c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 23:08:16 GMT
content-type: application/json
age: 594
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c3470f9f0a4df8c1496b577fa9435ff6
f83b0226bb57ed0f3e1acdad61b940414add135d
f542579e3a3577a646babde862282c2afda6ed784360a915143216100f7a3d91

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F542579E3A3577A646BABDE862282C2AFDA6ED784360A915143216100F7A3D91"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13493
Expires: Fri, 09 Dec 2022 03:03:03 GMT
Date: Thu, 08 Dec 2022 23:18:10 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: l3oTlNWXigN2u5aL+ToaG2ZErr1PtKgOiR76pZsxDOB3GSf16wgAcAVA3dJPFC7NIDKRF3IMWrE=
x-amz-request-id: NRP30KPPJQSDCM2R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 22:49:59 GMT
age: 1691
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:10 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0

172.67.68.250

200 OK

25 kB

URL HTTP/1.1
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP
172.67.68.250:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (20454)
Size
25 kB (24685 bytes)
Hash
f7baccd666678569795749f591a8a75a
f3d8c85e9290ec755535df4edd5a91de44f3dc2c
553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc

HTTP Headers

GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Fri, 09 Dec 2022 16:21:29 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 25002
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy5PItKIqW8qcKZJ%2BuEZXXaBY7s0C5pV4idyPzfo%2B7oi57beEjUc29ytX%2F3i6pDh%2FO6AxCJVaVOMiBwFPIXvrWD2AAVKAia%2F1GP%2Ftuu3GHmavgSvLFdPJa634VoARg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776937feff55b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62a6b4d8887bb7521e5dddffe8005263
f6db08567c298d56959e7d60e28eaa7cce7c0538
6863a9c3a8446487ea56a91b7110c12ca7183b509219b2d2a7308af8fc0518e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6863A9C3A8446487EA56A91B7110C12CA7183B509219B2D2A7308AF8FC0518E7"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1792
Expires: Thu, 08 Dec 2022 23:48:03 GMT
Date: Thu, 08 Dec 2022 23:18:11 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ja.rewashwudu.com/fmwhVStpL4dxap/46223

172.255.6.48

200 OK

26 B

URL HTTP/1.1
ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP
172.255.6.48:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 09-Dec-2022 23:18:11 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 09-Dec-2022 23:18:11 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0

172.67.68.250

200 OK

6.2 kB

URL HTTP/1.1
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP
172.67.68.250:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6226 bytes)
Hash
9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

HTTP Headers

GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Fri, 09 Dec 2022 10:35:09 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 45782
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYyRKUAD5YPqsj0bVdoohlcadRHPPfs5e2WgZU57gAFangiqpqF75yHYCz2Colvfv4AgsaEIMU20jMt4TcMmhHm77BbLicZ1NhZcOUti32lRZwRuZSXBonaG1V7OnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776937ff980bb529-OSL
alt-svc: h2=":443"; ma=60

ubbfpm.com/ms/1102360/inpage.js

95.216.206.230

200 OK

137 kB

URL HTTP/1.1
ubbfpm.com/ms/1102360/inpage.js
IP
95.216.206.230:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (65536), with no line terminators
Size
137 kB (136908 bytes)
Hash
a927c125e094a40587c9d3448a419dda
587cd6e75673b79cf8587061cb561f68f526be7d
648d2e2399f3a2cf84077cc312438ad6aca6ea553d79d1309f7cad54e7e21c50

HTTP Headers

GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript
Content-Length: 136908
Last-Modified: Thu, 08 Dec 2022 10:36:09 GMT
Connection: keep-alive
ETag: "6391be19-216cc"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0

172.67.68.250

200 OK

84 kB

URL HTTP/1.1
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP
172.67.68.250:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Size
84 kB (84545 bytes)
Hash
0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

HTTP Headers

GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Expires: Fri, 09 Dec 2022 11:20:05 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 43086
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6rhQkGGfp81vKVKcAv6IpViIyPMqfFI2ReC8v8C2laBDsWfJmp4ynebsBFUw%2ByTxanLJHmoDdls1Hy0XPHZ2GtQmPmKQK%2BiiJxbErMnDyfreo%2FGotImHaktzYWqbA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776937ffc826b529-OSL
alt-svc: h2=":443"; ma=60

sh.st/bundles/smeweb/img/tracking-484492.gif?t=1670541490

104.26.6.218

200 OK

43 B

URL HTTP/1.1
sh.st/bundles/smeweb/img/tracking-484492.gif?t=1670541490
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/tracking-484492.gif?t=1670541490 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/vocDG
Cookie: hl=en; cookies-enable=1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aA3viAtptM4xqy7nkSL1s7lJu%2Fx3MPaNj0enBAu71pAhR6MCosTCN0iby%2FoDGOXu4gMB%2BuyFO1spduDaMxGH5ClL4xwBK6xS97umOznAq8k0kMeuB3oJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776937ff9852b4f1-OSL
alt-svc: h2=":443"; ma=60

sh.st/bundles/advertisement/img/tracking.gif?test=794fcdea489fa72240acb07a63af6b9af03ca5ef

104.26.6.218

200 OK

0 B

URL HTTP/1.1
sh.st/bundles/advertisement/img/tracking.gif?test=794fcdea489fa72240acb07a63af6b9af03ca5ef
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bundles/advertisement/img/tracking.gif?test=794fcdea489fa72240acb07a63af6b9af03ca5ef HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/vocDG
Cookie: hl=en; cookies-enable=1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SmaUQgtHUyCSlZK99LMU7fns5D0Cl20KzgLdSvPdRyxQ129i044GkWuNe8RQnR4asqJYIP4nvlFfgKuwEBHaNowmvQaKiCyucaRWJzKm%2Fz4iu9yK6UD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776937ff99e51c0a-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8026f826fad054e0f3b189302523744
005ce6bff7df8501f559178a5296b937b70993de
d8679f9a87c23deceb54267e12e89ad7344c104d37c06845ad50fd8e3504d5c1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8679F9A87C23DECEB54267E12E89AD7344C104D37C06845AD50FD8E3504D5C1"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14433
Expires: Fri, 09 Dec 2022 03:18:44 GMT
Date: Thu, 08 Dec 2022 23:18:11 GMT
Connection: keep-alive

sh.st/bundles/smeweb/img/advertisement-tracking-484492.gif?t=1670541490

104.26.6.218

200 OK

43 B

URL HTTP/1.1
sh.st/bundles/smeweb/img/advertisement-tracking-484492.gif?t=1670541490
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/advertisement-tracking-484492.gif?t=1670541490 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/vocDG
Cookie: hl=en; cookies-enable=1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRlbrig3SkYVE%2F9uJtygFxJu0ceGg7Eg%2FKGodaWNWTE0MdgkGSFasuMlWB90hDpSIQ15CrLrnaKiJaO6yWZk8vf9JGPv7ayivnJolAARihi2oc09EWXq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776937ff9bccb512-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

46 kB

URL HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size
46 kB (46524 bytes)
Hash
c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

HTTP Headers

GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sh.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 21:08:51 GMT
expires: Tue, 05 Dec 2023 21:08:51 GMT
cache-control: public, max-age=31536000
age: 266960
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js

192.243.59.12

200 OK

21 kB

URL HTTP/1.1
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (60211), with no line terminators
Size
21 kB (20740 bytes)
Hash
14390e706977bc0f6a4190086f7ea025
36eb3ed0cc2d0647252484a21efb022ba0bb90bc
4b25671712b0ebbeedccfe9507ca9f2e87959378d3bd1ff06c3e328e10f237ec

HTTP Headers

GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8a7a136ff9c907852fad27d5285afa7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

142.250.74.168

200 OK

38 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
38 kB (38032 bytes)
Hash
f756f8391b434381dfdc7eb0df044e01
1b816583dcda531f8bd0590ecf2c935868379893
e957a501ab2bba1774934aac6d2df25d328271511e8013f4362e30a3e519d999

HTTP Headers

GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 23:18:11 GMT
expires: Thu, 08 Dec 2022 23:18:11 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38032
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 23:07:55 GMT
age: 616
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670529600

104.26.6.218

200 OK

16 kB

URL HTTP/1.1
sh.st/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670529600
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (34206), with no line terminators
Size
16 kB (16293 bytes)
Hash
fd0c6601aa04dabcb1afdc47964a93cd
fc6ee3ace6b43255644dc8b090988d2e391f732d
b16cc8944d29216f73aeff5dae60814bb9b63de3b9abf9474fd8905a26e7036d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1670529600 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: hl=en; cookies-enable=1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfRIYdUCjpKpxlfuAxtr2onAeOKkqDECOdxpKuvaoOSfN%2BZOTWXguYWgfoi7lbyQXrGj4%2Bi2eV220YQNTgzDebu2jFC%2FTFOXpUzrDToMxG7QcSBt66GO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776938022b01b4f1-OSL
alt-svc: h2=":443"; ma=60

ja.rewashwudu.com/fmwhVStpL4dxap/46223

172.255.6.48

200 OK

26 B

URL HTTP/1.1
ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP
172.255.6.48:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 09-Dec-2022 23:18:11 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Fri, 09-Dec-2022 23:18:11 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

addresseepaper.com/sfp.js

34.160.73.230

200 OK

2.6 kB

URL HTTP/1.1
addresseepaper.com/sfp.js
IP
34.160.73.230:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Size
2.6 kB (2551 bytes)
Hash
41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3=

139.45.197.250

200 OK

733 B

URL HTTP/2
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (732)
Size
733 B (733 bytes)
Hash
f67150cc712a448bcf76d68850b93cb9
8ce4c176090f33a371e85073b3a942cac3c9423e
7c48711e2703467d7defd547d9c09a7b423191b7f862be0b04b2c6a6fd7add2f

HTTP Headers

GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=sh.st&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: db25aaba2b7d5f74d43e9f199108a1f9
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.88

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.88:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7c9c260994be6fdf4350a40bb4391067
869680337416c11c54a3ee10c9a6e601c5ec7e11
948585d009f8f8398946c69a91a0de04131aee950e89e535b4f10ab44a82885a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143248
Date: Thu, 08 Dec 2022 23:18:11 GMT
Etag: "6391e720-1d7"
Expires: Sat, 10 Dec 2022 15:05:39 GMT
Last-Modified: Thu, 08 Dec 2022 13:31:12 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FLIB99rGbUdfdqVuzoRQ6shxWpTIHGcBNtLgNf3s8UtU9kldZB2RcA==
Age: 5667

verdictdisingenuousfruitless.com/pixel/purst?dl=0&th=0&sc=0&rs=836&rd=836&fd=515&bv=22.10.v.9&tmpl=70

192.243.61.225

200 OK

0 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/pixel/purst?dl=0&th=0&sc=0&rs=836&rd=836&fd=515&bv=22.10.v.9&tmpl=70
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=836&rd=836&fd=515&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 351
Cache-Control: max-age=122072
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:11 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 09:12:43 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

simplewebanalysis.com/stats

18.185.190.54

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
18.185.190.54:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5bd75eee2c58a728dced60cfd78bb9b1
b981b5178c1b7ed827e8f387bada25ab17d6874a
5d4053979bc386a72f8874c7fc787bf47d32109559e8a873ca5a8cfe91c6c435

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
set-cookie: uid_id2=8452c005-259a-421c-8b2d-d92a2559c15a:1:1; expires=Sun, 05 Dec 2032 23:18:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3NTIzNiwid2lkIjo0MDM0ODYsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZvY0RH&inc=0

185.162.85.2

200 OK

0 B

URL HTTP/2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3NTIzNiwid2lkIjo0MDM0ODYsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZvY0RH&inc=0
IP
185.162.85.2:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE3NTIzNiwid2lkIjo0MDM0ODYsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL3NoLnN0L3ZvY0RH&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

verdictdisingenuousfruitless.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js

192.243.61.225

200 OK

13 kB

URL HTTP/1.1
verdictdisingenuousfruitless.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37168), with no line terminators
Size
13 kB (13413 bytes)
Hash
30d2805f5a42e089fb27b1218dccc059
d2266ad142dce49988aa975c477cf4a66a195f69
4616f05625f4e8c6a4d0e4600451a696ee53b3462e68ea16009cc139587794f4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c7e91ce92a83c4118b67b9b072ddf3d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 347
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 68825530d9df4f05a9058209362b867e
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27f907a256adb2c2f78f02a5f9b10c99
3411bd289f7e48859cde22993e8bd795ac9b19b2
907bff5886c7b9a138f540090f7e0010621667c24aa02c3fd075f083d0a3b683

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "907BFF5886C7B9A138F540090F7E0010621667C24AA02C3FD075F083D0A3B683"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12564
Expires: Fri, 09 Dec 2022 02:47:35 GMT
Date: Thu, 08 Dec 2022 23:18:11 GMT
Connection: keep-alive

my.rtmark.net/gid.js?pub=0&userId=bfc2c02310304b43ac1795cc86004f96&zoneId=4157053&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=bfc2c02310304b43ac1795cc86004f96&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
164a43c1e03c28cbee363464911fbe57
688c0bdd3f00ba72b11d5a48b5c08772ed37aa6c
cf1350b301ad166e2b39212dca40cca13c29611858ec323e878ea2497f017e75

HTTP Headers

GET /gid.js?pub=0&userId=bfc2c02310304b43ac1795cc86004f96&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://sh.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=bfc2c02310304b43ac1795cc86004f96; expires=Fri, 08 Dec 2023 23:18:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

192.243.61.225

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:11 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d7d58905fdd79f44906140d95c54516
Strict-Transport-Security: max-age=0; includeSubdomains

friendshipmale.com/sfp.js

172.64.163.31

200 OK

28 kB

URL HTTP/1.1
friendshipmale.com/sfp.js
IP
172.64.163.31:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27574 bytes)
Hash
b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 582f46e1062349abf7ece254b66e902d
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 08 Dec 2022 23:18:11 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8E%2BavzXGhxKz9XdEskfJ6oGcB30Xc3d7X152X0sivDFZd2I3GL5kFTQlKCuVxy2pv5GA1kahDIhbuRawGbbXQw0tjJXOCuJ%2FiFtQynKZtURDwGMzwbEAL07BEBkQtfe%2B11zFIgg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776938047fb8751d-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/1.1
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Thu, 08 Dec 2022 22:23:10 GMT
Expires: Fri, 09 Dec 2022 00:23:10 GMT
Cache-Control: public, max-age=7200
Age: 3302
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript

push.services.mozilla.com/

54.148.190.4

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.190.4:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lQYR8gCTc3yx2wSyoy0rIg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nwimS61kFhHNZLiMJ3ZtJZ3tuok=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ptauxofi.net/pfe/current/universal.min.js?v=3.1.409

139.45.197.250

200 OK

34 kB

URL HTTP/2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.409
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
34 kB (33929 bytes)
Hash
3c59724eed3c6430917098a6a5a33688
b5127a5aa521ade6d23137d10038a2e07816be82
959053ea3f8e00f44ddb7c77bc33feaeb5031cd971f2107a92f79eaa6590134a

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1670541490913&cv=11&fst=1670541490913&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=416571826.1670541491&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.211.2

200 OK

916 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1670541490913&cv=11&fst=1670541490913&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=416571826.1670541491&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.211.2:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2005), with no line terminators
Size
916 B (916 bytes)
Hash
25cf11d4babcb16372f2b0fd57221205
d16f8a6f74e8eb5f824805d9e286003545250edc
52c7ca63db48778677dc7c101945cce0f3e0dad7847dedd0c665da8b29df2da1

HTTP Headers

GET /pagead/viewthroughconversion/997869120/?random=1670541490913&cv=11&fst=1670541490913&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=416571826.1670541491&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:18:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 916
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 23:33:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ptauxofi.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

19 kB

URL HTTP/2
ptauxofi.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
19 kB (19380 bytes)
Hash
55048f7c9a631f27586fc0d387a8539e
d50f40631f17707e998c036feb071327c517ed9f
568cf30fc98b9fa901609416f55e3894e78847b9427ebda57aafd01195dd33ce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Origin: http://sh.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:12 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-df63"
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/997869120/?random=1670541490913&cv=11&fst=1670540400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=338226370&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/997869120/?random=1670541490913&cv=11&fst=1670540400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=338226370&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/997869120/?random=1670541490913&cv=11&fst=1670540400000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsh.st%2FvocDG&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=338226370&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:18:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0

104.26.4.107

200 OK

2.3 kB

URL HTTP/2
static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
IP
104.26.4.107:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2273 bytes)
Hash
f93cb7a2ad53b3b14e42412e79b7d485
cf8760da6eb643df6fbf21dff669b4151b3891c1
fa3410c1a4de9940b3af4c411f5b921d00b3d76f52c7e40c8612944242f8ccf7

HTTP Headers

GET /bundles/smeweb/img/favicon.ico?2022-06-29.0 HTTP/1.1
Host: static.shorte.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:12 GMT
content-type: image/x-icon
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: W/"62bc13d5-a07"
x-server-id: shn09
x-ua-compatible: IE=Edge
expires: Fri, 09 Dec 2022 10:52:12 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 44760
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvMmRVqT5sarZ5reAiEByxkNl8k46luwqPAEwR4uG8rQvZXoMOdT%2FVgQi7VEuvOA%2FXPwJyH86H%2BN8IviTj2PGTs9mq7fsOOkQl2LPazn94ktVkVhBvAYYcMFdEJnVqrOmQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77693805bd10b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:12 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0c4f6bd2c8ecee0a6153e5232c49e333
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sh.st/
Content-Type: application/json
Origin: http://sh.st
Content-Length: 580
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:12 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 79950cc33a93f0b1e7cb2302cb37dd63
access-control-allow-origin: http://sh.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 23:18:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js-agent.newrelic.com/nr-1216.min.js

151.101.194.137

200 OK

14 kB

URL HTTP/2
js-agent.newrelic.com/nr-1216.min.js
IP
151.101.194.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32022)
Size
14 kB (14391 bytes)
Hash
b7c09cc097b2847f9edc784adba62dcb
5aa648623cf5e3b4b215fe5d068a7904c59f2925
6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa

HTTP Headers

GET /nr-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Dec 2022 23:18:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1637-BMA
x-cache: HIT
x-cache-hits: 631
x-timer: S1670541492.323606,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6339052fb9ab35bdd41567be05f32994
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8452c005-259a-421c-8b2d-d92a2559c15a&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6ea2ce81eff0413efcdcda9eef8c826
Strict-Transport-Security: max-age=0; includeSubdomains

bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1868&ck=1&ref=http://sh.st/vocDG&ap=92&be=327&fe=1687&dc=977&perf=%7B%22timing%22:%7B%22of%22:1670541489787,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-6,%22c%22:-6,%22ce%22:-5,%22rq%22:67,%22rp%22:240,%22rpe%22:266,%22dl%22:301,%22di%22:968,%22ds%22:976,%22de%22:986,%22dc%22:1686,%22l%22:1686,%22le%22:1696%7D,%22navigation%22:%7B%7D%7D&fcp=653&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken

162.247.241.14

402 Payment Required

2 B

URL HTTP/1.1
bam.nr-data.net/1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1868&ck=1&ref=http://sh.st/vocDG&ap=92&be=327&fe=1687&dc=977&perf=%7B%22timing%22:%7B%22of%22:1670541489787,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-6,%22c%22:-6,%22ce%22:-5,%22rq%22:67,%22rp%22:240,%22rpe%22:266,%22dl%22:301,%22di%22:968,%22ds%22:976,%22de%22:986,%22dc%22:1686,%22l%22:1686,%22le%22:1696%7D,%22navigation%22:%7B%7D%7D&fcp=653&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken
IP
162.247.241.14:0
ASN
#23467 NEWRELIC-AS-1

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /1/28e0508023?a=9451001&v=1216.487a282&to=NFRQZUVRChECVxINXA0ec1JDWQsMTEcOC0EXVEFFGVEAFAZGEg1ABlxXX0MeFwoMRhIBQBduR0NbHg0MF1EUF0cKRVtQW28UAwRR&rst=1868&ck=1&ref=http://sh.st/vocDG&ap=92&be=327&fe=1687&dc=977&perf=%7B%22timing%22:%7B%22of%22:1670541489787,%22n%22:0,%22f%22:-8,%22dn%22:-8,%22dne%22:-6,%22c%22:-6,%22ce%22:-5,%22rq%22:67,%22rp%22:240,%22rpe%22:266,%22dl%22:301,%22di%22:968,%22ds%22:976,%22de%22:986,%22dc%22:1686,%22l%22:1686,%22le%22:1696%7D,%22navigation%22:%7B%7D%7D&fcp=653&at=GBNTEw1LGR8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 402 Payment Required
Date: Thu, 08 Dec 2022 23:18:12 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776938091f380af6-OSL

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4805
Expires: Fri, 09 Dec 2022 00:38:18 GMT
Date: Thu, 08 Dec 2022 23:18:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4805
Expires: Fri, 09 Dec 2022 00:38:18 GMT
Date: Thu, 08 Dec 2022 23:18:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4805
Expires: Fri, 09 Dec 2022 00:38:18 GMT
Date: Thu, 08 Dec 2022 23:18:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4805
Expires: Fri, 09 Dec 2022 00:38:18 GMT
Date: Thu, 08 Dec 2022 23:18:13 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 13:49:59 GMT
age: 34094
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 12:33:10 GMT
age: 38703
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:42:37 GMT
age: 70536
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

1.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
1.6 kB (1584 bytes)
Hash
4f6cfc43170be4dd0264f2b0b6bcc329
9ad22ea868f3b72832243fd11315c68117c7542b
f5cc67d46241c2f5aebc2515bf8828889f8ceda8112b78cdf925a260b82fd833

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 1584
x-amzn-requestid: 7743c8a6-118c-4c69-b833-a9e2f5561a54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5VEGV8IAMFcOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903c20-41fdf6d004b388f51fa70833;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:09:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whmRQYshKD6d2Pz3Z0ZCCFr_MEPR1rEek7nVZqf5XeiWpt1LIcjvBQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:34:55 GMT
age: 56598
etag: "9ad22ea868f3b72832243fd11315c68117c7542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11027 bytes)
Hash
8d1605154a552a8c3165c1358ea2e185
2e677da1f57c112d984180ead80481e8797ff2e8
12b075ad3e786dc68ab3fab1e4ce9d6f7810bdebc7bdafd993e19bc5bc7c0abc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11027
x-amzn-requestid: e0d56100-13aa-44e5-ae80-bedfeece87db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwV19EUOIAMFjcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900359-5a5402381d61db921a00404d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:07:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7ET6kgGgWAKa4_CFCgSwnN8m7FnplxP7zOp8lEyodxn5lmlIIHD4vQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 04:37:30 GMT
age: 67243
etag: "2e677da1f57c112d984180ead80481e8797ff2e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8803 bytes)
Hash
46275ec87d8221804dbb99f95b035131
c47af4e5770daad212f4290527b00321285105f8
2118ec68c738683d8f7e11b95239ca92fda2b9b5054aa7b128267eec0d0634c5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8803
x-amzn-requestid: e8516be3-5ce9-4f15-b522-c81c1e57a0e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtK9GavoAMFjpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af579-538cc8f300938698004f2241;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MiOdXHxd9Vmeji8Yqd8LG_EqYoMGf0YBy6by9bhfjb12y1OxKVvvqw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 12:36:28 GMT
age: 38505
etag: "c47af4e5770daad212f4290527b00321285105f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
381e31ff1da23abb91c67f66e74953fa
b48360134cbe5ec86eee6c3ae7720aee1ea3dc2d
52001e00ff051dd293d107dabffb6b7e680d5f1ff6ae866af7d71de03e888848

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52001E00FF051DD293D107DABFFB6B7E680D5F1FF6AE866AF7D71DE03E888848"
Last-Modified: Thu, 08 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9962
Expires: Fri, 09 Dec 2022 02:04:19 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

verdictdisingenuousfruitless.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8452c005-259a-421c-8b2d-d92a2559c15a%3A1%3A1

192.243.61.225

200 OK

3.8 kB

URL HTTP/1.1
verdictdisingenuousfruitless.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8452c005-259a-421c-8b2d-d92a2559c15a%3A1%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (5892), with no line terminators
Size
3.8 kB (3810 bytes)
Hash
4c601d55744b3d8a77ab32921360ab5f
7b1600ef129295fff8500c27903f654600e499e2
3494899136d06c6be18ee741551757656867f88f6f9461d058ffcc0aceb40bba

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8452c005-259a-421c-8b2d-d92a2559c15a%3A1%3A1 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://sh.st
Access-Control-Allow-Origin: http://sh.st
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Fri, 09 Dec 2022 23:18:17 GMT; secure; SameSite=None
uid_id2=8452c005-259a-421c-8b2d-d92a2559c15a:1:1; expires=Thu, 15 Dec 2022 23:18:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 23:18:17 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 23:18:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 09 Dec 2022 23:18:17 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 09 Dec 2022 23:18:17 GMT; secure; SameSite=None
slec0826667673c6afa9f85340ed4fc8ef57=[3842224]; expires=Thu, 08 Dec 2022 23:18:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9af1a39929d1c9926a092f69a4b22bc5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

verdictdisingenuousfruitless.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28cRRPtSRzp08cJxCUHxApxAAmve2Z39kciFBFCkIWxrSTI557unnXjnulR98zO2ieLSCgHDgsnxGn81o4ViFBygwNStOaCLCGxHMAH%2FEeAlBMHtOuVFkqaqap%2BdXjvVX16UJwTioKdbX5o9pTWbCWs09obWyoVpnS19Xs1n9bp9dqWSlvN67XB9Gf713wa1umbtfcl3zErAfUp9alfu62sjM1gZYZCZY%2B7fr1L682g7odNDOx%2Fe1d4cMyD6J%2BTl6DE5Mr2T0%2Bh%2BBhp8uSWdDu5yd56Lyk0y41FXxx%2FlO6kpkyRLMrYeojT4%2Fk0jJsQ8uUlmPR4rgCmfzhVgEhNiPebjyg9ntNE1D%2B6YBppyBSReAFlfwypx1BsDG7uQ4lfCMAF1jeQJg%2FXjS3Z7gXKpuiELD3%2FC6qckKU%2FXkaafHtTq0HtrtFFrkzqMIgrqMEYqjdGVpwg3%2FOgyhPw%2FBMo8TNZeb6GNDnccNpAibPXO80w4JSGy0HYZcvNwOfLnSgQy6IbsCAMu9wP2cwipcZQ8RhaDsGch2L6KQ9F7KHIPCTirMbCbkxpO47iRqPT5Jw3GpyHnZYIRaPZiSkKPtUwRJ4NwfUQ3O4js%2FvYUUPY4hncdgUnPLicoC8qlJKgdAQlIygVQZkTlP3qSGgXuOqh0K6I%2FHkO5rlRjUzeO2BHJu%2FJlBxk5%2BTFqXHe0lcUO%2FKsRjtBq9Vqt9oN3mIx68adsNGkUjRj3pFx2IZTFZS7NJO5pybk6ugZMjUhV777GxE7gdMn4Oo1sOIVsHLUDijY9qjZodhLH7ltY3NZdzmEqZDlS8h3vQN9Tq7OtnetegLJT2%2F8Gc8C3FbIbIWP1Y8EPf1gdMeU5PCOKR15upHlKlF7bLrZuznL5eWvP5C7pbFi9ZYbPnqHT4Fp%2BfiedPkaS4VKe458c1MJIe1tY7kkP6y6LRltFm77ZmHTIlvbfPf2apJZ6Zwy6RhseqX%2FextcTcj%2Fq99nV%2Fuq%2FAzKjmGLCklxSuYBZU7As324bMHfGQKrFzNR5qEsqpENosWjVgRaLnoWVXD%2F6qNFfeAeoGc9sPw%2B0qRC31bo6wpMD%2BGKy6M8s6c3fm3MApH2RpG23mGkrf78wlynzmoyjGksaSCjuBvFbUZFN252I9b1ZTsKmY%2FcTfgX2ff%2FAAAA%2F%2F8BAAD%2F%2F6zMHTWNBAAA

192.243.61.225

200 OK

7 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28cRRPtSRzp08cJxCUHxApxAAmve2Z39kciFBFCkIWxrSTI557unnXjnulR98zO2ieLSCgHDgsnxGn81o4ViFBygwNStOaCLCGxHMAH%2FEeAlBMHtOuVFkqaqap%2BdXjvVX16UJwTioKdbX5o9pTWbCWs09obWyoVpnS19Xs1n9bp9dqWSlvN67XB9Gf713wa1umbtfcl3zErAfUp9alfu62sjM1gZYZCZY%2B7fr1L682g7odNDOx%2Fe1d4cMyD6J%2BTl6DE5Mr2T0%2Bh%2BBhp8uSWdDu5yd56Lyk0y41FXxx%2FlO6kpkyRLMrYeojT4%2Fk0jJsQ8uUlmPR4rgCmfzhVgEhNiPebjyg9ntNE1D%2B6YBppyBSReAFlfwypx1BsDG7uQ4lfCMAF1jeQJg%2FXjS3Z7gXKpuiELD3%2FC6qckKU%2FXkaafHtTq0HtrtFFrkzqMIgrqMEYqjdGVpwg3%2FOgyhPw%2FBMo8TNZeb6GNDnccNpAibPXO80w4JSGy0HYZcvNwOfLnSgQy6IbsCAMu9wP2cwipcZQ8RhaDsGch2L6KQ9F7KHIPCTirMbCbkxpO47iRqPT5Jw3GpyHnZYIRaPZiSkKPtUwRJ4NwfUQ3O4js%2FvYUUPY4hncdgUnPLicoC8qlJKgdAQlIygVQZkTlP3qSGgXuOqh0K6I%2FHkO5rlRjUzeO2BHJu%2FJlBxk5%2BTFqXHe0lcUO%2FKsRjtBq9Vqt9oN3mIx68adsNGkUjRj3pFx2IZTFZS7NJO5pybk6ugZMjUhV777GxE7gdMn4Oo1sOIVsHLUDijY9qjZodhLH7ltY3NZdzmEqZDlS8h3vQN9Tq7OtnetegLJT2%2F8Gc8C3FbIbIWP1Y8EPf1gdMeU5PCOKR15upHlKlF7bLrZuznL5eWvP5C7pbFi9ZYbPnqHT4Fp%2BfiedPkaS4VKe458c1MJIe1tY7kkP6y6LRltFm77ZmHTIlvbfPf2apJZ6Zwy6RhseqX%2FextcTcj%2Fq99nV%2Fuq%2FAzKjmGLCklxSuYBZU7As324bMHfGQKrFzNR5qEsqpENosWjVgRaLnoWVXD%2F6qNFfeAeoGc9sPw%2B0qRC31bo6wpMD%2BGKy6M8s6c3fm3MApH2RpG23mGkrf78wlynzmoyjGksaSCjuBvFbUZFN252I9b1ZTsKmY%2FcTfgX2ff%2FAAAA%2F%2F8BAAD%2F%2F6zMHTWNBAAA
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28cRRPtSRzp08cJxCUHxApxAAmve2Z39kciFBFCkIWxrSTI557unnXjnulR98zO2ieLSCgHDgsnxGn81o4ViFBygwNStOaCLCGxHMAH%2FEeAlBMHtOuVFkqaqap%2BdXjvVX16UJwTioKdbX5o9pTWbCWs09obWyoVpnS19Xs1n9bp9dqWSlvN67XB9Gf713wa1umbtfcl3zErAfUp9alfu62sjM1gZYZCZY%2B7fr1L682g7odNDOx%2Fe1d4cMyD6J%2BTl6DE5Mr2T0%2Bh%2BBhp8uSWdDu5yd56Lyk0y41FXxx%2FlO6kpkyRLMrYeojT4%2Fk0jJsQ8uUlmPR4rgCmfzhVgEhNiPebjyg9ntNE1D%2B6YBppyBSReAFlfwypx1BsDG7uQ4lfCMAF1jeQJg%2FXjS3Z7gXKpuiELD3%2FC6qckKU%2FXkaafHtTq0HtrtFFrkzqMIgrqMEYqjdGVpwg3%2FOgyhPw%2FBMo8TNZeb6GNDnccNpAibPXO80w4JSGy0HYZcvNwOfLnSgQy6IbsCAMu9wP2cwipcZQ8RhaDsGch2L6KQ9F7KHIPCTirMbCbkxpO47iRqPT5Jw3GpyHnZYIRaPZiSkKPtUwRJ4NwfUQ3O4js%2FvYUUPY4hncdgUnPLicoC8qlJKgdAQlIygVQZkTlP3qSGgXuOqh0K6I%2FHkO5rlRjUzeO2BHJu%2FJlBxk5%2BTFqXHe0lcUO%2FKsRjtBq9Vqt9oN3mIx68adsNGkUjRj3pFx2IZTFZS7NJO5pybk6ugZMjUhV777GxE7gdMn4Oo1sOIVsHLUDijY9qjZodhLH7ltY3NZdzmEqZDlS8h3vQN9Tq7OtnetegLJT2%2F8Gc8C3FbIbIWP1Y8EPf1gdMeU5PCOKR15upHlKlF7bLrZuznL5eWvP5C7pbFi9ZYbPnqHT4Fp%2BfiedPkaS4VKe458c1MJIe1tY7kkP6y6LRltFm77ZmHTIlvbfPf2apJZ6Zwy6RhseqX%2FextcTcj%2Fq99nV%2Fuq%2FAzKjmGLCklxSuYBZU7As324bMHfGQKrFzNR5qEsqpENosWjVgRaLnoWVXD%2F6qNFfeAeoGc9sPw%2B0qRC31bo6wpMD%2BGKy6M8s6c3fm3MApH2RpG23mGkrf78wlynzmoyjGksaSCjuBvFbUZFN252I9b1ZTsKmY%2FcTfgX2ff%2FAAAA%2F%2F8BAAD%2F%2F6zMHTWNBAAA HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=8452c005-259a-421c-8b2d-d92a2559c15a:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8bb6afa90e04c9756b2fc9516bba0edf
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96ffc94704e14c0a43103e77a67ea03c
16ac34abeb5c091f06142488f557b2aea78f146f
8ebd242e747c1d7010394568b6bc785cab76888767ebf9dea4e86e1951999efc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EBD242E747C1D7010394568B6BC785CAB76888767EBF9DEA4E86E1951999EFC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9289
Expires: Fri, 09 Dec 2022 01:53:06 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
8ac6bb5ec410082735de861edb520b25
b06f6ea6673e2960489debb6bae693de841407ec
fbd9c5239531d5ffbc1cc788a87f98b91e7b05b4dacaffebce2ca7370215afe3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FBD9C5239531D5FFBC1CC788A87F98B91E7B05B4DACAFFEBCE2CA7370215AFE3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9419
Expires: Fri, 09 Dec 2022 01:55:16 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
8ac6bb5ec410082735de861edb520b25
b06f6ea6673e2960489debb6bae693de841407ec
fbd9c5239531d5ffbc1cc788a87f98b91e7b05b4dacaffebce2ca7370215afe3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FBD9C5239531D5FFBC1CC788A87F98B91E7B05B4DACAFFEBCE2CA7370215AFE3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9419
Expires: Fri, 09 Dec 2022 01:55:16 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=202

192.243.61.225

200 OK

0 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=202
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=202 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

660 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
660 B (660 bytes)
Hash
55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 08 Dec 2022 23:18:17 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/img/close.png

172.64.109.13

200 OK

6.0 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/img/close.png
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:17 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 28 Apr 2022 08:29:14 GMT
etag: "626a505a-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2021240
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Cm%2BetAYnxbfjoxdDUn9ToK27Qj3bj%2BCVXt0pwBaTPGz6MGHYb1wiTC40H6GVCwWhGzq7s19mDQQUVWJEEQB4LWmsiacBDXtOEXLuTKDzfYTprZzlnI60mqidne4%2FUGlFG9AG9o0BWGk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776938296bba8867-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
63a533e7b5caf59058266a837420c342
4eca831fb15dccf4eb608e983fe8b89250fc0313
d8904e4cc9a407e7c154cbbf6afe3985a55adcb878dacfb80a0e3cd92ea9703e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8904E4CC9A407E7C154CBBF6AFE3985A55ADCB878DACFB80A0E3CD92EA9703E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6048
Expires: Fri, 09 Dec 2022 00:59:05 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
63a533e7b5caf59058266a837420c342
4eca831fb15dccf4eb608e983fe8b89250fc0313
d8904e4cc9a407e7c154cbbf6afe3985a55adcb878dacfb80a0e3cd92ea9703e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8904E4CC9A407E7C154CBBF6AFE3985A55ADCB878DACFB80A0E3CD92EA9703E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6048
Expires: Fri, 09 Dec 2022 00:59:05 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
8ac6bb5ec410082735de861edb520b25
b06f6ea6673e2960489debb6bae693de841407ec
fbd9c5239531d5ffbc1cc788a87f98b91e7b05b4dacaffebce2ca7370215afe3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FBD9C5239531D5FFBC1CC788A87F98B91E7B05B4DACAFFEBCE2CA7370215AFE3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9419
Expires: Fri, 09 Dec 2022 01:55:16 GMT
Date: Thu, 08 Dec 2022 23:18:17 GMT
Connection: keep-alive

cdn.cloudimagesb.com/si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png

45.133.44.10

200 OK

79 kB

URL HTTP/2
cdn.cloudimagesb.com/si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
79 kB (78590 bytes)
Hash
906656d46a04025c62332a469592b141
d49734500d4944e6a094f8dd4c867d1a65e05aa6
6a99946eef7f4578626ba03218d1a3a37abb6824e21bd3a263e36c5814540e40

HTTP Headers

GET /si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:17 GMT
content-type: image/png
content-length: 78590
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:49:34 GMT
etag: "63908bde-132fe"
expires: Sat, 10 Dec 2022 23:18:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png

45.133.44.10

200 OK

68 kB

URL HTTP/2
cdn.cloudimagesb.com/si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
68 kB (67928 bytes)
Hash
cee9d197f40adc6e2a7302cc42f740f2
824b0a24ac21233a3d7343b204136a3137f60fa2
bd058c2e010ebc52cda3116b5363f61c063485ad1ae3045ffb2ead63172d8f16

HTTP Headers

GET /si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:17 GMT
content-type: image/png
content-length: 67928
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:48:44 GMT
etag: "63908bac-10958"
expires: Sat, 10 Dec 2022 23:18:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=355

192.243.61.225

200 OK

0 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=355
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=355 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css

172.64.109.13

200 OK

1.6 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.6 kB (1597 bytes)
Hash
1383ff77a305cbbde6dd2f35a747ef33
f3b341dcdbf56dd56e19348bf352370265bbfd30
ee44277ebc4dc007956e8d709ad10b2d9f897a6a88b58c0d0f23c405bae73d6a

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:18 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWSB5avzMP%2BrmHVD2X1pHmbfHp863Fl4xp8fRJB95mFkL04x1XqaXmlrSis%2FoqRAMkmqkwATpb8uJtOq2korzxCzoyKIMaBIq5f3woKPeZmERfQ6MJCfY1H4lG%2BTnTl8LOrhgAO3KRwH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776938294b9b8867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sh.st
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:13:27 GMT
Expires: Thu, 07 Dec 2023 21:13:27 GMT
Cache-Control: public, max-age=31536000
Age: 93891
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/1.1
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sh.st
Connection: keep-alive
Referer: http://fonts.googleapis.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 07 Dec 2022 21:12:42 GMT
Expires: Thu, 07 Dec 2023 21:12:42 GMT
Cache-Control: public, max-age=31536000
Age: 93936
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2

verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=273

192.243.61.225

200 OK

0 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=273
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=273 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

verdictdisingenuousfruitless.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuTjbw4%2BdJ8ZKDOIgHBXe2uqd7pidBgjFGgjFZksieq6uqZ8ut6Wqquqdn97QYkBw8jJ7EU%2B83u1miQZKbHoQw60UWBMeD7sH9IxRy8iAzOzD6oPu9V987fN%2F33qd75SmhKNnJ%2BodmR2nN1qImbbyxoTJhKte4da%2Fh0ya93NhQWTu83BjOfnZwyadRk77ZeF%2FyLbMWUJ9Sn%2FqN68rK1AzX5ihU%2FrjrN7u0GQZNPwoxtP%2FtXenBMQ9icEpeghLTC5s%2FPYXiE2T9J9ek2ypM%2FtZ7%2FVKzwlgMxOFH2VZmqgz9ZZlaD2l2uJiGcVNCvjwHkx0uFMAM9mcKkKgp8X7zkWSHC5pIBgdnTBMNmSERL6AaTCD1BIpNwM19KPELAbjArdvI%2Bg9vGVux7TOUzdApWXn%2BF1Q1JSt%2FvIys%2F%2B1VrYaNu0aXhTKZwzCtoYYTqN4EeXmEYseDqo7Ai0%2BgxM9k7flNZP39204bKHHyehxGAac0Wg2iLlsNA5%2BvxkkgVkU3YEEUdbkfsblFSk2g0gm0HIE5D%2BXsUx7K1EOZe%2BiLkwaLuimlnTRJW6045Jy3WpxHcVtEohXGKUXJZxpGKPIRuB6B213kdhdbagRbPoPbrOGEB1cQDESNShJUjqBiBJUiqAqCalAfCO0CVz8U2pWJv8jBIrfqsSl6e%2BzAFD2Zkb38lLw4M85b%2BYpiS540aBy02%2B1Ou9PibZaybhpHrZBKEaY8lmnUgVM1lDs3l7mjpuTi%2BBlyNSUXvvsbCTuC00fg6jWw8hWwatwJKNjmOIwpdrJHbtPYQjZdAWFq5MUKim1vT5%2BSi%2FPtXaqfQPLjK3%2Bm8wC3NXJb42P1I0FPPxjfMRXZv2MqR57ezgvVVztsttm7BSvk%2Ba8%2FkNuVseLGNTd69A6fAbPy8T3pipssEyrrOfLNVSWEtNeN5ZL8cMNtyGS9dJtXS5uV%2Bc31d6%2Ff6OdWOqdMNgGbXen%2F3gZXU%2FL%2F%2Bvf51b4qP4OyE9iyRr88JouAMkfg%2BS5cvuTvDIHVy5kk91CV9dgGyfJRKwItlz1Larh%2F9cmy3nMP0LMeWHEfWb%2FGwNYY6BpMj%2BDK8%2BMit8dXfm3NA4n2xom23n6irf78zFynThqRH8o4iTtciERy4XeCVtyiNBAi7HSl30XhpvyL%2FPt%2FAAAA%2F%2F8BAAD%2F%2F7jEk9ONBAAA

192.243.61.225

200 OK

7 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuTjbw4%2BdJ8ZKDOIgHBXe2uqd7pidBgjFGgjFZksieq6uqZ8ut6Wqquqdn97QYkBw8jJ7EU%2B83u1miQZKbHoQw60UWBMeD7sH9IxRy8iAzOzD6oPu9V987fN%2F33qd75SmhKNnJ%2BodmR2nN1qImbbyxoTJhKte4da%2Fh0ya93NhQWTu83BjOfnZwyadRk77ZeF%2FyLbMWUJ9Sn%2FqN68rK1AzX5ihU%2FrjrN7u0GQZNPwoxtP%2FtXenBMQ9icEpeghLTC5s%2FPYXiE2T9J9ek2ypM%2FtZ7%2FVKzwlgMxOFH2VZmqgz9ZZlaD2l2uJiGcVNCvjwHkx0uFMAM9mcKkKgp8X7zkWSHC5pIBgdnTBMNmSERL6AaTCD1BIpNwM19KPELAbjArdvI%2Bg9vGVux7TOUzdApWXn%2BF1Q1JSt%2FvIys%2F%2B1VrYaNu0aXhTKZwzCtoYYTqN4EeXmEYseDqo7Ai0%2BgxM9k7flNZP39204bKHHyehxGAac0Wg2iLlsNA5%2BvxkkgVkU3YEEUdbkfsblFSk2g0gm0HIE5D%2BXsUx7K1EOZe%2BiLkwaLuimlnTRJW6045Jy3WpxHcVtEohXGKUXJZxpGKPIRuB6B213kdhdbagRbPoPbrOGEB1cQDESNShJUjqBiBJUiqAqCalAfCO0CVz8U2pWJv8jBIrfqsSl6e%2BzAFD2Zkb38lLw4M85b%2BYpiS540aBy02%2B1Ou9PibZaybhpHrZBKEaY8lmnUgVM1lDs3l7mjpuTi%2BBlyNSUXvvsbCTuC00fg6jWw8hWwatwJKNjmOIwpdrJHbtPYQjZdAWFq5MUKim1vT5%2BSi%2FPtXaqfQPLjK3%2Bm8wC3NXJb42P1I0FPPxjfMRXZv2MqR57ezgvVVztsttm7BSvk%2Ba8%2FkNuVseLGNTd69A6fAbPy8T3pipssEyrrOfLNVSWEtNeN5ZL8cMNtyGS9dJtXS5uV%2Bc31d6%2Ff6OdWOqdMNgGbXen%2F3gZXU%2FL%2F%2Bvf51b4qP4OyE9iyRr88JouAMkfg%2BS5cvuTvDIHVy5kk91CV9dgGyfJRKwItlz1Larh%2F9cmy3nMP0LMeWHEfWb%2FGwNYY6BpMj%2BDK8%2BMit8dXfm3NA4n2xom23n6irf78zFynThqRH8o4iTtciERy4XeCVtyiNBAi7HSl30XhpvyL%2FPt%2FAAAA%2F%2F8BAAD%2F%2F7jEk9ONBAAA
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSwYscxReuTjbw4%2BdJ8ZKDOIgHBXe2uqd7pidBgjFGgjFZksieq6uqZ8ut6Wqquqdn97QYkBw8jJ7EU%2B83u1miQZKbHoQw60UWBMeD7sH9IxRy8iAzOzD6oPu9V987fN%2F33qd75SmhKNnJ%2BodmR2nN1qImbbyxoTJhKte4da%2Fh0ya93NhQWTu83BjOfnZwyadRk77ZeF%2FyLbMWUJ9Sn%2FqN68rK1AzX5ihU%2FrjrN7u0GQZNPwoxtP%2FtXenBMQ9icEpeghLTC5s%2FPYXiE2T9J9ek2ypM%2FtZ7%2FVKzwlgMxOFH2VZmqgz9ZZlaD2l2uJiGcVNCvjwHkx0uFMAM9mcKkKgp8X7zkWSHC5pIBgdnTBMNmSERL6AaTCD1BIpNwM19KPELAbjArdvI%2Bg9vGVux7TOUzdApWXn%2BF1Q1JSt%2FvIys%2F%2B1VrYaNu0aXhTKZwzCtoYYTqN4EeXmEYseDqo7Ai0%2BgxM9k7flNZP39204bKHHyehxGAac0Wg2iLlsNA5%2BvxkkgVkU3YEEUdbkfsblFSk2g0gm0HIE5D%2BXsUx7K1EOZe%2BiLkwaLuimlnTRJW6045Jy3WpxHcVtEohXGKUXJZxpGKPIRuB6B213kdhdbagRbPoPbrOGEB1cQDESNShJUjqBiBJUiqAqCalAfCO0CVz8U2pWJv8jBIrfqsSl6e%2BzAFD2Zkb38lLw4M85b%2BYpiS540aBy02%2B1Ou9PibZaybhpHrZBKEaY8lmnUgVM1lDs3l7mjpuTi%2BBlyNSUXvvsbCTuC00fg6jWw8hWwatwJKNjmOIwpdrJHbtPYQjZdAWFq5MUKim1vT5%2BSi%2FPtXaqfQPLjK3%2Bm8wC3NXJb42P1I0FPPxjfMRXZv2MqR57ezgvVVztsttm7BSvk%2Ba8%2FkNuVseLGNTd69A6fAbPy8T3pipssEyrrOfLNVSWEtNeN5ZL8cMNtyGS9dJtXS5uV%2Bc31d6%2Ff6OdWOqdMNgGbXen%2F3gZXU%2FL%2F%2Bvf51b4qP4OyE9iyRr88JouAMkfg%2BS5cvuTvDIHVy5kk91CV9dgGyfJRKwItlz1Larh%2F9cmy3nMP0LMeWHEfWb%2FGwNYY6BpMj%2BDK8%2BMit8dXfm3NA4n2xom23n6irf78zFynThqRH8o4iTtciERy4XeCVtyiNBAi7HSl30XhpvyL%2FPt%2FAAAA%2F%2F8BAAD%2F%2F7jEk9ONBAAA HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=8452c005-259a-421c-8b2d-d92a2559c15a:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2a18c7128cd2d354f0c2b8d24ed92ac
Strict-Transport-Security: max-age=0; includeSubdomains

sh.st/shortest-url/end-adsession?adSessionId=794fcdea489fa72240acb07a63af6b9af03ca5ef&adbd=0&callback=reqwest_1670541490385

104.26.6.218

200 OK

112 B

URL HTTP/1.1
sh.st/shortest-url/end-adsession?adSessionId=794fcdea489fa72240acb07a63af6b9af03ca5ef&adbd=0&callback=reqwest_1670541490385
IP
104.26.6.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
112 B (112 bytes)
Hash
14ba7833490b9bd08cc2c01696db6295
52b86c6cbf73e8d4be5801000b775861f4107ca9
7b6b332ce9ead7a9090078b9ecad6b525e266b89b8eeb2a8b9ad91d982d3a119

HTTP Headers

GET /shortest-url/end-adsession?adSessionId=794fcdea489fa72240acb07a63af6b9af03ca5ef&adbd=0&callback=reqwest_1670541490385 HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/vocDG
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.416571826.1670541491; dom3ic8zudi28v8lr6fgphwffqoz0j6c=8452c005-259a-421c-8b2d-d92a2559c15a%3A1%3A1; ppu_main_34c6b37755370ea4318f4ff4946df449=1; _ga=GA1.2.774641212.1670541491; _gid=GA1.2.1567051759.1670541491; _gat=1; sb_main_0826667673c6afa9f85340ed4fc8ef57=1; sb_count_0826667673c6afa9f85340ed4fc8ef57=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=verdictdisingenuousfruitless.com

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 23:18:18 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=hpf5qs1hg2d9h8s2s2dg0tfpc1; expires=Fri, 09-Dec-2022 00:18:18 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fsh.st%2FvocDG; expires=Fri, 09-Dec-2022 23:18:18 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTDsc%2FaXbCj23lmO6qRDjHM0B3niP0QMkZ4SC9F2qCcvmB1HRNDT6RYHajDOP400v%2FfL2%2Blrz5Nu0YIUfG2%2Fu4olY%2FOF%2BJuVdT7uqIFbazpof6ePEFKj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7769382c2f55b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.google-analytics.com/collect?v=1&_v=j98&a=2146389384&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2FvocDG&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=774641212.1670541491&uid=484492&tid=UA-42296749-1&_gid=1567051759.1670541491&cd2=2022-06-29.0&cd7=484492&cd5=0&z=2080529471

142.250.74.110

200 OK

35 B

URL HTTP/1.1
www.google-analytics.com/collect?v=1&_v=j98&a=2146389384&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2FvocDG&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=774641212.1670541491&uid=484492&tid=UA-42296749-1&_gid=1567051759.1670541491&cd2=2022-06-29.0&cd7=484492&cd5=0&z=2080529471
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j98&a=2146389384&t=event&_s=2&dl=http%3A%2F%2Fsh.st%2FvocDG&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=774641212.1670541491&uid=484492&tid=UA-42296749-1&_gid=1567051759.1670541491&cd2=2022-06-29.0&cd7=484492&cd5=0&z=2080529471 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sh.st/

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 08 Dec 2022 17:31:25 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 20813
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif

verdictdisingenuousfruitless.com/pixel/sbs?c=1

192.243.61.225

200 OK

0 B

URL HTTP/1.1
verdictdisingenuousfruitless.com/pixel/sbs?c=1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: verdictdisingenuousfruitless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Cookie: u_pl=17078832; uid_id2=8452c005-259a-421c-8b2d-d92a2559c15a:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 23:18:18 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html

45.133.44.3

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
IP
45.133.44.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:17 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-616"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 09 Dec 2022 00:18:17 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:17 GMT
content-type: application/javascript
last-modified: Thu, 28 Apr 2022 08:29:17 GMT
etag: W/"626a505d-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2021240
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXIVbKSqFvXjBKkpzP29f6Rtp9%2Bb1F8QsR9pfMJ5%2B%2BttgiW6C0VbrVfTgHLKEBSSZB%2FIYsapZbWhh1kVimd9hHqrvxcFwabs%2BNhHlC8eA2BdAZsjmSn6A9xWngMlj7eUjgWvJQ3uyi3z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776938296bbc8867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sh.st
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 23:18:18 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2tc1o5RaAAT6yjheGQGoKQ2oYWD4VMpO5WclMnGZsaEdi9vzlMK8%2BCXfQvuNgdBzK4cVtbBKONXA4RurLBZxGZ8m0dTiSZQ5LEhzAzmDFnSJauqG5ChZpzH7k2fZOsNA1%2BpPdOJ03NB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776938294ba28867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Raleway:400,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Raleway:400,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 23:18:11 GMT
date: Thu, 08 Dec 2022 23:18:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/tag.min.js?z=4157053

139.45.197.250

200 OK

0 B

URL HTTP/2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sh.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 23:18:11 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations